-
A few years ago I delivered a very popular presentation I called "Anatomy of a Hack." Well, actually, I called it "How to Get Your Network Hacked in 10 Easy Steps" but the marketing department at my previous employer thought that title was a bit, edgy, so they renamed it. The Chinese...
-
"Buy the original Olympic Torch from Beijing" That was one of the fake headlines in the latest "CNN.com Daily Top 10" malware spam I've been getting lately. This particular spam is a fake newsfeed which redirects you to one of many sites. All the sites have the same thing in common...
-
What's wrong with this picture? If you answered "why would the IRS use a web server in Korea to ask for information about my tax refund" you are a winner! This is a phishing site preying on people who do not know that all you need to do to get your tax rebate is to file a tax return this...
-
The big security news this week is the six vulnerabilities found in various image uploader ActiveX controls. In case you haven't seen the news , there are exploits available publicly for remote vulnerabilities in five different ActiveX controls. US-CERT is offering the, relatively unhelpful, advice...
-
The January issue of TechNet Magazine has an article I wrote about how to hack a system using autoplaying USB flash drives. While it is not possible to stop all attacks from USB tokens, Vista does include some interesting protective measures. However, the autoplay decision flow in Vista is quite convoluted...
-
Well, sure it is. According to the Firefox web site, which must of course be untainted by marketing claims since it is Mozilla, " Firefox continues to lead the way in online security". OK, marketing hyperbole aside, I'm a data guy. I care about what the data says. Fortunately, Jeff Jones...
-
Sweden has always been a little "cutting edge," if you know what I mean. Little did I know, however, just how cutting edge. This picture was snapped in a toy store in Stockholm last week: I probably stood there stunned for a good two minutes. Brio is known for high-quality wooden toys, particularly...
-
Sometimes you just have to wonder how far people will go to lend undeserved credibility to opinions. The Protocol Handler Saga is rapidly becoming a religious war. The latest entry is related to a very cool exploit that Billy Rios and Nate McFeters published on Tuesday. Unfortunately, he failed to give...
-
When I was a child, I learned a saying that I still find important to keep in mind: Those who are sitting in a glass house shall not throw stones The good folks at Mozilla may want to look up what that really means. Two days ago, Mozilla published Firefox version 2.0.0.5 to fix a security vulnerability...
-
Mozilla has published a new Firefox. Version 2.0.0.5 fixes the FirefoxURL protocol handler issue by changing the calling convention for the protocol handler. Instead of the old calling convention: C:\\PROGRA~1\\MOZILL~2\\FIREFOX.EXE -url “%1″ -requestPending %1 is the string that urlmon.dll fills in...
-
Thor Larholm, unhelpfully, published details on what he claims is a 0-day exploit for Internet Explorer (IE) yesterday. This exploit is actually for Firefox, but Thor exploited it by making IE launch Firefox. Firefox creates three protocol handlers. A protocol handler is essentially a mapping from an...
-
It has really been a month since my last post. I will try not to let it go that far between them again. I've been busy with diving, and writing. On that note, my second Access Control List (ACL) article came out in TechNet Magazine this week. It is the second article excerpted from the Windows Vista...
-
While poking around for a blog post on Susan's blog, I found this one , asking how to wipe a drive. Teacher, Teacher, I know the answer, I know: cipher /w:<drive letter> This command, built into Windows XP and higher, does a three-write pass over a drive to wipe all free space. You will, of...
-
A few weeks ago I bought a copy of Nobeltec's Tides and Currents software. Nobeltec is a subsidiary of Jeppesen, well known for their aviation, and apparently now also marine, navigation charts. I was told this software was by far the best way to analyze currents for diving purposes. When I received...
-
The other day I got a phishing mail purporting to be from E-Bay. That part in and of itself was not unusual. What was interesting was that the link used a different technique to disguise itself than what I have seen before. Instead of using a URL made up of an IP address or some nonsense, it bounced...