March 2008 - Posts

CanSecWest Day 3 - PWN2OWN update - Vista pwnd
EDIT : So during my presentation today (the 2nd to last one of the day) I guess Shane ended up pwning the Vista box and winning it: http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up My presentation ran a little long and Dragos Read More...
Posted 28 March 08 05:03 by Robert_Hensing | 4 Comments   
CanSecWest Day 2 - Part 2
Have I mentioned yet how much CanSecWest rocks? Dragos seems to have thought of everything. Since many people stay out late at night networking and socializing and sometimes find it challenging to get up at 7:30am to make the 8-9am breakfast - Dragos Read More...
Posted 28 March 08 11:40 by Robert_Hensing | 0 Comments   
And the Mac falls within 10 minutes on day 2.
So Dragos just announced before lunch that within 10 minutes of opening Day 2 of the pwn2own contest - the Mac has fallen. Wonder what took so long? :) UPDATE : Just talked with Dragos - the finder is signing with ZDI to get paid - so no vuln details Read More...
Posted 27 March 08 04:00 by Robert_Hensing | 1 Comments   
CanSecWest - Day 2 Part 1
This morning we started off with a talk on Mobitex from a Toolcrypt guy (OlleB). Olle was a very relaxed speaker with very good English (given that he hails from Stockholm) although the talk was a bit dry and not super interesting for me. Mobitex as it Read More...
Posted 27 March 08 02:41 by Robert_Hensing | 0 Comments   
Well done Apple - Safari 0wns!
Not only did it take less than a week (as it did with the beta release) to find critical vulns in Safar 3.1 for Windows - but they managed to violate their own EULA by distributing it to approximately 500m Windows users in the first place! http://apple.slashdot.org/article.pl?sid=08/03/27/129236&from=rss Read More...
Posted 27 March 08 11:55 by Robert_Hensing | 1 Comments   
CanSecWest Day 1
Random thoughts: Haven't seen the sun since like . . . Monday morning. Driving to Canada sucks in the rain. Multiple accidents inside the 12 or so miles I had to drive in Canada made the Canadian part of the trip about as long as the U.S. part of the Read More...
Posted 26 March 08 09:38 by Robert_Hensing | 1 Comments   
Apple offering free attack surface increase to Windows users.
This is hugely irresponsible of Apple IMHO: http://blogs.zdnet.com/Bott/?p=405&tag=nl.e622 As history has taught us - browsers are not trivial applications to write securely and they are the primary conduit by which badness often enters your PC. Apple Read More...
Posted 25 March 08 01:32 by Robert_Hensing | 0 Comments   
The web is broken . . .
A friend of mine made a comment to me the other day that said exactly that - and now we have the creator of JSON saying the same thing: http://www.internetnews.com/dev-news/article.php/3735341 Amen brother . . . Read More...
Posted 20 March 08 08:28 by Robert_Hensing | 0 Comments   
Cybercrime alliance?
It's about damned time: http://www.networkworld.com/community/node/26144 http://www.fbi.gov/page2/march08/cybergroup_031708.html And you know it's gonna be a success because they've got the Mounties involved! He he he . . . jeez I crack myself up. Oh Read More...
Posted 20 March 08 08:19 by Robert_Hensing | 0 Comments   
Mass SQL injection coming to an IIS + ASP server near you . . .
My friend Neil has a pretty good post on the mass SQL injection stuff that was reported in the press recently. http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx Read More...
Posted 14 March 08 09:52 by Robert_Hensing | 0 Comments   
I'm closing out CanSecWest 2008?
Well not quite - but I am the second to last speaker on the last day (Friday) - http://cansecwest.com/agenda.html Ugh - people usually skip out early on the last day to make flights and stuff - so I guess not many people will be staying for my live demos. Read More...
Posted 12 March 08 12:44 by Robert_Hensing | 0 Comments   
Walmart drops Linux PCs from stores
"This really wasn't what our customers were looking for," said Wal-Mart Stores Inc. spokeswoman Melissa O'Brien. http://news.yahoo.com/s/ap/20080310/ap_on_hi_te/wal_mart_linux_computer Hilarious. Read More...
Posted 11 March 08 09:43 by Robert_Hensing | 0 Comments   
From China with love . . .
So last week was a VERY interesting week. First off we had some dude going public with information that the Pentagon had apparently been succesfully hacked at some point last year by an organization whom they believe but won't officially state as being Read More...
Posted 10 March 08 12:10 by Robert_Hensing | 0 Comments   
Jonathan Morrison's kernel blog & LOST
So my friend Jonathan who is one of my hard-core kernel go to guys has decided to dip his toe into the waters of the blogosphere and you can start reading his blog here: http://blogs.msdn.com/itgoestoeleven/ He'll be blogging about some pretty low level Read More...
Posted 05 March 08 10:26 by Robert_Hensing | 0 Comments   
Newton virus for Macs? Android image parsing vulns?
Good lord - even their viruses ( no the plural of virus is NOT virii ) are sexier than PC viruses! http://www.troika.uk.com/virus.htm And from the "wtf were they thinking" files - Google decides to release the Android SDK with outdated open source image Read More...
Posted 05 March 08 08:26 by Robert_Hensing | 1 Comments   
Page view tracker