-
Hack the Gibson #90
Read the reason for these posts. Read Steve Gibson’s response. Towards the start of the show Leo mentions that SSL certificates used by the sites to authenticate themselves to the users are single-factor. And this is true, however one has to add that there is nothing wrong with single-factor authentication as long as good security…
-
Hack the Gibson #89
Read the reason for these posts. Read Steve Gibson’s response. Related to the SpinRite story (which are present in every episode): again, I don’t know WTF (pardon my language) people are doing with their computers, but in my 15 years of computer usage I never (knock on wood) had a hard-drive fail on me or…
-
Vulnerabilities and hype
Take some vulnerabilities, don’t investigate the conditions which are needed to exploit them, and you got a good old fashioned security hype. The gist of it: there are some flaws in the ActiveX controls VMWare installs. The possible attack scenario for these vulnerabilities looks like this: The user has VMWare (or VMWare Disk Mounter for…
-
Mixed links and commentary
Via rootkit.com: a tool to load arbitrary unsigned drivers under Vista without playing with the boot parameters. Very nice. I didn’t play with it, but I assume that it does this by loading its (signed) driver, then using that to perform the load from kernel mode. The question remains: can’t Microsoft revoke their certificate, so…
-
The Cisco challenge
Today being (very probably – there is an oxymoron for you) the last day I play the Cisco Networking Academy challenge (but the first day you might play it), I thought it may be useful to share some thoughts (cough-cough brag) about it. The challenge is very simple: you can answer fifty questions each day…
-
Two channel authentication – part two
I’ve had some excellent replies to my last post (including the CTO of PhoneFactor – probably via Google Alerts or something similar 😉 – I don’t delude myself into thinking that he reads my blog :)), so I thought I expand a little on the subject: As it was pointed out in the comments, this…
-
MySQL triggers and stored procedures
So MySQL is trying to be a big boy and have advanced features like triggers and stored procedures (not just UDF’s). However their syntax seems a little complicated compared to the PostgreSQL one. So here it goes: DROP TRIGGER IF EXISTS mytrigger; DELIMITER | CREATE TRIGGER mytrigger BEFORE INSERT ON test1 FOR EACH ROW BEGIN…
-
Updating PHP in XAMPP for Windows
Inspired by the YAIG blog, here is my how to do it post: XAMPP is a great suite to quickly get up and running with Apache, PHP, Perl and MySQL. Warning! It is not aimed to be used in a production environment! Its settings are geared towards ease of use rather then security! However I…
-
Recovering deleted files the DIY way
I can’t really remember if I’ve written about this or not (old age I suppose :-p), so here it goes: There are certainly easier (and better) ways to do it, here is the DIY way for those who enjoy some hands-on fun: Save the contents of the entire partition (or disk) in a separate file.…
-
Mixed links
After DefCon we might have a new debugger based on Olly and with Python scripting support. A nice little (free) tool to view / edit PE files, with plugin support: CFF explorer Update: it seems that the debugger (btw, de-bugger, what an interesting word) will be made public on August the 3rd.