-
Hack the Gibson #168
Read the reason for these posts. Read Steve Gibson’s response. Steve Gibson gets the description of the attack wrong (backwards): It’s possible to have something hiding below the surface, literally on, like, a layered page, where the user clicks on what they see, but what they’re actually clicking on is content on the page behind.…
-
How permissive is the Windows autorun.inf parsing?
While reading the F-Secure blogpost titled When is AUTORUN.INF really an AUTORUN.INF?, I was reminded of this masking technique – putting extra data between the relevant lines. But how tolerant is the autorun.inf parser (which I suppose in fact is the INI file parser) really? The example showed by F-Secure is quite mild, in the…
-
Yet an other alternative for “Reverse IP”
Nitpicker’s corner: so the title it not 100% correct, since I’m focusing more on the question “what websites are hosted on this server” rather than “what DNS names is this server known under”. Here are some possible ways to answer this question: Do an actual reverse DNS lookup. The problem is that there isn’t actually…
-
Mixed links
From the Notes & Thoughts blog: a new AV blog – the Avira blog. An other reason for linking to them is that it is impossible to find it from Google 🙂 (probably because they used “techblog” instead of “blog”). Keryx Tutorial: Bringing Updates Home – Keryx is a cross-platform tool to download Ubuntu packages…
-
Physical condition
I mentioned some time ago that I’ve started the one hundred pushups program. A small progress report (hopefully this can inspire others to start doing a little more exercise): In ~7 weeks (not counting the holidays) I went from 5 pushups to almost 60! This is not exactly the 100 which I should have done…