-
A game of Chinese whispers
Yet an other example of real-life Chinese whispers in the security journalism: A Hungarian online news site published an article titled “Hackers tried to steal user data from Amazon” (here is a somewhat usable automatic translation for the non-Hungarian speakers). I assume that the information went like this: What happened –> What the security company…
-
Goldman Sachs security incident
Allegedly the source code for Goldman Sachs “low latency (microseconds) event-driven market data processing, strategy, and order submissions” systems have been stolen by an insider (via Zero Hedge here and here). Personally I find this (and similar cases) overblown for several reasons: Sourcecode by itself is worthless. The important thing is the mathematical model behind…
-
grcsucks.com revival – #2
These posts republish content from the now defunct grcsucks.com site. The following one is a very good one, by somebody who knows networking: Martin Roesch, the author and lead developer of Snort. Dissecting GRC’s NanoProbes by martin.roesch http://www.snort.org Comments refer to : http://grc.com/np/np.htm Ok, so in the “broken out” packet dump at the bottom of…
-
Hack the Gibson #169
Read the reason for these posts. Read Steve Gibson’s response. Steve Gibson says that MSRT runs when restarting the computer: … And then it runs the next time you restart your machine This is not true, not only because MS says so (The version of the tool delivered by Microsoft Update and Windows Update runs…
-
grcsucks.com revival – #1
After starting a one-man movement 🙂 to clarify the muddy waters created by Steve Gibson, I was relieved to find that I’m not alone in my opinion. The central site gathering all the information was grcsucks.com, the domain registration of which expired somewhere around June 2007, and since than you can only find a domain…
-
Hack the Gibson #168
Read the reason for these posts. Read Steve Gibson’s response. Steve Gibson gets the description of the attack wrong (backwards): It’s possible to have something hiding below the surface, literally on, like, a layered page, where the user clicks on what they see, but what they’re actually clicking on is content on the page behind.…
-
Hack the Gibson #106
Read the reason for these posts. Read Steve Gibson’s response. I have a good news for mister Gibson: SpinRite would actually work on the Mac with VMWare. Because although Macs are EFI based, the hardware emulated by VMWare uses the good old protocols, which means that as long as VMWare has the capability to mount…
-
Hack the Gibson #93
Read the reason for these posts. Read Steve Gibson’s response. An other Security Now! episode, an other SpinRite story without mentioning backups. There are few explanations for this, none of which shed a very good light on Mr. Gibson: (a) he doesn’t care, (b) the flaws SpinRite repairs are not at all serious, so with…
-
Letting competent people do their jobs
Firs of all – the usual disclaimer applies – this is my personal opinion, blah, blah The first positive comment to my VirusTotal uploader came in which is cool, however it brought up two issues: The fist would be: please don’t use this tool to scan your entire collection, performing a small DoS attack on…
-
Getting ahead of the curve
I was listening to episode 103 of SecurityNow, and all in all it was a good episode. However one thing that baffled me (ok, maybe not so much because I didn’t have high expectations), is the fact that nowhere in the process did they ask about man-in-the-middle type attacks (although they mentioned it briefly when…