Analyzing the MBR is sometimes required during a forensic process, if you suspect a malicious activity that is not detected on-line. With static analysis, you may see if an obvious corruption happened, but you will need to debug to learn more. Prerequisite : IDA Pro (6.0) with the IDA Python plug-in (1.4.3) Steps : Prepare [...]
Found on Full Disclosure, a weired but troubling connection of two security affairs : the OpenBSD backdoor rumor and the stuxnet worm.
Tomas Touceda advertised a new project on Full Disclosure. The idea sounds good, so I will keep an eye on this very interesting project. Though I would like to know more about the methods that were used for encryption and stenography. Code and explanations are on the ESFS project homepage. Beyond the pratical usage, I [...]
Ravan is a new password cracking tool based on Javascript. Wait, what ? Javascript ? Yes, as the author explains, modern Javascript engines are not so slow anymore, and in addition HTML 5 brings a new “feature” with webworkers which allow the browser to run Javascript in the background (e.g without waiting on the page [...]
Interesting article on the latest Apache and ModSecurity techniques to prevent DoS HTTP attacks. The attacks are well explained. I personally knew about Slowloris but didn’t about RUDY and post attacks.
How the hell is it possible that after so many months, the fix for OpenSSL renegociation has not been yet included in either Chrome (6.0.4) or Opera (10.61)? I haven’t tested other browsers though, except Firefox which at least has fixed the issue since several months.
Microsoft published a nice tool named EMET (Enhanced Mitigation Experience Toolkit) whose purpose is to check and enforce the memory security policies such as ALSR and DEP. It shows and allows to configure the global settings, but also, and this is the most interesting part, indicated for each process running if it supports those security [...]
After I tried to set this blog as my own OpenID provider using the OpenID WordPress plugin, I got a weired error message: “This is an OpenID Server, Nothing to See Here… Move Along” I could not find what as wrong, as all prerequisites were fulfilled, until I find this nice post. The patch there [...]
