Robert Hensing's Blog

Software Security . . . and stuff.

April, 2008

  • Mah Bluehat blogz - let me show you them!

    My somewhat random thoughts on the battle for your PC and how it may play out in the coming year . . . (and by your PC I really mean your Mom's since you're of course running IE7 on Vista with UAC enabled and DEP forced on etc. right?): http://blogs.technet...
  • Mac vs. PC - can't we all just get along?

    So I'm on the road with my boss . . . he brought his Mac . . . I brought my Vista x64 Dell. They only offered wired internet so I decided to try out Vista's connection sharing stuff . . . I figured I would plug in the cable and share the connection out...
  • PayPal throws down . . .

    This is VERY interesting and I wonder what sort of time frame they plan on doing this in - because right now AFAIK their list of supported browsers would be IE7 and IE8 (based on the EVSSL statements). :) http://www.eweek.com/index2.php?option=content&task...
  • Flash NULL pointer + offset code execution . . .

    I tend to agree - Mark Dowd is clearly not human: http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ This kind of thing makes me want to like . . . go work on cars or something. :) So here's what's sort of scary...
  • Hyper-V

    So Brandon Baker is a senior guy on the Hyper-V team. I just came across this blog post of his: http://blogs.msdn.com/rsa2008/archive/2008/04/07/isolation-of-virtual-machines.aspx If you read my blog - you may have seen my blog from CanSec where Oded...
  • Espionage using Office documents in the news

    First a Wired article: http://www.wired.com/politics/security/news/2008/04/chinese_hackers Next a Businessweek article: http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm We live in 'interesting' times.
  • IE8 - DEP enabled by default?

    W00t!!! So I guess this is public now: http://www.eweek.com/c/a/Security/Microsoft-Details-IE-8-Security-Default-Change/ This is huge . . . DEP is a fairly complex process on Windows today . . . far less trivial than I would like. By default on our...
  • "Counting vulnerabilities is a natural way to measure security. If you're a retard."

    Got your attention didn't I? :) So Mike Howard, one of the founding fathers of the SDL, is an amazing guy. In my group we joke around with him and tease him quite a lot (he is a Kiwi after all) but at the end of the day there are few people in Microsoft...
  • I feel dirty . . .

    So I've been running WS2008 for a while now. I've got a nice beefy machine that I do all my repro work on. It's an Intel quad proc box with 4GB of RAM and an ATI Radeon x1950Pro. I've got some nice LCDs and run multi-mon. And I absolutely hate what we...
  • Get Kraken!

    So much ado is being made about Kraken in the press with people speculating this bot is bigger than storm - which was already terribly over-hyped in terms of numbers by the press. If you're curious - here's our AV team's write-up on it here: http://www...
  • Apple opting into /GS, DEP and ASLR?

    Somebody pinch me . . . I must be dreaming: http://www.eweek.com/c/a/Security/Apple-Adds-AntiHacker-Features-to-QuickTime/
  • Bitlocker protecting me from myself?

    So tonight I rebooted my notebook and was prompted by Bitlocker that my boot configuration had changd. I sort of freaked out. I didn't want to insert my USB key with the BDE key on it until I figured out what BDE was trying to tell me. For all I knew...
  • Yet another product with 360 in the name . . .

    Ferrari F 360 :) Xbox 360 Anderson Cooper 360 Symantec Norton 360 Nordick Track 360 Fortify 360 ? http://www.internetnews.com/dev-news/article.php/3737696/Taking+a+Wider+View+of+Code+Security.htm Seriously . . . when will the 360 product naming madness...
  • On Vista, OSX and security researchers

    So I made an interesting observation at Cansec last week. By day 3 I realized that I was the sole presenter running Vista. Hell I may have been the sole *attendee* running Vista. In fact if I had to break out the presenter laptop OS's it would go something...
  • Fail open goats (the new LOL cats?)

    So there are these goats - that when you scare them - they lock up, and their legs stiffen and they end up falling over and landing on their back - invariably with their legs sticking straight up in the air. It's a genetic thing. The goats are fine after...