-
Back of the napkin security research
I came up with the idea after seeing the following quote on the metasploit website: “powered by phpbb” “hacked by” – Results 1 – 10 from approximately 239.000 So you could do something similar to the TIOBE index (and with the same level of “accuracy” – this is more a fun thing than something which…
-
Wonky security posts
I was reading two security blog posts recently from security vendors which seemed a little “off”: The first one was from Avira talking about a great new feature: as I understand it, in the new version of their product if an application is permitted by the Application rules of the firewall, the port rules are…
-
Why Directi should be kicked
It is known in “security folklore” that a domain registered at Directi usually spells bad news. However I know have some stats to show it. How these stats were generated: The malicious domains were taken from DNS-BH The benign domains were taken from Alexa The registrar for each domain was extracted Of course, this is…
-
SDHC – Shared Dictionary Compression
I saw the following article on the GOS blog: Google Search Pages Load Faster if You Use Google Toolbar. It turns out that Google added an experimental feature in the Google web servers and the Google toolbar to reduce the network traffic by supplying a dictionary of frequently used page elements (BTW, I find the…
-
Good security news
Being Friday the 13th one can really use some positive news: on rootkit.com we have an article about Implementing SMM PS/2 Keyboard sniffer. How is this good news you ask me? Towards the end of the paper we have the following text (emphasis added): The limitations of hacking through SMM are obvious. It is almost…
-
ASPROX presentation video
Via Greg Martin’s blog: a presentation about ASPROX delivered at Toorcon by Dennis Brown from Verisign:
-
I had that idea!
Today I stumbled upon the paper Rethinking Antivirus: Executable Analysis in the Network Cloud. It talks about running lightweight processes on the hosts which ship files to be scanned to a network server which scans them and gives the clean/infected verdict. I had the exact same idea around the same time :-). Some benefits of…
-
Don’t overthink software security
While reading the trapkit blog, my attention was drawn to the following post: Commercial usage of ScoopyNG. ScoopyNG, in case you didn’t know about it before, is a proof of concept tool to detect VMWare. In the post the author of ScoopyNG details how the makers of a commercial product (Atempo Time Navigator) use the…
-
A portable AntiVirus collection
Over at the GSD blog I found a nice collection of descriptions on how to create portable anti-viruses. VIPRE would fit nicely in the collection, however I wanted to do a quick description on how to do this with BitDefender (I’m doing this from memory, so some details might be wrong!): Get the free edition…
-
PHPBB hack
I saw the news on the Kaspersky blog: phpbb.com was hacked. Fortunately (?) the hack wasn’t done trough PHPBB, rather trough a vulnerable installation of PHPList. BTW, the Kaspersky blog gets it wrong: the hack wasn’t because register_globals was enable, but rather because PHPList contained code to emulate the functionality of register_globals. More info: The…