Robert Hensing's Blog : May 2008

May 2008 - Posts

MediaDefender DDoS's Revision3: So Revision3 seems to be using BitTorrent to distribute legitimate / legal content that they either own or properly license. They found some folks using their Torrents without permission and blocked them . . . then they came under attack from a fairly Read More...
Posted 30 May 08 07:51 by Robert_Hensing | 0 Comments
Adobe (non)0-day: Nice blog from Adobe laying some authoritative smack down: http://blogs.adobe.com/psirt/2008/05/more_information_on_recent_fla.html Yeah I know this is old news - I'm on the road . . . I was pretty sure the day that this released that this was Dowd's Read More...
Posted 30 May 08 07:31 by Robert_Hensing | 0 Comments
Dear China, I can haz power now plz? okthxbai: Interesting read: http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php Some interesting parts: A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited Read More...
Posted 29 May 08 11:59 by Robert_Hensing | 0 Comments
SensePost blog on arbitrary file downloads in a Juniper AX: Fascinating blog over @ SensePost about a Juniper AX control that allowed arbitrary file downloads to a predictable location ala Apple/Safari: http://www.sensepost.com/blog/2237.html Haroon makes some excellent points about the inability of standard fuzzers Read More...
Posted 23 May 08 08:14 by Robert_Hensing | 0 Comments
Safari "carpet bombing" Fail Open Goat Award: So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious web site drop any file(s) they want on a users desktop if you're using Safari on Windows. Apple doesn't see this as a security vulnerability and thus isn't Read More...
Posted 22 May 08 11:18 by Robert_Hensing | 3 Comments
F-Response: So I admit I'm a bit out of date on the 'incident response' scene since I don't really do it for a living anymore. Well fortunately Harlan Carvey isn't and he has a blog post up with a mini-review of some bad-ass new software that could be *really* interesting Read More...
Posted 21 May 08 01:27 by Robert_Hensing | 0 Comments
Live.com video search!: Whoa - check this out: http://search.live.com/video/results.aspx?q=ferrari&form=QBVR Use Live.com to search videos . . . hover the mouse over a video and see what happens. Wow. I'm so easily amused. :) Read More...
Posted 21 May 08 01:19 by Robert_Hensing | 0 Comments
All your SSH keys are belong to HD Moore: Today's Fail Open Goat Award goes to the Debian / Ubuntu distros (a friend assures me that Ubuntu is derived from Debian and as such is also vulnerable?). HD Moore has decided to completely rape the Debian predictable RNG bug by generating all of the Read More...
Posted 14 May 08 05:24 by Robert_Hensing | 3 Comments
Microsoft Research - World Wide Telescope: This is the official unveiling of the app that made Scoble cry . . . now available to anyone on the Internets. http://www.worldwidetelescope.org/ So what is it? MSR has essentially used something like Photosynth (I'm guessing) to stitch together images Read More...
Posted 13 May 08 10:15 by Robert_Hensing | 0 Comments
Gmail - Fail Open Goat Award: Gmail is this month's winner of the Fail Open Goat Award: http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html Read More...
Posted 12 May 08 05:01 by Robert_Hensing | 0 Comments
Security news feed: Here's a great RSS feed to subscribe to if you're into getting interesting securtiy news: http://www.team-cymru.org/News/ Read More...
Posted 06 May 08 03:12 by Robert_Hensing | 0 Comments

Robert Hensing's Blog

May 2008 - Posts

Search

This Blog

Tags

Archives

Syndication