August 2008 - Posts

RedHat Package Signing Server - Pwnd

EDIT : Holy crap: http://rhn.redhat.com/errata/RHSA-2008-0855.html "In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Read More...

Posted 22 August 08 12:05 by Robert_Hensing | 1 Comments   

The truth about the Dowd / Sotirov Vista memory protection bypass stuff

Good short interview with Sotirov who clarifies what actually happened at Blackhat for some folks: http://blogs.zdnet.com/Bott/?p=513 He mentions some interesting stuff - like how they worked with us, we gave them feedback, worked with the other vendors Read More...

Posted 12 August 08 08:11 by Robert_Hensing | 0 Comments   

Happy Patch Tuesday - Random thoughts

The SnapShot Viewer 0-day that has seen limited exploitation in the wild is now patched - here's an interesting write-up with some things you may not have known about it. Here's the deal - IE Protected Mode, while not a true defendable security boundary Read More...

Posted 12 August 08 07:52 by Robert_Hensing | 1 Comments   

VMWare Fail Closed Goat Award

Here's one for the schadenfreude files - VMWare users running ESX 3.5.x Update 2 will be unable to power on their machines today / tomorrow / everafter until a fix is released by VMWare to correct a licensing bug that causes legit copies of the software Read More...

Posted 12 August 08 01:23 by Robert_Hensing | 0 Comments   

OpenID Fail Open Goat Award

Really interesting that CRL checks aren't baked into a lot of open source OpenID providers: http://www.links.org/files/openid-advisory.txt Sun has already updated their web site with this disclaimer: Security Issues OpenID is an untrusted protocol. Sun Read More...

Posted 08 August 08 03:25 by Robert_Hensing | 0 Comments   

We're going for an Olympic Silver(light)

Sort of an interesting story on how it came to be that Microsoft Silverlight was chosen to broadcast the Olympics via the series of interconnecting tubes: http://news.cnet.com/8301-13860_3-10003752-56.html?tag=nefd.lede I'm guessing Silverlight supports Read More...

Posted 01 August 08 09:26 by Robert_Hensing | 0 Comments   

Search

This Blog

• Home
• Email

Tags

Archives

• December 2008 (1)
• November 2008 (2)
• October 2008 (11)
• September 2008 (13)
• August 2008 (6)
• July 2008 (11)
• June 2008 (24)
• May 2008 (11)
• April 2008 (15)
• March 2008 (15)
• February 2008 (11)
• January 2008 (7)
• December 2007 (9)
• November 2007 (15)
• October 2007 (23)
• September 2007 (18)
• August 2007 (8)
• July 2007 (13)
• June 2007 (10)
• May 2007 (12)
• April 2007 (8)
• March 2007 (5)
• February 2007 (4)
• January 2007 (7)
• December 2006 (5)
• November 2006 (6)
• September 2005 (1)
• July 2005 (1)
• March 2005 (4)
• February 2005 (6)
• January 2005 (8)
• November 2004 (1)
• October 2004 (2)
• August 2004 (2)
• July 2004 (1)

Syndication

• RSS 2.0
• Atom 1.0