-
Bypassing SRP from PowerShell
When discussing with a reader of mine, I mentioned that the same method (patching the local process) should be possible using PowerShell. And here is the code: ######################################################### # This is a general purpose routine that I put into a file called # LibraryCodeGen.msh and then dot-source when I need it. ######################################################### function Compile-Csharp ([string]…
-
Executing arbitrary powershell script from the command line
After playing around with PowerShell, I quickly found that there seem to have been given a considerable amount of thought to the security aspect of it. Two security features which I found were: The default action for powershell scripts (.ps1) is “Edit”, not “Run”. This means that plain powershell scripts can’t create the same amount…
-
Review: Viruses Revealed
This book should be a must read for anyone thinking about malware and anti-malware (including – or especially – all the people in the media!). It is a hype-free, no-nonsense book, which doesn’t shy away from writing the truth. I found out about this book from the (ISC)2 blog, where Robert Slade (one of the…
-
Advertising (double and a half) fail
I get the following email in my inbox: Knowing that they have some interesting people (and webcasts), I bite. So where should I click? On the subscribe button of course! This takes me (trough a redirector – which fortunately wasn’t blocked by my host file) to this website. Fail no. 1: there is no way…
-
What can a malicious program do under a limited account with Windows 7?
The scope of this post is to demonstrate what a malicious program can do under Windows 7 (the newest and presumably most secure version of MS Windows) with a Guest account (the most limited one from a capability point of view). The “malware” in the video below demonstrates that a program run by the user…
-
The right way to embed
I occasionally rant about “web 2.0” services which want me to embed Javascript on my page to get the functionality. Besides them being a security risk (because they can change the JS on their servers at any time and p0wn all my visitors – and it doesn’t have to be malice on their part –…
-
Goldman Sachs security incident
Allegedly the source code for Goldman Sachs “low latency (microseconds) event-driven market data processing, strategy, and order submissions” systems have been stolen by an insider (via Zero Hedge here and here). Personally I find this (and similar cases) overblown for several reasons: Sourcecode by itself is worthless. The important thing is the mathematical model behind…
-
More benchmarking in the 127.0.0.1 vs 0.0.0.0 issue
I’ve done a little more benchmarking in the 127.0.0.1 vs. 0.0.0.0 issue: <script>var start=new Date();</script> <script src="http://ad.a8.net/foo.js"></script> <script src="http://asy.a8ww.net/foo.js"></script> <script src="http://a9rhiwa.cn/foo.js"></script> <script src="http://www.a9rhiwa.cn/foo.js"></script> <script src="http://acezip.net/foo.js"></script> <script>var stop=new Date(); alert(stop.getTime() – start.getTime());</script> What this code does, is to try to include javascript files from five sites and measure the time it takes to process these tags.…
-
Speedy hosts blocklists
One of the ways to block your machine from connecting to “unwanted” hosts (however you define this criteria) is to list the DNS name of the host in the hosts file of your system and associate it with a different IP address than the real one. While this solution has some limitations (for example: it…
-
Removing features is the best defense
When I’ve read the news that Microsoft is disabling Autorun for removable media other than CD/DVD in Windows 7 (and maybe HD-DVD/BlueRay) I said: cool! This will slow down the spreading of malware using this feature (on a very long timeframe of course, because Windows 7 isn’t even final yet – and far away from…