Grey Panthers Savannah

Category: security

  • What is an executable file anyway?

    While this seems trivial, it is a very important question you’ll have to answer if you want to pretend that a whitelisting solution will give you 100% protection. So lets take a shot at it: An executable file is a file which contains machine code intended to be run on the CPU. This looks right,…

  • An interesting Windows feature

    This one has been around for ever (possibly since Windows ’95), but it just so happens that I stumbled over it recently: You can use the “desktop.ini” file to (amongst other things) change the name displayed for the given folder by Explorer (and other file-navigators which are based on Explorer – like Windows Total Commander…

  • A good post about document metadata

    Read it, love it: GCIH Gold Paper – Document Metadata, the Silent Killer.

  • New years resolution for webmasters

    Graham Cluley gives some advice on the Sophos blog on how to secure your website. Unfortunately he can’t resist touting the companies horn, rather than suggesting a much more effective solution for this scenario: whitelisting. First of all, files on a webserver need to change very rarely. Executables almost never and it is useful to…

  • Interesting thoughts from the Sophos blog

    Niall from SophosLabs UK asks: why does spam work? and gives an interesting answer: In his opinion, although we think that claims made by spam is very “out there” and wonder why people keep falling for it, in fact it is no worse that what we see in other media (like TV commercials). On some…

  • Mixed links

    A list of rich content if you are bored have free time the following weeks: (Some) videos from the Fall 2008 Microsoft Bluehat security conference (from the extern SensePost blog). From PerlBuzz: Higher Order Perl available for free (legal!) download. I started reading it and already found some interesting tidbits. It always felt that Perl…

  • Installing Avira (AntiVir)

    After a tutorial on installing Avast and one for AVG 8 I decided to write up a tutorial on installing Avira (the former AntiVir). Download the install kit from their website (warning! there is some upselling going on) Install the software Done! Unfortunately there aren’t any options to make the program more silent or transparent…

  • Actively working against security…

    Not only isn’t security the first priority for people, some make a selling point of being able to defeat it! Does the following type of phrase sound familiar to you? Our product uses HTTP, so there will be no problem traversing those pesky firewalls. The solution is of course in the middle (making admins realize…

  • Please welcome a new blogger…

    Tim Starling from Wikipedia. In his first blog post he talks about the challenges involved in running a website securely where users can upload arbitrary content. It is very cool and very frightening the same time (because it makes you wonder: how many of the web applications out there are verified to this degree). One…

  • Security is not on most people’s mind…

    I was walking trough a mall when I realized the easiest way to get the floorplan for buildings (banks, hotels, any public area): evacuation plans. In Romania buildings obliged by law to display these publicly. And they do, including the backrooms… (I don’t know the laws in other countries, but I would imagine that they…