-
Hack the Gibson #88
Read the reason for these posts. Read Steve Gibson’s response. A question which popped up twice in this episode was the problem with broadband user and the answer provided was very good: even if 50% of the people who have broadband would to turn off their connection when they are not using it, the other…
-
Hack the Gibson #81 to #87
Read the reason for these posts. Read Steve Gibson’s response. Here is again a long overdue post about the recent Security Now episodes. I have to say that the quality of the information provided in the recent episodes deteriorated (or maybe it is that they started talking about more concrete things where the errors are…
-
SQL injections – what they are and how to avoid them
SQL injections are a subtype of the larger category of command reparse vulnerabilities. These attacks work because there is an intermediate language between different components of the system, more specifically between the frontend (which is tipically a webserver giving access to the whole world) and the backend (which is hidden behind a firewall / NAT…
-
Active vs. Reactive protection
Hello all. I want to bring to your attention the following article written by fellow blogger Kurt Wismer: defensive lines in end-point anti-malware security. I especially like it because it puts AV technology in place and creates a good foundation to start any meaningful debate. Here are my opinions on the matter (in no particular…
-
Short news
Via terminal23.net/: The Shmoocon 2007 videos start to appear. A hacker challenge for the conference is still online, so that you can give it a try. From what I saw it is very nice (needs all kinds of different skills from overflowing buffers to writing sql injections)
-
AOL Bullying Gaim!
This is deeply troubling: AOL is forcing Gaim to change its name Please kindly contact AOL, and bring these points to their attention: The users of Gaim are highly technical and the probability of them making a confusion between AIM and Gaim is infinitely small Searching for AIM on search engines (like Google, Yahoo or…
-
Securing the Internet
There is a great series of articles over at the matasano blog about the deficiencies of dnssec. While I have no deep knowledge of the matter, the series seems to bring up very valid points against this security feature (the most near to my heart being the CPU cost of cryptography – which is expensive…
-
My submission for The Ethical Hacker Skillz Challenge
The submission date for the 8th ethical hacker skillz challenge is over and I’m eagerly awaiting the results (which should be published any day now). Until then here is my version of the solution, maybe somebody finds it useful someday: What is the significance of various numbers in the story, including the speech patterns of…
-
Linux tips
Via the All About Linux blog: bash completion – if you type ls — in your terminal and you tap the tab key twice, it will list all the available options. This works only of the most important commands (like ls, rm, …) but it’s still a nice add-on. And best of all – it…
-
Moving to Ubuntu – swap partition
I continued to perfect the solution for the Ubuntu swap partition problem (although I just upgrated to 1G of memory so it doesn’t manifest itself as quickly as before, w00t!), and would like to share my results: As posted earlier, you can use the free command to check if your swap partition is activated (on…