Robert Hensing's Blog

Software Security . . . and stuff.

October, 2007

  • Getting Microsoft Updates offline . . .

    So I just got done reading Larry's article on XP SP3 over here: http://www.eweek.com/article2/0,1759,2204198,00.asp Near the beginning of the article he mentions something about needing an offline / disk based version of the update process for people...
  • Yes Virginia, they really are out to get you . . . (Spear phishing for fun and profit)

    Not content to let the Chinese dominate the attachment based espionage game . . . it looks like the Russians are finally getting in on the act: http://www.first.org/newsroom/globalsecurity/157668.html I think it's pretty awesome that MessageLabs has the...
  • Bluehat - favorite quote && H.D., Metasploit and the iPhone

    http://www.infoworld.com/article/07/10/02/Security-researchers-look-beyond-Vista_1.html Halvar : One well-known researcher who goes by the name Halvar Flake called Vista "arguably the most secure closed-source OS available on the market," in a blog...
  • DD-WRT kicks ass!

    Over the weekend I decided to try something cool at home. I have a Buffalo WHR-HP-G54 wifi g-router that I got a few weeks back via Slickdeals. It's a great router - very strong wifi signal / range and it was cheap - like $50 or something . . . but the...
  • Wherever you go - there you are! (If you own a Mac with Leopard)

    Also a classic line from The Adventures of Buckaroo Bonzai Across the 8th Dimension and also very applicable to that fruit company's new OS. http://www.isfym.com/Site/Blog/Entries/2007/10/27_Don%E2%80%99t_go_Back_to_My_Mac.html What could *possibly...
  • It begins . . . (PDF spam run)

    F-Secure is reporting that a PDF spam run has started that exploits the Adobe URI handler vulnerability ( that is really sort of our vulnerability - where Acrobat is simply the current attack vector). Couple things: The Adobe Acrobat update has...
  • LOLCODE.NET

    I give you - the newest CLR language: http://blog.notdot.net/archives/32-LOLCode.net-Now-your-LOLCats-can-use-the-CLR!.html :)
  • Apple to release Vista soon

    http://www.apple.com/macosx/features/300.html#security Looking through the feature set . . . lets see: We've had tagging of applications downloaded from the Internet since like XPSP2 (attachment manager api). We've had the ability to sign applications...
  • Elcomsoft password cracking - now 25x faster?

    Thanks to the parallel processing ower of modern GPUs: http://technology.newscientist.com/article.ns?id=dn12825&feedId=online-news_rss20 I'm surprised they didn't jump on the Sony PS3 / Cell processor bandwagon . . . On an related note - remember...
  • Vista updates

    Install these updates: http://www.infoworld.com/article/07/10/03/Microsoft-updates-Vista-speed-and-stability-again_1.html Don't ask questions. :) The article above doesn't have the downloads URLs but here's a tip: You can sort the download web site...
  • Russian Business Network

    I've attended a number of briefings on the RBN in recent months and there is actually quite a lot of information in the hands of cluefull researchers about who is behind this shadowy organization. Much of that information has been kept private and then...
  • A.D.D.

    I think I have A.D.D. . . . I haven't like . . . been to a doctor about it - but from doing some research - I can tell I have it based on what I saw here: http://www.movieweb.com/video/V07F29lmopCJUY Oh CRAP! I should be working . . .
  • This kid's a speed freak!

    Unbelievable talent . . . http://www.cnn.com/video/#/video/living/2007/10/16/intv.one.handed.rubiks.champ.cnn And all he wants to buy with his $700 prize is . . . .
  • Zune 2 and the battle for your digital entertainment lifestyle

    UPDATED (New links, more things I like) UPDATED (Again, now with a video of the Zunes and Zune software in action) So the Zune2 IMHO is hugely important for us. Apple seemed to have opened a big ole can of whoop-ass on us a few weeks ago with their...
  • Microsoft now has two open source licenses!

    "I felt a great disturbance in the Force...as if millions of voices suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened." - Ben That's right - Microsoft now has not one but two (count 'em - TWO) open source...
  • Darth Apple and the iPhone?

    Interesting blog from my friend Adam Shostack here: http://www.emergentchaos.com/archives/2007/10/apples_update_strategy_is_1.html He takes a look at the Apple iPhone Security Update <--> Bricked Device issue. Basically if you want 10 security...
  • Unbreakable - good Lord . . .

    http://news.yahoo.com/s/pcworld/20071015/tc_pcworld/138431 27 database vulns - 5 of which are remote anonymous (i.e. Critical). When was the last time SQL had a remote anonymous / critical? Is *anyone* keeping a running list of CVEs for Oracle so...
  • Microsoft and double standards

    Well said Joe: http://www.microsoft-watch.com/content/operating_systems/the_great_double_standard.html To be fair the stock has risen to its highest point in like 7 years . . . I'm almost afraid to talk about it for fear of scaring it away . . .
  • Another one bites the dust . . .

    Bot-herder - indicted: http://www.usdoj.gov/usao/cae/press_releases/docs/2007/10-01-07KingIndictment.pdf This may be a very small dent . . . but it's a start. :)
  • Cracking the iPhone (or - those who do not learn from the past, are doomed to repeat it)

    H.D. is just totally pwning the iPhone. He's got a two part series that covers using a LibTiff vuln to get shellcode running in say Safari which runs as root. http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html http://blog.metasploit...
  • Microsoft Security Intelligence Report v3

    Available now: http://www.microsoft.com/security/portal/sir.aspx
  • Redhat fixes their 1,000th CVE

    We now have several years worth of solid CVE / vuln data that has accrued (both for us and our competitors) and some folks like us are improving (by needing to fix fewer security vulns year over year) and others . . . not so much. :) http://blogs.technet...
  • Halo - the future of gaming?

    Okay - this is hilarious in an EPIC 2014 sort of way: http://www.loadingreadyrun.com/videos/view/228 The keyboard I type with even makes a cameo appearance at the end of the video - although I have nothing to do with its masterful creation (no really...