-
Hack the Gibson #89
Read the reason for these posts. Read Steve Gibson’s response. Related to the SpinRite story (which are present in every episode): again, I don’t know WTF (pardon my language) people are doing with their computers, but in my 15 years of computer usage I never (knock on wood) had a hard-drive fail on me or…
-
Vulnerabilities and hype
Take some vulnerabilities, don’t investigate the conditions which are needed to exploit them, and you got a good old fashioned security hype. The gist of it: there are some flaws in the ActiveX controls VMWare installs. The possible attack scenario for these vulnerabilities looks like this: The user has VMWare (or VMWare Disk Mounter for…
-
Mixed links and commentary
Via rootkit.com: a tool to load arbitrary unsigned drivers under Vista without playing with the boot parameters. Very nice. I didn’t play with it, but I assume that it does this by loading its (signed) driver, then using that to perform the load from kernel mode. The question remains: can’t Microsoft revoke their certificate, so…
-
The Cisco challenge
Today being (very probably – there is an oxymoron for you) the last day I play the Cisco Networking Academy challenge (but the first day you might play it), I thought it may be useful to share some thoughts (cough-cough brag) about it. The challenge is very simple: you can answer fifty questions each day…
-
Two channel authentication – part two
I’ve had some excellent replies to my last post (including the CTO of PhoneFactor – probably via Google Alerts or something similar 😉 – I don’t delude myself into thinking that he reads my blog :)), so I thought I expand a little on the subject: As it was pointed out in the comments, this…
-
MySQL triggers and stored procedures
So MySQL is trying to be a big boy and have advanced features like triggers and stored procedures (not just UDF’s). However their syntax seems a little complicated compared to the PostgreSQL one. So here it goes: DROP TRIGGER IF EXISTS mytrigger; DELIMITER | CREATE TRIGGER mytrigger BEFORE INSERT ON test1 FOR EACH ROW BEGIN…
-
Updating PHP in XAMPP for Windows
Inspired by the YAIG blog, here is my how to do it post: XAMPP is a great suite to quickly get up and running with Apache, PHP, Perl and MySQL. Warning! It is not aimed to be used in a production environment! Its settings are geared towards ease of use rather then security! However I…
-
Recovering deleted files the DIY way
I can’t really remember if I’ve written about this or not (old age I suppose :-p), so here it goes: There are certainly easier (and better) ways to do it, here is the DIY way for those who enjoy some hands-on fun: Save the contents of the entire partition (or disk) in a separate file.…
-
Mixed links
After DefCon we might have a new debugger based on Olly and with Python scripting support. A nice little (free) tool to view / edit PE files, with plugin support: CFF explorer Update: it seems that the debugger (btw, de-bugger, what an interesting word) will be made public on August the 3rd.
-
Two channel authentication
I’m no Bruce Schneier, so I welcome the comments of any more informed and/or more intelligent readers (which shouldn’t be too hard ;-)). Two factor authentication is the buzz these days, it’s the silver bullet of the security industry. To provide a short explanation (which will almost certainly leave out essential facts and get others…