Posted in general, links on March 9, 2007 | No Comments »
From ZDNet :
For years, we’ve been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a sophisticated rootkit on a compromised machine.
Joanna Rutkowska, a security researcher at COSEINC Malware Labs, an elite hacker who specializes in offensive rootkit research, [...]
Posted in general, hacks on February 22, 2007 | No Comments »
I just found out the following news :
Malicious JavaScript placed on web sites could be used to change DNS settings on home routers that are still using default passwords. Once the change has been made, the next time the router is rebooted, the user would be redirected to spoofed, possibly malicious web sites. [...]
Posted in general on February 1, 2007 | No Comments »
I just read Jeremiah posting regarding how to get NAT’ed IP address using JavaScript in Firefox version 1.5-2.0.
It happens because in Firefox, JavaScript can access Java classes directly (java.net.Socket). You can try it here (copied from Jeremiah’s posting) :
When I think about it and how this can be used by the bad guys, I feel [...]
Posted in general on January 5, 2007 | No Comments »
At the beginning of new year, I am surprised by the disclosed of multiple vulnerabilities in Adobe Acrobat Reader Plugin.
These vulnerabilities can cause the followings :
Universal CSRF / session riding (tested on Mozilla Firefox, Internet Explorer, Opera + Acrobat Reader plugin)
UXSS in #FDF, #XML e #XFDF (tested on Mozilla Firefox + Acrobat Reader plugin) [...]
Posted in general on November 30, 2006 | No Comments »
I read an interesting project developed by experts at University of Toronto. This project is called Psiphon.
With this project, an Internet user who live in a censored country can use server in uncensored country to access the Internet. And all the web traffic between users is encrypted and secure. A very good project for privacy.
So [...]
Posted in general on November 30, 2006 | No Comments »
I found out a website that can help us in generating secure password. It’s called SafePasswd.
Here is a screenshot when I generated a secure password (not anymore :D) :
Posted in Crypto, general on September 20, 2006 | No Comments »
I just read several articles regarding another attack on SSL by Bleichenbacher in Adam’s blog.
Here are the interesting articles :
Many RSA Signatures May Be Forgeable In OpenSSL and Elsewhere
Mozilla Falls to RSA Forgery Attack
RSA Signature Forgery Explained (with Nate Lawson) - Part I, Part II, and Part III.
Halvar Flake and Nate Lawson [...]
Posted in general on April 19, 2006 | No Comments »
I just read a blog entry title “Why Windows is less secure than Linux“. In that blog there are some interesting pictures describing system calls in Apache and IIS.
The first picture is of the system calls that occur on a Linux server running Apache. The second image is of a Windows Server running IIS.
Just wondering [...]
Posted in general on February 9, 2006 | No Comments »
Here are several articles regarding forensic tools in court :
http://www.unixreview.com/documents/s=9943/ur0512i/ur0512i.html
http://www.cybersecurityinstitute.biz/tpicq.htm
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=4&postdays=0&postorder=asc&start=0
http://informationsecurity.techtarget.com/magPrintFriendly/0,293813,sid42_gci1147990,00.html
While reading those articles, I come across an article titled MD5 collisions and the impact on digital forensics by Eric Thompson of AccessData.
