May 2008 - Posts

MediaDefender DDoS's Revision3
So Revision3 seems to be using BitTorrent to distribute legitimate / legal content that they either own or properly license. They found some folks using their Torrents without permission and blocked them . . . then they came under attack from a fairly Read More...
Posted 30 May 08 07:51 by Robert_Hensing | 0 Comments   
Adobe (non)0-day
Nice blog from Adobe laying some authoritative smack down: http://blogs.adobe.com/psirt/2008/05/more_information_on_recent_fla.html Yeah I know this is old news - I'm on the road . . . I was pretty sure the day that this released that this was Dowd's Read More...
Posted 30 May 08 07:31 by Robert_Hensing | 0 Comments   
Dear China, I can haz power now plz? okthxbai
Interesting read: http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php Some interesting parts: A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited Read More...
Posted 29 May 08 11:59 by Robert_Hensing | 0 Comments   
SensePost blog on arbitrary file downloads in a Juniper AX
Fascinating blog over @ SensePost about a Juniper AX control that allowed arbitrary file downloads to a predictable location ala Apple/Safari: http://www.sensepost.com/blog/2237.html Haroon makes some excellent points about the inability of standard fuzzers Read More...
Posted 23 May 08 08:14 by Robert_Hensing | 0 Comments   
Safari "carpet bombing" Fail Open Goat Award
So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows. Apple doesn't see this as a security vulnerability and thus isn't Read More...
Posted 22 May 08 11:18 by Robert_Hensing | 3 Comments   
F-Response
So I admit I'm a bit out of date on the 'incident response' scene since I don't really do it for a living anymore. Well fortunately Harlan Carvey isn't and he has a blog post up with a mini-review of some bad-ass new software that could be *really* interesting Read More...
Posted 21 May 08 01:27 by Robert_Hensing | 0 Comments   
Live.com video search!
Whoa - check this out: http://search.live.com/video/results.aspx?q=ferrari&form=QBVR Use Live.com to search videos . . . hover the mouse over a video and see what happens. Wow. I'm so easily amused. :) Read More...
Posted 21 May 08 01:19 by Robert_Hensing | 0 Comments   
All your SSH keys are belong to HD Moore
Today's Fail Open Goat Award goes to the Debian / Ubuntu distros (a friend assures me that Ubuntu is derived from Debian and as such is also vulnerable?). HD Moore has decided to completely rape the Debian predictable RNG bug by generating all of the Read More...
Posted 14 May 08 05:24 by Robert_Hensing | 3 Comments   
Microsoft Research - World Wide Telescope
This is the official unveiling of the app that made Scoble cry . . . now available to anyone on the Internets. http://www.worldwidetelescope.org/ So what is it? MSR has essentially used something like Photosynth (I'm guessing) to stitch together images Read More...
Posted 13 May 08 10:15 by Robert_Hensing | 0 Comments   
Gmail - Fail Open Goat Award
Gmail is this month's winner of the Fail Open Goat Award: http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html Read More...
Posted 12 May 08 05:01 by Robert_Hensing | 0 Comments   
Security news feed
Here's a great RSS feed to subscribe to if you're into getting interesting securtiy news: http://www.team-cymru.org/News/ Read More...
Posted 06 May 08 03:12 by Robert_Hensing | 0 Comments   
Page view tracker