Back to Top

Thursday, March 12, 2009

Mixed links

2426472210_86648a704c_bThis will be a long one since I didn’t do it for a while:

Norton support goes rogue? – One remark: it is not that uncommon for support to recommend third-party tools (one very popular example would be HijackThis). Why reinvent the wheel? Of course, it is wrong to misrepresent the product.

Ways the PDF exploit can bite you, even if you don't open the PDF file – this reminds me of an incident somebody had when analyzing the GDI / WMF exploit if I recall correctly: they opened it in WinHex thinking “it’s just a hex editor, thus I’m safe”, however WinHex has the helpful feature of showing a thumbnail of the file, and kaboom!

Rogue Wireless Gets Sneakier – a very cool article on configuring rogue access points such that someone casually looking for it won’t find anything.

Doug Crockford: JavaScript: The Good Parts – a presentation definitely worth watching. Some interesting facts I’ve learned: how two errors can cancel each other out (but it is better to have no errors at all) and why there is no discussion about the “better style” for putting braces in Javascript (you must always put the opening brace on the same line with the previous statement – just watch the video if you don’t believe me).

XKCD delivers again:

BTW, I was planning on learning dvorak :-)

From the Microsoft File Cabinet blog: The Basics of the Windows Server 2008 Distributed File System (DFS) – I never actually used DFS, but from friends I’ve heard that there are reliability problems (like mounted shares suddenly disappearing), especially in a mixed (Windows Server 2k3 + Windows Server Code 2k8) environment.

How to break on the shellcode? – simply replace the beginning of it with 0xCC (INT 3) and attach a debugger to it. Nice and simple idea.

From the Google Operating System blog: the Google Apps Dashboard, with RSS feed.

From Donna's SecurityFlash: Microsoft and Symantec releasing videos about the latest rounds of patches. However I would have one suggestion: please consult with someone knowledgeable in your company and don’t put up a huge WMV file! Put up a Flash video or Silverlight or something.

Two not security blogs I’ve subscribed to: the TrendMicro Countermeasures Blog and the AVG blogs aggregator.

Good stuff from ppk for web developers, as usual: Testing mobile browser compatibility

From Dare Obasanjo's blog: There are no bad design decisions… – an interesting post talking about how you must evaluate the decisions made in their original context. In particular it presents the “other side” of a story which Joel Spolsky likes to bring frequently up as proof that he had a “good intuition” about where the Excel macro language should go.

binblast - A bioinformatics approach to the security analysis of Binary Executables. Interesting stuff, however (IMHO) it doesn’t answer the scalability problem: it is nice when you have a couple of thousands samples, but when you deal with ~20k samples daily, it is unfeasible to compare each pair to determine how “related” they are.

From philosecurity: HashKeeper:

HashKeeper is an application created in 1998 to assist computer forensic examinations by reducing the number of files to be analyzed during the course of an investigation. HashKeeper works by storing MD5 hash values or "digital fingerprints" of common software applications and compares those hash values against the files encountered in a seized system. Files encountered in the seized system that match those in the HashKeeper database do not need to be examined. HashKeeper eliminates the need for an examiner to review files created during software installation and leaves behind primarily, user created files. In most instances, HashKeeper decreases the number of files that need to be examined by 50%.

Unfortunately there is no download link :-(.

From zillablog: The Big Guys – an interesting blogpost showing what database server is used by a couple of big websites. There is some interesting stuff there: one case of MS SQL server, three cases of PostgreSQL (yay!) and several cases of Oracle combo with MySQL.

Two interesting articles: Living free with Linux: 2 weeks without Windows and the followup: Living free with Linux: Round 2. The main complaint was that installing software is not the same on Windows (ie you can’t just download software off websites). My conclusion? Installing (and maintaining / updating / uninstalling) software using package managers is in many ways simpler under Linux, however it doesn’t always conform to the expectations of people coming from a Windows world. We need to do a better job in educating these users. Also, on the software side we need to do a better job in offering files for download which are meaningful for the users (ie. .deb for Debian/Ubuntu, .rpm for RedHat/Fedora, etc).

A fascinating glimpse into the history and evolution of Python. I’d wish that Perl 6 had something similar. Of course there are the meeting minutes, but in some ways they are too technical and in other ways they are too sparse. Then again, Perl 6 is very much in motion, it isn’t finished as Python 3k is, so it is harder to talk about the design decisions which go into it (since they might change).

Wordpress getting their SSL settings wrong – fortunately it is already resolved. It is sad to see how stumble to implement SSL.

Google introduces comments in their Reader – however this is useless for me exactly because its private nature. I would like something more public, like Feedburner does it (it can add to the end of your feed the number of comments on your blog). Given that Feedburner is now owned by Google, hopefully they include their knowhow and improve the system. You can add your two cents to the discussion on the Google Reader Google Group.

BugWave – something like Desktop Tower Defense, only with a harder to figure out user interface :-).

An other brilliant Dilbert comic:

An alternative to IFRAME's for embedding HTML – using the OBJECT tag. Very cool. Also, potentially very dangereous. Hopefully browsers apply the same origin policy in this case. Google Reader of course filters it out.

Google Groups spam - abuse reporting broken – so true. I’ve got a lot of these lately and I couldn’t figure out where to complain. IMHO, every service which hosts user provided content should have a clearly marked way to send feedback on the particular item.

An interesting article on how ActiveX controls can be used in Office and how to disable them. This is relevant because a recent attack embedded the ActiveX control into a Word document and tried to convince users to view the Word document, thus (when successful) bypassing the IE ActiveX warning.

From the GransStreamDreams blog:

  • Phoronix test suite – it looks like it needs some more integration, but is a promising start (BTW, benchmarking can be hard if you want to produce actionable results)
  • A new utility from Sysinternals: VMMap – mapping out the virtual memory regions of processes. Some of this functionality was already present in ProcessExplorer, however it is a nice addition to that (and hopefully it will be integrated into it later on)
  • USBDeview from NirSoft – view current and past USB devices connected to a Windows box (based on the registry). Very useful

Picture taken from Vibrant Spirit's photostream with permission.

1 comment:

  1. I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.