-
Hack the Gibson #91
Read the reason for these posts. Read Steve Gibson’s response. This was an interview episode, so there is not much I can comment on. SpinRite appears again to save the day, again without the notification that backups are important and that a hard-drive which had a physical failure is very probable to fail completely in…
-
As one podcast goes away an other one starts
I’m Cd-MaN and I’m a podcast addict 🙂 I listen to many podcasts, most of them related to technology, but the Linux podcasts have always had a special part on my mp3 player, because I’m a beginner with Linux and I want to learn as much as possible about it. So here are the Linux…
-
Hack the Gibson #90
Read the reason for these posts. Read Steve Gibson’s response. Towards the start of the show Leo mentions that SSL certificates used by the sites to authenticate themselves to the users are single-factor. And this is true, however one has to add that there is nothing wrong with single-factor authentication as long as good security…
-
Hack the Gibson #89
Read the reason for these posts. Read Steve Gibson’s response. Related to the SpinRite story (which are present in every episode): again, I don’t know WTF (pardon my language) people are doing with their computers, but in my 15 years of computer usage I never (knock on wood) had a hard-drive fail on me or…
-
Vulnerabilities and hype
Take some vulnerabilities, don’t investigate the conditions which are needed to exploit them, and you got a good old fashioned security hype. The gist of it: there are some flaws in the ActiveX controls VMWare installs. The possible attack scenario for these vulnerabilities looks like this: The user has VMWare (or VMWare Disk Mounter for…
-
Mixed links and commentary
Via rootkit.com: a tool to load arbitrary unsigned drivers under Vista without playing with the boot parameters. Very nice. I didn’t play with it, but I assume that it does this by loading its (signed) driver, then using that to perform the load from kernel mode. The question remains: can’t Microsoft revoke their certificate, so…
-
The Cisco challenge
Today being (very probably – there is an oxymoron for you) the last day I play the Cisco Networking Academy challenge (but the first day you might play it), I thought it may be useful to share some thoughts (cough-cough brag) about it. The challenge is very simple: you can answer fifty questions each day…
-
Two channel authentication – part two
I’ve had some excellent replies to my last post (including the CTO of PhoneFactor – probably via Google Alerts or something similar 😉 – I don’t delude myself into thinking that he reads my blog :)), so I thought I expand a little on the subject: As it was pointed out in the comments, this…
-
MySQL triggers and stored procedures
So MySQL is trying to be a big boy and have advanced features like triggers and stored procedures (not just UDF’s). However their syntax seems a little complicated compared to the PostgreSQL one. So here it goes: DROP TRIGGER IF EXISTS mytrigger; DELIMITER | CREATE TRIGGER mytrigger BEFORE INSERT ON test1 FOR EACH ROW BEGIN…
-
Updating PHP in XAMPP for Windows
Inspired by the YAIG blog, here is my how to do it post: XAMPP is a great suite to quickly get up and running with Apache, PHP, Perl and MySQL. Warning! It is not aimed to be used in a production environment! Its settings are geared towards ease of use rather then security! However I…