-
Moving to Ubuntu – swap partition
I continued to perfect the solution for the Ubuntu swap partition problem (although I just upgrated to 1G of memory so it doesn’t manifest itself as quickly as before, w00t!), and would like to share my results: As posted earlier, you can use the free command to check if your swap partition is activated (on…
-
Input validation
The month of PHP bugs is over, but you should still watch the PHP-Security blog, since there are good things coming from there, like this article: Holes in most preg_match() filters. Go read it if you are using regular expressions for input validation. Two tips to avoid these pitfalls: Cast your input to the datatype…
-
Lies, Damn Lies and Statistics
I’m back with more critique for Deb Shinder (who for one reason or an other doesn’t allow commenting on her blog, so I can’t directly post there). Read part one (Biometrics is not the answer!) and part two (Three letter acronyms don’t provide good security!) for more opinionated posts. The post I’m talking about is…
-
Full disclosure – yet again
I came about this post about ethical hacking and I felt the need to respond to it publicly since (I feel that) the article offers a skewed view and does not present the counter-arguments: First of all I would like to stress that discovering and writing exploits for certain types of flaws (and I’m not…
-
Month of PHP bugs roundup
The month of PHP bugs is over and I thought that I make a little list with things you can do to mitigate the bugs where possible: Update to PHP 5.2.1 and watch out for the next version and update to it as soon as it comes out. Do not PHP4, because there is a…
-
Shared risk of shared runtimes
I love the interpreted languages. I love PHP, Perl, Java, C# and all the others. The liberty they give you is incredible! However there is a security aspect to them: because the actual machine code is shared by the programs written in one particular language, security features / products which depend on the executable image…
-
How to submit suspected malware samples?
A quick tip: if you have file(s) which you suspect that are malicious, submit them to any of the following places: VirusTotal VirScan Jotti’s malware scan Virus.Org Rogue File Scanning Service Virus Chief FilterBit NoVirusThanks Beside the fact that these sites will eliminate or enforce your suspicion (based on the number and types of detection…
-
Game Over – You Lost!
The famous security researcher Joanna Rutkowska has posted on her blog an article entitled The Game Is Over! and as a typical second class blogger I jump on it and give my (unrequested) comments :-). The post reiterates two of the ideas she has been promoting recently: The security industry doesn’t focus enough on the…
-
An other tool to manage security in Windows
One of the first posts on this blog was about different (free) options you have to temporarily elevate your privileges under Windows. So it is natural that this blog post from George Ou sparked my interest. It talks about a product, BeyondTrust, using which you can temporarily elevate the privileges of certain applications and provides…
-
Three letter acronyms don’t provide good security!
As a second part for my previous post, here is an other post where Deb Shinder gets it wrong (or at least emphasizes the wrong words): Security Mechanisms in Office 2007. My problem is not with the post per-se (because admittedly I only saw Office 2007 in the Channel 9 videos), but with this particular…