I mentioned it previously, but just wanted to be sure that everyone has seen this: the "standard" VNC protocol does not offer any encryption of the data (ie. using a packet capture you can reconstruct the screen content and the action of the user). There are unofficial extensions, but they are not widely supported During…

The World Wide Web has become the main target for much of the computer usage these days. This has several consequences, one of which is that more economic value is placed in it, attracting more attacks. XSS, CSRF, RIF and so on. These are all terms which are used daily by the security research community.…

MD5 is looking less and less reliable as the day pass. It seems that now researchers have been able to create an attack that can append a couple thousand bytes to two arbitrarily chosen files which would result in those files having the same MD5 hash, and compute these byte sequences with consumer grade hardware…

I’ve heard that one of the goals for the Wikiscanner author is to get first place on Google for the term Virgil. So here is my contribution to it: Virgil. Thank you.

In a previous post I discussed how to combine NoScript with co.mments.com As I later discovered the main problem was that the bookmarklet worked by inserting a script tag in the document, which, if scripting was disabled for the given page, could not be evaluated. I worked around this problem by using the temporary enable…

Just a quick rant about the comparison of different security products (in the largest sense of the word): Many times we see things said like product X stops 100% of all (known) malware. First there is of course the problem that some people omit the known part which makes them by default ripe for lawsuits.…

There is a new study on the honeynet site, titled Know Your Enemy: Malicious Web Servers. While the study is interesting, there isn’t anything particularly new about it. The methodology was very similar to other studies in this area (the Google Ghost in the browser – warning, PDF – study or the Microsoft HoneyMonkey project

I didn’t win the latest ethical hacker challenge, one of the reasons being the lack of my film-trivia knowledge. So here goes my answer to the challenge, maybe somebody finds it useful. You can also compare it with the winning submission. 1. What tool did Kaylee use to remove the malware? How could she find…

Just a short post: I won – finally! Rather than re-posting the whole answer I’ll provide a link to it: Link. I won’t be claiming the book, because I have rather bad experiences with the Romanian postal service, but it’s nice to be recognized. Two ideas which came after I submitted my answer: It is…

In my younger years I’ve joined Brainbech and did a few tests on it (during the different promotion periods when they were available for free). However I quickly discovered that these certifications have exactly the value of the paper they are written on (eg zero), because: Any relatively seasoned IT pro can pass them, based…