It had been months since I had an weired issue with the embedded audio controller of my Gigabyte motherboard. Plugin the headphones on the front panel of my box didn’t mute the output to the speakers, which nullified the purpose of having headphones. I long thought that it was some hardware issue that I would [...]
The virtualization buzz I have recently worked on network virtualization. Many people, especially the network guys, have been recently excited with the VMware Vswitch or Cisco Nexus stuff. It is something that I understand because virtualization is cool. It brings many convenient features that truly make the life easier. But what about the security? Convenience [...]
We all know that passwords sucks, that they are the nightmare of all administrators and security guys. So many hacks have been eased because the victims reused the same password everywhere : email account, forum, bank, critical systems… Sadly, so far, there is even not the beginning of a replacement solution. Passwords will be there [...]
There are many urban legends in the industry. I did believe in one of them : “wiping a disk to properly prevent data restore requires random writes and several passes”. At least until I found this very instructive article, “Disk Wiping – One pass is enough“. Don’t miss the second part which clarifies some points [...]
The “cloud” is a buzz word that has been around for months. The marketing guys are pushing it so hard that every IT guy will hear of that at work soon or later. Taking a decision whether to use it or not requires some deep knowledge, because if its pros are clear – you can [...]
In an effort to detect malicious Javascript code, Microsoft is developing a tool named Zozzle, aimed to be embedded into the Javascript engine of a browser. The authors claim that it is both fast and efficient with a very low rate of false positive. Here is the report for more details.
Analyzing the MBR is sometimes required during a forensic process, if you suspect a malicious activity that is not detected on-line. With static analysis, you may see if an obvious corruption happened, but you will need to debug to learn more. Prerequisite : IDA Pro (6.0) with the IDA Python plug-in (1.4.3) Steps : Prepare [...]
