I’m for full disclosure when (a) it makes the vendor put out a patch sooner than later or (b) it contains enough information so that the people affected can mitigate the risk and it is posted at places where these people are probable to read it. But this recent post on security team screams of…

As they say: better late then never. Here are my comments on the whole Acunetix saga. First of all, you should read the great posting at Computer Defense about the matter. It contains links to all the important events in this area, including the original press release, the reaction on Network World and others. So…

Fellow security blogger, Kurt Wismer, says that there are limited advantages to limited users. He is right in all his arguments: A program running in your account, even if it is a limited user account, still has access to all of your files. It can search in them for e-mail addresses, wipe them or do…

In a previous post I took issue with Chad McMillan’s claim that they had a revolutionary technology of identifying packed executables (btw., if you are interested, you can read my thoughts on the idea of packing your executables). He replied to me and in the spirit of fairness I publish his reply (with his consent…

After two weeks of hard work I’m exhausted and recovering, but ready to blog again! I published the comments received in this timeframe (sorry for not getting back sooner) and I hope to get back on track with my goal of publishing at least one (semi-)useful post for every day.

The Vista team replies to the to the DRM criticism – sort of. While the some of the concerns are directly answered (ie. the whole video output is not degraded, only the video playback window is), others are not or only dubiously treated. I won’t run Vista for quite some time, this is sure. Komodo…

I’m trying to eliminate all my backlog because it is possible that I will have limited connectivity for some time. So here goes an other batch: After using Google and Excite as redirector, it is the turn of Lycos: here is link which will take you to Google http://r.lycos.com/r/sagel_mail_scratch_tl/http://google.com (based on a spam I got).…

The 7th malware analisys quiz has announced the winner and (surprisingly) they picked my description :D. You can read my submission (warning, PDF). I would also encourage you to read the other three submissions which made to the top, since they all contain useful information (like a pointer to the software made by Winalysis) if…

Fresh from the web: The latest version of the Uninformed magazine is out. Although it contains only three articles, two of them are definitely worth reading if you are interested in reverse engineering. Google Webmaster Central. If you have problems with your site being (or not being) indexed by Google, take a look here. The…

The Christmas (Hacking) Story challenge is over and unfortunately I didn’t win :), so I publish my response: What is interesting about the files that Ralphie could see on the lamp server? nc is most probably netcat (http://netcat.sourceforge.net/), the “network swiss army knife” (the fact that it’s executable, as can be seen from the directory…