SQL injections are a subtype of the larger category of command reparse vulnerabilities. These attacks work because there is an intermediate language between different components of the system, more specifically between the frontend (which is tipically a webserver giving access to the whole world) and the backend (which is hidden behind a firewall / NAT…

Hello all. I want to bring to your attention the following article written by fellow blogger Kurt Wismer: defensive lines in end-point anti-malware security. I especially like it because it puts AV technology in place and creates a good foundation to start any meaningful debate. Here are my opinions on the matter (in no particular…

Via terminal23.net/: The Shmoocon 2007 videos start to appear. A hacker challenge for the conference is still online, so that you can give it a try. From what I saw it is very nice (needs all kinds of different skills from overflowing buffers to writing sql injections)

This is deeply troubling: AOL is forcing Gaim to change its name Please kindly contact AOL, and bring these points to their attention: The users of Gaim are highly technical and the probability of them making a confusion between AIM and Gaim is infinitely small Searching for AIM on search engines (like Google, Yahoo or…

There is a great series of articles over at the matasano blog about the deficiencies of dnssec. While I have no deep knowledge of the matter, the series seems to bring up very valid points against this security feature (the most near to my heart being the CPU cost of cryptography – which is expensive…

The submission date for the 8th ethical hacker skillz challenge is over and I’m eagerly awaiting the results (which should be published any day now). Until then here is my version of the solution, maybe somebody finds it useful someday: What is the significance of various numbers in the story, including the speech patterns of…

I came about this post about ethical hacking and I felt the need to respond to it publicly since (I feel that) the article offers a skewed view and does not present the counter-arguments: First of all I would like to stress that discovering and writing exploits for certain types of flaws (and I’m not…

I love the interpreted languages. I love PHP, Perl, Java, C# and all the others. The liberty they give you is incredible! However there is a security aspect to them: because the actual machine code is shared by the programs written in one particular language, security features / products which depend on the executable image…

The famous security researcher Joanna Rutkowska has posted on her blog an article entitled The Game Is Over! and as a typical second class blogger I jump on it and give my (unrequested) comments :-). The post reiterates two of the ideas she has been promoting recently: The security industry doesn’t focus enough on the…

One of the first posts on this blog was about different (free) options you have to temporarily elevate your privileges under Windows. So it is natural that this blog post from George Ou sparked my interest. It talks about a product, BeyondTrust, using which you can temporarily elevate the privileges of certain applications and provides…