Robert Hensing's Blog

Software Security . . . and stuff.

March, 2008

  • CanSecWest Day 2 - Part 2

    Have I mentioned yet how much CanSecWest rocks? Dragos seems to have thought of everything. Since many people stay out late at night networking and socializing and sometimes find it challenging to get up at 7:30am to make the 8-9am breakfast - Dragos...
  • CanSecWest Day 1

    Random thoughts: Haven't seen the sun since like . . . Monday morning. Driving to Canada sucks in the rain. Multiple accidents inside the 12 or so miles I had to drive in Canada made the Canadian part of the trip about as long as the U.S. part...
  • And the Mac falls within 10 minutes on day 2.

    So Dragos just announced before lunch that within 10 minutes of opening Day 2 of the pwn2own contest - the Mac has fallen. Wonder what took so long? :) UPDATE : Just talked with Dragos - the finder is signing with ZDI to get paid - so no vuln details...
  • Jonathan Morrison's kernel blog & LOST

    So my friend Jonathan who is one of my hard-core kernel go to guys has decided to dip his toe into the waters of the blogosphere and you can start reading his blog here: http://blogs.msdn.com/itgoestoeleven/ He'll be blogging about some pretty low level...
  • Newton virus for Macs? Android image parsing vulns?

    Good lord - even their viruses ( no the plural of virus is NOT virii ) are sexier than PC viruses! http://www.troika.uk.com/virus.htm And from the "wtf were they thinking" files - Google decides to release the Android SDK with outdated open source...
  • CanSecWest Day 3 - PWN2OWN update - Vista pwnd

    EDIT : So during my presentation today (the 2nd to last one of the day) I guess Shane ended up pwning the Vista box and winning it: http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up My presentation ran a little long and Dragos...
  • CanSecWest - Day 2 Part 1

    This morning we started off with a talk on Mobitex from a Toolcrypt guy (OlleB). Olle was a very relaxed speaker with very good English (given that he hails from Stockholm) although the talk was a bit dry and not super interesting for me. Mobitex as it...
  • Mass SQL injection coming to an IIS + ASP server near you . . .

    My friend Neil has a pretty good post on the mass SQL injection stuff that was reported in the press recently. http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx
  • Cybercrime alliance?

    It's about damned time: http://www.networkworld.com/community/node/26144 http://www.fbi.gov/page2/march08/cybergroup_031708.html And you know it's gonna be a success because they've got the Mounties involved! He he he . . . jeez I crack myself up...
  • Well done Apple - Safari 0wns!

    Not only did it take less than a week (as it did with the beta release) to find critical vulns in Safar 3.1 for Windows - but they managed to violate their own EULA by distributing it to approximately 500m Windows users in the first place! http://apple...
  • I'm closing out CanSecWest 2008?

    Well not quite - but I am the second to last speaker on the last day (Friday) - http://cansecwest.com/agenda.html Ugh - people usually skip out early on the last day to make flights and stuff - so I guess not many people will be staying for my live demos...
  • Apple offering free attack surface increase to Windows users.

    This is hugely irresponsible of Apple IMHO: http://blogs.zdnet.com/Bott/?p=405&tag=nl.e622 As history has taught us - browsers are not trivial applications to write securely and they are the primary conduit by which badness often enters your PC...
  • The web is broken . . .

    A friend of mine made a comment to me the other day that said exactly that - and now we have the creator of JSON saying the same thing: http://www.internetnews.com/dev-news/article.php/3735341 Amen brother . . .
  • Walmart drops Linux PCs from stores

    "This really wasn't what our customers were looking for," said Wal-Mart Stores Inc. spokeswoman Melissa O'Brien. http://news.yahoo.com/s/ap/20080310/ap_on_hi_te/wal_mart_linux_computer Hilarious.
  • From China with love . . .

    So last week was a VERY interesting week. First off we had some dude going public with information that the Pentagon had apparently been succesfully hacked at some point last year by an organization whom they believe but won't officially state as being...