Freigeben über


Robert Hensing's Blog

Software Security . . . and stuff.

More FireFox 3.0 entertainment (Fail Open Goat Award)

It's nice to see that the security researchers are taking notice of FireFox's increased share of the...

Author: rhensing Date: 06/18/2008

USA Today writes an article about FF 3.0 - hilarity ensues . . .

https://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm Boy why...

Author: rhensing Date: 06/18/2008

Our comically un-creative product naming continues . . .

"Windows Embedded NavReady 2009"!?! Really people? I think we totally missed an opportunity to add a...

Author: rhensing Date: 06/17/2008

Freeware un-delete software pwns fancy schmancy 1024 bit encrypting malware?

Seems the miscreants behind the GPCode.ak (<-- picture of message user sees, poor English wording...

Author: rhensing Date: 06/16/2008

Security Bonuses for Vista programmers

Larry Seltzer is IMHO one of the few technology journalists who has actually written code - and thus...

Author: rhensing Date: 06/16/2008

Mama always had a way of explainin' things so I could understand . . .

I give you "Pointer fun with Binky" https://www.youtube.com/watch?v=6pmWojisM_E

Author: rhensing Date: 06/16/2008

Client side cross domain security whitepaper

Boy there's a mouth full . . . I think my head will hurt after reading this - but I will read it...

Author: rhensing Date: 06/11/2008

ISV best practices, Corrupted Heap Termination, the pursuit of (security) happiness . . .

MikeHow just wrote a brief write-up of some of the things our new heap manager on Vista is capable...

Author: rhensing Date: 06/11/2008

IE vs. Firephox? Don't count out Opera . . .

Now with Haute Secure technology:...

Author: rhensing Date: 06/06/2008

A new way to get your favorite tools

On XP or Vista from any network with HTTP outbound access go to start->run and paste this in:...

Author: rhensing Date: 06/05/2008

Windows Desktop Search: Now with less suck!

Anyone with any amount of technical clue who has used Vista has invariably figured out that the...

Author: rhensing Date: 06/05/2008

Adobe PDF exploit generator and targeted attack info

This has to be one of the funniest / saddest things I've read all year . . ....

Author: rhensing Date: 06/03/2008

Static analysis paper

My friend Chris wrote an interesting paper on inferring things from static analysis based on the...

Author: rhensing Date: 06/02/2008

Adobe (non)0-day

Nice blog from Adobe laying some authoritative smack down:...

Author: rhensing Date: 05/30/2008

Dear China, I can haz power now plz? okthxbai

Interesting read: https://www.nationaljournal.com/njmagazine/cs_20080531_6948.php Some interesting...

Author: rhensing Date: 05/29/2008

SensePost blog on arbitrary file downloads in a Juniper AX

Fascinating blog over @ SensePost about a Juniper AX control that allowed arbitrary file downloads...

Author: rhensing Date: 05/23/2008

Safari "carpet bombing" Fail Open Goat Award

So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious...

Author: rhensing Date: 05/22/2008

Whoa - check this out: https://search.live.com/video/results.aspx?q=ferrari&form=QBVR Use...

Author: rhensing Date: 05/21/2008

Gmail - Fail Open Goat Award

Gmail is this month's winner of the Fail Open Goat Award:...

Author: rhensing Date: 05/12/2008

Security news feed

Here's a great RSS feed to subscribe to if you're into getting interesting securtiy news:...

Author: rhensing Date: 05/06/2008

Mah Bluehat blogz - let me show you them!

My somewhat random thoughts on the battle for your PC and how it may play out in the coming year . ....

Author: rhensing Date: 04/30/2008

PayPal throws down . . .

This is VERY interesting and I wonder what sort of time frame they plan on doing this in - because...

Author: rhensing Date: 04/18/2008

Flash NULL pointer + offset code execution . . .

I tend to agree - Mark Dowd is clearly not human:...

Author: rhensing Date: 04/15/2008

Hyper-V

So Brandon Baker is a senior guy on the Hyper-V team. I just came across this blog post of his:...

Author: rhensing Date: 04/14/2008

Espionage using Office documents in the news

First a Wired article: https://www.wired.com/politics/security/news/2008/04/chinese_hackers Next a...

Author: rhensing Date: 04/11/2008

IE8 - DEP enabled by default?

W00t!!! So I guess this is public now:...

Author: rhensing Date: 04/10/2008

I feel dirty . . .

So I've been running WS2008 for a while now. I've got a nice beefy machine that I do all my repro...

Author: rhensing Date: 04/09/2008

Get Kraken!

So much ado is being made about Kraken in the press with people speculating this bot is bigger than...

Author: rhensing Date: 04/07/2008

Apple opting into /GS, DEP and ASLR?

Somebody pinch me . . . I must be dreaming:...

Author: rhensing Date: 04/07/2008

Yet another product with 360 in the name . . .

Ferrari F360 :)Xbox 360Anderson Cooper 360Symantec Norton 360Nordick Track 360Fortify 360?...

Author: rhensing Date: 04/02/2008

On Vista, OSX and security researchers

So I made an interesting observation at Cansec last week. By day 3 I realized that I was the sole...

Author: rhensing Date: 04/01/2008

CanSecWest Day 3 - PWN2OWN update - Vista pwnd

EDIT: So during my presentation today (the 2nd to last one of the day) I guess Shane ended up pwning...

Author: rhensing Date: 03/28/2008

And the Mac falls within 10 minutes on day 2.

So Dragos just announced before lunch that within 10 minutes of opening Day 2 of the pwn2own contest...

Author: rhensing Date: 03/27/2008

CanSecWest - Day 2 Part 1

This morning we started off with a talk on Mobitex from a Toolcrypt guy (OlleB). Olle was a very...

Author: rhensing Date: 03/27/2008

Well done Apple - Safari 0wns!

Not only did it take less than a week (as it did with the beta release) to find critical vulns in...

Author: rhensing Date: 03/27/2008

<Previous Next>