Robert Hensing's Blog
Home of the "Fail Open Goat" Award
June 2008 - Posts
Dino secretly wants Apple to release 64bit Vista
Interesting article from Dino: http://blogs.zdnet.com/security/?p=1325 Vista x64 has like . . . 4.5 out of 5 of things he wants. Love the comment in there about making the heap non-executable. :)
Read More...
Today's FOGA goes to Google for (implicitly) admitting they have a problem (via stopbadware.org)
Man - not sure why this didn't grab the media's attention until today: http://www.pcworld.com/businesscenter/article/147503/group_says_google_a_top_source_of_badware.html March was apparently a bad month for the Google properties: http://blogs.stopbadware.org/articles/2008/04/05/infections-stats-for-march-2008
Read More...
SQL injection is teh suck . . .
So do something about it: http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx We give you 3 different ways to combat SQL injection on our platform above including an update to one of my all time favorite
Read More...
Security 'silly season' has officially begun . . .
In Formula 1, silly season usually begins near the middle to end of the F1 calendar (although it seems to start earlier each year) as many drivers and teams start the intricate backroom negotiations of who will drive what next season or even sometimes
Read More...
MMPC team blog / FF 3.0 download record?
The Microsoft Malware Protection Center team (i.e. the AV folks) have a new blog URL: http://blogs.technet.com/mmpc/ Hopefully these folks will be blogging more about new and exciting malware like they've done just recently. This month - they talk about
Read More...
Microsoft Blogs and Web Resources about Security
This guy has spent an insane amount of time collecting and organizing useful security links . . . but he doesn't just throw them in a blog in random order - he's got a graphical legend and mad organizational skillz. Although I must question some of his
Read More...
More FireFox 3.0 entertainment (Fail Open Goat Award)
It's nice to see that the security researchers are taking notice of FireFox's increased share of the market and responding appropriately: http://blogs.zdnet.com/security/?p=1288 This is interesting on many levels . . . here we have a free, open source
Read More...
USA Today writes an article about FF 3.0 - hilarity ensues . . .
http://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm Boy why bother with facts when it's so easy to make stuff up and to throw out randomly generated numbers like these: " Organized cybercrime gangs are more highly
Read More...
Our comically un-creative product naming continues . . .
"Windows Embedded NavReady 2009"!?! Really people? I think we totally missed an opportunity to add a few more words to describe this fascinating new OS variant thereby ensuring that it will in no way easily fit on any product stickers and will have to
Read More...
Windows SteadyState - Or "How to surf the web without fear using Windows XP"
So I was chatting with a Microsoft friend of mine today. He's a Firephox fanboi. He's always trying to convert me. He was talking to me about FF 3.0's pending release and talking about how amazingly fast it is on his XP SP3 rig. So I started admonishing
Read More...
Freeware un-delete software pwns fancy schmancy 1024 bit encrypting malware?
Seems the miscreants behind the GPCode.ak (<-- picture of message user sees, poor English wording and all) malware finally picked up a copy of 'Applied Cryptography' or the ' Handbook of Applied Cryptography ' and coded up a version of their malware
Read More...
Security Bonuses for Vista programmers
Larry Seltzer is IMHO one of the few technology journalists who has actually written code - and thus he is more likely to actually understand that which he chooses to write about than the average technology journalist that is trying to cover the exciting
Read More...
Mama always had a way of explainin' things so I could understand . . .
I give you "Pointer fun with Binky" http://www.youtube.com/watch?v=6pmWojisM_E
Read More...
Client side cross domain security whitepaper
Boy there's a mouth full . . . I think my head will hurt after reading this - but I will read it nonetheless: http://code.msdn.microsoft.com/xdsecuritywp/Release/ProjectReleases.aspx?ReleaseId=1157
Read More...
ISV best practices, Corrupted Heap Termination, the pursuit of (security) happiness . . .
MikeHow just wrote a brief write-up of some of the things our new heap manager on Vista is capable of detecting at runtime over at the SDL blog: http://blogs.msdn.com/sdl/archive/2008/06/06/corrupted-heap-termination-redux.aspx As with the Low Fragmentation
Read More...
The Great Flood (of building 27)
So last night a pipe carrying water in building 27 in the ceiling over the first floor burst causing water to pour out of the ceiling and onto the floor. This is interesting to me because building 27 is the building where most of the MSRC and SWI folks
Read More...
Today's Fail Open Goat Award goes to - Microsoft
Sometimes . . . we fail (shocking - I know, but bare with me please). :) So a seceurity researcher who goes by the name Liu Die Yu seems to have unraveled the mystery of the recent Apple Safari carpet bomb fail that we released an advisory on and how
Read More...
iPhone 3G
Ugh . . . stupid Apple . . . releasing a freaking $199 iPhone that has both 3G and GPS which finally brings it to feature parity with my Moto Q9 . . . but the real coupe de grace is the fact that it will also natively support Exchange Direct Push thereby
Read More...
IE vs. Firephox? Don't count out Opera . . .
Now with Haute Secure technology: http://www.vnunet.com/vnunet/news/2218502/opera-sings-praises-security http://hautesecure.com/index.aspx
Read More...
A new way to get your favorite tools
On XP or Vista from any network with HTTP outbound access go to start->run and paste this in: \\live.sysinternals.com\tools After a few seconds of negotiation the WebDAV redirector should kick in and let you browse the site and download the latest
Read More...
Windows Desktop Search: Now with less suck!
Anyone with any amount of technical clue who has used Vista has invariably figured out that the 'Windows Search" (wsearch) service is responsible for a lot of the CPU and disk suckage that seems to start at random times from out of nowhere and last for
Read More...
Adobe PDF exploit generator and targeted attack info
This has to be one of the funniest / saddest things I've read all year . . . http://www.f-secure.com/weblog/archives/00001450.html Oh and make sure you read the previous post as well - very insightful: http://www.f-secure.com/weblog/archives/00001449.htm
Read More...
Adobe, Attack Surface, The way the world ends (etc.)
Okay - so last month I discovered that Adobe PDFs can contain Java freaking script in them AND that Acrobat has that feature turned ON by default (Edit menu -> Preferrences -> Enable Acrobat Java freaking Script). How could I NOT have known about
Read More...
Static analysis paper
My friend Chris wrote an interesting paper on inferring things from static analysis based on the calling of known functions to re-construct program flow and even find bugs: http://chris.rohlf.googlepages.com/Static_DS_REC.pdf Yeah he's an Ubuntu / Linux
Read More...
Search
This Blog
Home
Email
Tags
No tags have been created or used yet.
Archives
December 2008 (1)
November 2008 (2)
October 2008 (11)
September 2008 (13)
August 2008 (6)
July 2008 (11)
June 2008 (24)
May 2008 (11)
April 2008 (15)
March 2008 (15)
February 2008 (11)
January 2008 (7)
December 2007 (9)
November 2007 (15)
October 2007 (23)
September 2007 (18)
August 2007 (8)
July 2007 (13)
June 2007 (10)
May 2007 (12)
April 2007 (8)
March 2007 (5)
February 2007 (4)
January 2007 (7)
December 2006 (5)
November 2006 (6)
September 2005 (1)
July 2005 (1)
March 2005 (4)
February 2005 (6)
January 2005 (8)
November 2004 (1)
October 2004 (2)
August 2004 (2)
July 2004 (1)
Syndication
RSS 2.0
Atom 1.0
