-
Mixed links
From HolisticInfoSec.org: Online finance flaw: At least AIG got this one right – a good example (finally!) on how to handle vulnerability reports. Via the Security4All blog: The Untold Story of the World’s Biggest Diamond Heist – very cool and a good reminder that you must consider the resources an attacker is willing to invest…
-
MMassively Parallel Computing 🙂
I am a fan of BOINC, which uses distributed computing to solve massive problems (some very serious, like finding a cure to certain types of cancer, others more abstract, like finding prime numbers). The problem however is ease of use and distribution. You have to (a) know that this software exists and (b) know how…
-
BadwareBuster.org goes live
Via StopBadware.org: BadwareBuster.org removes the beta label and goes live. It is a forum that tries to help people who are struggling with a malware problem, either on their home computer or on their website. What I liked: Full RSS feed to the site (so that it can be mined for malicious URL’s for research…
-
Secure erase
Fun (curious) fact: all recent (newer than 2006) have ATA commands in them specifically for wiping the data off of them. There are at least two advantages to this method: It wipes all sectors (including sectors marked as bad by the internal tables) It is faster You can get the program which initiates such a…
-
Mixed links
Installing DokuWiki on a SourceForge account – it seems that SF has some more complex security policies (which is good), but it takes a little command-line kung-fu to install DW (because it needs write access to some directories). Guaranteeing deletion – an interesting thought-experiment on how to guarantee the fact that a hostile system executes…
-
Weather Brains
Weather Brains is an excellent podcast if you are even remotely interested in weather. Released weekly, it is a hour or so of fun and information. There are multiple hosts (always a plus, it is very hard for a single host to keep an interesting tone) and a professional voice quality (which is not a…
-
WPA2 is still hard
Some time ago I found out that you have to install some not-so-well-documented updates (which are not delivered automatically by Windows Update) to use WPA2 to encrypt the traffic of your wireless network (and it is advised to use WPA2, since all the prior standards have known weaknesses). However I was unpleasantly surprised that support…
-
Walking with objects
Some time ago I’ve read David Wheeler’s blogpost about using the OBJECT tag to embed HTML in your HTML :-). One of the things which peaked my interest was the question: what are the security implications of using this method? Specifically I was interested if the same cross-domain / same-policy rules applied to interaction between…
-
Pi day and other ramblings
The USA congress decided that March the 14th is national Pi day (from chuckchat.com). While I’m not a USA citizen and live nowhere near it, I still thought that the idea is cute. Math can be fun (even though the education systems gives the opposite impression frequently). A fun fact which I was amazed by…
-
A few words about hackersblog
If you read security news, you most probably have already heard about hackersblog.org. It is blog created by a couple of my compatriots who feel that just talking about vulnerabilities in web websites is not enough and they must attract attention by actively exploiting the flaws and the posting their “trophies” Zone-H style. As you…