Robert Hensing's Blog

Software Security . . . and stuff.

Robert Hensing's Blog

  • On Chromium and Practical Windows Sandboxing

    UPDATE 9/13/2008 : The authors of the Chromium whitepaper linked to below wrote to me the day after I wrote this post thanking me for the links to Dave's blog and they insisted that they had not seen his presentation at Blackhat nor were they aware of...
  • Google Chrome coming today? Launch early and iterate? srsly?

    UPDATE : Reading the Google chrome comic that I received offline - man, I have to admit, this does sound pretty hot. Lots of interesting things - but first and foremost the one that security geeks will care about most - they have in some way ACL'd the...
  • RedHat Package Signing Server - Pwnd

    EDIT : Holy crap: http://rhn.redhat.com/errata/RHSA-2008-0855.html "In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and...
  • The truth about the Dowd / Sotirov Vista memory protection bypass stuff

    Good short interview with Sotirov who clarifies what actually happened at Blackhat for some folks: http://blogs.zdnet.com/Bott/?p=513 He mentions some interesting stuff - like how they worked with us, we gave them feedback, worked with the other vendors...
  • Happy Patch Tuesday - Random thoughts

    The SnapShot Viewer 0-day that has seen limited exploitation in the wild is now patched - here's an interesting write-up with some things you may not have known about it. Here's the deal - IE Protected Mode, while not a true defendable security boundary...
  • VMWare Fail Closed Goat Award

    Here's one for the schadenfreude files - VMWare users running ESX 3.5.x Update 2 will be unable to power on their machines today / tomorrow / everafter until a fix is released by VMWare to correct a licensing bug that causes legit copies of the software...
  • OpenID Fail Open Goat Award

    Really interesting that CRL checks aren't baked into a lot of open source OpenID providers: http://www.links.org/files/openid-advisory.txt Sun has already updated their web site with this disclaimer: Security Issues OpenID is an untrusted...
  • We're going for an Olympic Silver(light)

    Sort of an interesting story on how it came to be that Microsoft Silverlight was chosen to broadcast the Olympics via the series of interconnecting tubes: http://news.cnet.com/8301-13860_3-10003752-56.html?tag=nefd.lede I'm guessing Silverlight supports...
  • Today's Fail Open Goat Award goes to: Insecure 3rd party software updaters

    You'll notice Microsoft's auto-updaters (Windows Update / Microsoft Update / Automatic Updates) are not on the list. Why? Because we're paranoid, and we anticipated this type of threat years ago and mitigated it by signing all of our binaries and only...
  • 2% of a big number, is a big number

    Don't be evil. http://blogs.pcmag.com/securitywatch/2008/07/google_blogger_hosts_2_of_worl.php
  • Microsoft Mojave

    "We are here in San Francisco, where we've secretly replaced the fine operating system these people usually use with Windows Vista, Let's see if anyone can tell the difference!" http://news.cnet.com/8301-13860_3-9998336-56.html?tag=nefd.lede
  • Antivirus fail . . .

    Lately I'm not a big fan of AV and it amazes me that AV hasn't been beaten up more badly than it has given how it runs on pretty much every desktop in the civilized world and how critical writing solid, secure code is these days. It looks like .Nruns...
  • DNS Fail Open Goat Award

    Kaminsky's flaw has a metasploit module: http://www.caughq.org/exploits/CAU-EX-2008-0002.txt On the Internet - no one hears your screams.
  • Pwnie Awards - Vista nominated for . . .

    Most Epic Fail: http://pwnie-awards.org/2008/awards.html#fail Gee . . . I hope we . . . win? No . . . wait . . . Windows Vista for proving that security does not sell $100,000,000 invested in security and what does Microsoft have to show for...
  • Dan's DNS checker - We need a new ship!

    Heres' an interesting, somewhat reflective blog from Kaminsky on security researcher drama, and how in an ideal world lots of trusted peers would get to review your vulns and fix plans before the patches ship: http://www.doxpara.com/?p=1164 Sadly - in...
  • Chris Rohlf joins Matasano

    I have mad respect for Matasano and I can't believe a friend of mine now works there! http://www.matasano.com/log/1088/hello-a-self-introduction-by-chris-rohlf/ Congrats dude!
  • Memory dumpers for Windows

    So I still get IR related questions on occasion . . . one of which being 'what is the best way to dump memory on Windows'. I honestly am hopelessly out of touch - I haven't done IR in many years now - but I came across some intersting tools that seem...
  • Adobe Acrobat 9 - Creamy Security Goodness (on Vista / WS2008)

    So I noticed yesterday that Adobe had quietly released Acrobat 9 to the web. I decided to download it and check it out to see if they had finally gotten a copy of memo (it's just that we're putting cover sheets on all of our TPS reports now) and decided...
  • Vulnerable Web Browser Study - Full of Fail

    So came across an interesting report today from various security folks (including Gunter Ollmann from ISS): http://www.techzoom.net/papers/browser_insecurity_iceberg_2008.pdf I can appreciate what they are trying to do - and I believe they were probably...
  • Dino secretly wants Apple to release 64bit Vista

    Interesting article from Dino: http://blogs.zdnet.com/security/?p=1325 Vista x64 has like . . . 4.5 out of 5 of things he wants. Love the comment in there about making the heap non-executable. :)
  • Today's FOGA goes to Google for (implicitly) admitting they have a problem (via stopbadware.org)

    Man - not sure why this didn't grab the media's attention until today: http://www.pcworld.com/businesscenter/article/147503/group_says_google_a_top_source_of_badware.html March was apparently a bad month for the Google properties: http://blogs.stopbadware...
  • SQL injection is teh suck . . .

    So do something about it: http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx We give you 3 different ways to combat SQL injection on our platform above including an update to one of my all time favorite...
  • Security 'silly season' has officially begun . . .

    In Formula 1, silly season usually begins near the middle to end of the F1 calendar (although it seems to start earlier each year) as many drivers and teams start the intricate backroom negotiations of who will drive what next season or even sometimes...
  • MMPC team blog / FF 3.0 download record?

    The Microsoft Malware Protection Center team (i.e. the AV folks) have a new blog URL: http://blogs.technet.com/mmpc/ Hopefully these folks will be blogging more about new and exciting malware like they've done just recently. This month - they talk...
  • Microsoft Blogs and Web Resources about Security

    This guy has spent an insane amount of time collecting and organizing useful security links . . . but he doesn't just throw them in a blog in random order - he's got a graphical legend and mad organizational skillz. Although I must question some of...