-
2008 Scripting games
Via the terminal23 blog: the Microsoft 2008 Winter Scripting Games. Also with Perl for extra fun 🙂
-
Sunbelt is using Symantec in-house
This is quite old (it has been sitting in my to-do list for a while) but still fun: What can screenshots reveal about your company? This blog posting from the Sunbelt blog from Friday, November 16, 2007 entitled Some new twists in the Storm worm contains the screenshot which can be seen below with the…
-
VNC – (almost) zero security
I mentioned it previously, but just wanted to be sure that everyone has seen this: the "standard" VNC protocol does not offer any encryption of the data (ie. using a packet capture you can reconstruct the screen content and the action of the user). There are unofficial extensions, but they are not widely supported During…
-
Tangled Web
The World Wide Web has become the main target for much of the computer usage these days. This has several consequences, one of which is that more economic value is placed in it, attracting more attacks. XSS, CSRF, RIF and so on. These are all terms which are used daily by the security research community.…
-
Faster MD5 collisions
MD5 is looking less and less reliable as the day pass. It seems that now researchers have been able to create an attack that can append a couple thousand bytes to two arbitrarily chosen files which would result in those files having the same MD5 hash, and compute these byte sequences with consumer grade hardware…
-
Bash shortcuts
Or: never do history | grep again! The command line interface of the *nix systems is amazing and Windows doesn’t have anything that comes even close to it (although I still have to experiment with PowerShell – I like very much the base idea that instead of text lines you get objects with well defined…
-
Google spam – aka I’m back
My workload has lightened a little and hopefully I can continue to blog more frequently. But enough of this, let’s get to our main subject: Recently I’ve been seeing a growing number of spam which links to Google instead of the spam site. The idea is (probably) to avoid filters which check the link targets…
-
Spreading the love
I’ve heard that one of the goals for the Wikiscanner author is to get first place on Google for the term Virgil. So here is my contribution to it: Virgil. Thank you.
-
NoScript trick
In a previous post I discussed how to combine NoScript with co.mments.com As I later discovered the main problem was that the bookmarklet worked by inserting a script tag in the document, which, if scripting was disabled for the given page, could not be evaluated. I worked around this problem by using the temporary enable…
-
Security product testing
Just a quick rant about the comparison of different security products (in the largest sense of the word): Many times we see things said like product X stops 100% of all (known) malware. First there is of course the problem that some people omit the known part which makes them by default ripe for lawsuits.…