Category: links

  • Mixed links

    From a recent linkfest on The Old New Thing blog come the following links: Some C++ Gotchas – yes, C++ is hard, and if you can keep all the rules in your head, you are a genius (or at least somebody working in C++ for 10+ years). On a related note: Java is also hard…

  • Mixed links

    From Andy Helsby’s  Bookmarks: How do I Reset a Dell BIOS Password? – apparently for laptops there is a free (if you live in the USA) number you can call, and after giving the serial number for your laptop, they give a master unlock code. This is cool, but also a reminder that BIOS passwords…

  • Mixed links

    A paper about the state of the databases which store our information in the EU. I skimmed trough it, probably it is more interest to people who are concerned about this aspect. Advances in HTTP encapsulated payloads – a presentation about Metasploit using outbound connections. Nothing too revolutionary, but a good reminder that just because…

  • Mixed links

    This post will be quite “video-heavy”, so I won’t embed all the videos (because the post would load very hard), rather I will just link to them. Nate Koechley: "Professional Frontend Engineering" – a good introduction in the topic. Covers progressive enhancements and similar topics. If you are already well-versed in the basics, there isn’t…

  • Mixed links

    An analisys of the C variant of Conficker Via Jeremiah Grossman: Detecting browsers which are in incognito mode – Interesting. It is based on the CSS history color hack and works because browsers in incognito mode seem to report all URL’s as not visited, even if the visit occurred in the same session. From Joanna…

  • Mixed links

    From HolisticInfoSec.org: Online finance flaw: At least AIG got this one right – a good example (finally!) on how to handle vulnerability reports. Via the Security4All blog: The Untold Story of the World’s Biggest Diamond Heist – very cool and a good reminder that you must consider the resources an attacker is willing to invest…

  • Secure erase

    Fun (curious) fact: all recent (newer than 2006)  have ATA commands in them specifically for wiping the data off of them. There are at least two advantages to this method: It wipes all sectors (including sectors marked as bad by the internal tables) It is faster You can get the program which initiates such a…

  • Mixed links

    Installing DokuWiki on a SourceForge account – it seems that SF has some more complex security policies (which is good), but it takes a little command-line kung-fu to install DW (because it needs write access to some directories). Guaranteeing deletion – an interesting thought-experiment on how to guarantee the fact that a hostile system executes…

  • Mixed links

    This will be a long one since I didn’t do it for a while: Norton support goes rogue? – One remark: it is not that uncommon for support to recommend third-party tools (one very popular example would be HijackThis). Why reinvent the wheel? Of course, it is wrong to misrepresent the product. Ways the PDF…

  • Mixed links

    New blog in town: Telic Thoughts about information security – I especially liked their Is the CIA model still relevant? post. The CIA triad is a concept which I often reference and it is interesting to see how its limits are being pushed. Windows Server 2003 SP1 Out of Support in April – the Microsoft…