I game occasionally and these days I’ve learned a new word: speedrun. From Wikipedia: A speedrun is a play-through, or recording thereof, of a computer- or video game performed with the intent of completing it as quickly as possible, optionally under certain prerequisites, mainly for the purposes of entertainment and competition. At Speed Demos Archive…

I find it amusing how people try to keep things secret, yet they talk about things which (rather directly) reveal the information they try to keep secret. Take for example the comments on this article (for my non-romanian speaking readers: it talks about the recent evolution of the EUR-RON exchange rate). One reader comments (approximately):…

Seeing how Kurt over at anti-virus-rants doesn’t yet have a definition for this, and I’ve just blogged about such a situation, I thought I take a shot at it. The definition of a rogue anti-spyware/anti-malware usually includes the following items: it is program which claims to be an anti-spyware / anti-malware product, however It has…

The PE executable format (the one used by Windows) supports the use of digital certificates to verify the source of the file. Normally you can verify it using Windows Explorer (by right-clicking on the file and selecting Properties). It also shows up when you try to run an executable downloaded from the Internet with IE…

Jeremiah Grossman describes it much more concisely than I did. To implement default-deny Web Application Firewalls (WAF) must know everything about a website at all times, even when they change. That’s programmatically documenting every expected request method, URL, parameter name/value pair, cookie, process flow, etc making default-permit deployments the rule rather than the exception.

Being in a post-communist (whatever that might mean) country has some advantages. For example it sensitives you to propaganda. You can smell it instinctively and immediately you start to raise questions: how true is this? what are the supporting facts? Wikipedia defines propaganda as: Propaganda is a concerted set of messages aimed at influencing the…

Twitter isn’t the most reliable service out there. Today I signed up to follow a friend who is too lazy to type more than 140 characters at a time ;-), so doesn’t blog. While signing up, the CAPTCHA didn’t show up. After several page refreshes I took a look at the source and it is…

After talking about a problem with older versions of Opera, here is a problem with version 5.8.4 of ActivePerl for Windows (but which isn’t present in 5.8.8, so the simple solution is to upgrade): If you use the POSIX module to print out the day of the week (Friday, Monday, etc) with a code like…

It is amazing what you (commercial) software you can get today for free: Delphi Visual Studio IDA if you are a student, you can get lifetime (!) access to all of Microsoft’s products, provided you don’t use them for commercial purposes I for one welcome our overlords prefer the open-source alternatives, because I know that…

Via NetworkWorld (emphasis added): Crafted TCP ACK Packet Vulnerability Crafted TLS Packet Vulnerability Instant Messenger Inspection Vulnerability Vulnerability Scan Denial of Service Control-plane Access Control List Vulnerability The first four vulnerabilities may lead to a denial of service (DoS) condition and the fifth vulnerability may allow an attacker to bypass control-plane access control lists (ACL).…