-
Shared risk of shared runtimes
I love the interpreted languages. I love PHP, Perl, Java, C# and all the others. The liberty they give you is incredible! However there is a security aspect to them: because the actual machine code is shared by the programs written in one particular language, security features / products which depend on the executable image…
-
How to submit suspected malware samples?
A quick tip: if you have file(s) which you suspect that are malicious, submit them to any of the following places: VirusTotal VirScan Jotti’s malware scan Virus.Org Rogue File Scanning Service Virus Chief FilterBit NoVirusThanks Beside the fact that these sites will eliminate or enforce your suspicion (based on the number and types of detection…
-
Game Over – You Lost!
The famous security researcher Joanna Rutkowska has posted on her blog an article entitled The Game Is Over! and as a typical second class blogger I jump on it and give my (unrequested) comments :-). The post reiterates two of the ideas she has been promoting recently: The security industry doesn’t focus enough on the…
-
An other tool to manage security in Windows
One of the first posts on this blog was about different (free) options you have to temporarily elevate your privileges under Windows. So it is natural that this blog post from George Ou sparked my interest. It talks about a product, BeyondTrust, using which you can temporarily elevate the privileges of certain applications and provides…
-
Three letter acronyms don’t provide good security!
As a second part for my previous post, here is an other post where Deb Shinder gets it wrong (or at least emphasizes the wrong words): Security Mechanisms in Office 2007. My problem is not with the post per-se (because admittedly I only saw Office 2007 in the Channel 9 videos), but with this particular…
-
Biometrics is not the answer!
Deb Shinder is the resident MVP at Sunbelt Software. One of her posts caught my eye and I felt the urge to post about it: Passwords: A Thing of the Past? In it she advocates to use biometrics as a replacement for passwords. Here are my (not so positive – as you may have guessed)…
-
Update on the Month of PHP Bugs
The month is nearing to an end (but fear not, next month we will have a month of MySpace bugs it seems), and here are the latest developments: Two bugs using which you can bypass the open_basedir restriction. They are in the user-contributed PECL modules, so there is a chance that they will be fixed…
-
How not to get your application signed by AV
Disclaimer: these are my own opinions and they do not necessarily reflect the opinions or policies of any of my current or past employers. There is a class of applications which can be categorized as greyware: programs which can be used for both good and evil. A few examples (in no particular order): nmap, the…
-
Mobile malware – hype or not?
I’m not entirely dead yet, just very busy 🙂 Anyway, I came across this blog posting (Mobile Virus FUD) which in turns references this article about Kaspersky Labs (not the one at heise security as I stated – erroneously – before). Before we continue, a disclaimer: the views and opinions expressed here are my own…
-
TT – Treacherous Technology
So, after a failed upgrade to Ubuntu 7.04 Feisty Fawn I was left with no choice but to boot into my Windows 2003 partition. (To Ubuntu’s defense: 7.04 is clearly marked as beta software and I was doing the update on my own risk). Just to be clear: this Windows 2003 SBS is a 100%…