-
Quick port forwarding guide
It always gave me a headache when I tried to figure out the command line syntax of ssh for port forwarding and I ended up staring at the man page for several minutes and making drawings on a piece of paper. So I’ve put together three illustrations for the three possible port forwarding methodologies. The…
-
Picking the brain of the IE7 team
Martin McKey over of at the Network Security Blog is going to meet the IE7 team and is waiting for proposals regarding the questions he should ask them. Here is mine: First let me give a little background as I see it so that if they choose to answer my question (no offense, but if…
-
The kind of articles I don’t want to see
After reading this article I was in pain. I don’t want to offend anybody, but this is a perfect example for the things against which this blog was created. The article contains a lot of hype-words but is vague on technical details and some of the details is wrong. I don’t want to accuse anybody…
-
Hack the Gibson – Episode #60
Read the reason for these posts. Read Steve Gibson’s response. Here I am again, with a little delay because I was away on a conference of economics over the weekend, but I’ll cover that in a later post. This netcast started out very nicely, and I was hoping that I won’t have to write this…
-
Hack the Gibson – Episode #57
Read the reason for these posts. Read Steve Gibson’s response. This is the 21st post. Woohoo! It’s not that impressive, but for me it is, considering that I’ve started my blog just a little over a week ago. So this will be cheerful, joyful and happy post :). I’ve selected episode 57 for this because…
-
Things you (probably) didn’t know about your webserver
Today’s webservers are incredibly complex beasts. I don’t know how many of the people operating Apache have read the full specifications. I sure didn’t. So it should come as no surprise that there are hidden features in our servers (and some of them turned on by default), which can weaken our defenses. There are two…
-
Companies, technology and security
When I saw this piece in my google reader, I thought: that’s interesting, so I headed over and checked it out thinking that I get some information about are the practices at big companies. Somewhat disappointingly it was just a link to a tutorial which looks like it was written by someone who is just…
-
Wisdom of the crowds? Maybe not
Yesterday I’ve spotted the following article on the digg frontpage: PacMan written entirely in Excel. On the page it linked too I’ve found two games written in Excel and VBA (Visual Basic for Applications – the stuff macro viruses are written in). What is interesting that as of the time of me writing this there…
-
Rookits? Who needs rootkits?
What are rootkits and why are they dangerous? You can read the detailed explanation at Wikipedia which I won’t reproduce, but the basic idea is that they alter the operating system (using either documented or undocumented methods) so that certain objects (processes, directories, files) become invisible. They are very dangerous because they breed new life…
-
Software vs. Hardware firewalls
I’ve already done my post for the day and was listening to episode 56 of Security Now when I’ve heard something that ticked me of. I hear this all the time from various sources (but those are mostly uninformed and not security experts). This won’t be an other Hack the Gibson post, although you can…