Robert Hensing's Blog
Software Security . . . and stuff.
More FireFox 3.0 entertainment (Fail Open Goat Award)
It's nice to see that the security researchers are taking notice of FireFox's increased share of the...
Author: rhensing Date: 06/18/2008
USA Today writes an article about FF 3.0 - hilarity ensues . . .
https://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm Boy why...
Author: rhensing Date: 06/18/2008
Our comically un-creative product naming continues . . .
"Windows Embedded NavReady 2009"!?! Really people? I think we totally missed an opportunity to add a...
Author: rhensing Date: 06/17/2008
Freeware un-delete software pwns fancy schmancy 1024 bit encrypting malware?
Seems the miscreants behind the GPCode.ak (<-- picture of message user sees, poor English wording...
Author: rhensing Date: 06/16/2008
Security Bonuses for Vista programmers
Larry Seltzer is IMHO one of the few technology journalists who has actually written code - and thus...
Author: rhensing Date: 06/16/2008
Mama always had a way of explainin' things so I could understand . . .
I give you "Pointer fun with Binky" https://www.youtube.com/watch?v=6pmWojisM_E
Author: rhensing Date: 06/16/2008
Client side cross domain security whitepaper
Boy there's a mouth full . . . I think my head will hurt after reading this - but I will read it...
Author: rhensing Date: 06/11/2008
ISV best practices, Corrupted Heap Termination, the pursuit of (security) happiness . . .
MikeHow just wrote a brief write-up of some of the things our new heap manager on Vista is capable...
Author: rhensing Date: 06/11/2008
IE vs. Firephox? Don't count out Opera . . .
Now with Haute Secure technology:...
Author: rhensing Date: 06/06/2008
A new way to get your favorite tools
On XP or Vista from any network with HTTP outbound access go to start->run and paste this in:...
Author: rhensing Date: 06/05/2008
Windows Desktop Search: Now with less suck!
Anyone with any amount of technical clue who has used Vista has invariably figured out that the...
Author: rhensing Date: 06/05/2008
Adobe PDF exploit generator and targeted attack info
This has to be one of the funniest / saddest things I've read all year . . ....
Author: rhensing Date: 06/03/2008
Static analysis paper
My friend Chris wrote an interesting paper on inferring things from static analysis based on the...
Author: rhensing Date: 06/02/2008
Adobe (non)0-day
Nice blog from Adobe laying some authoritative smack down:...
Author: rhensing Date: 05/30/2008
Dear China, I can haz power now plz? okthxbai
Interesting read: https://www.nationaljournal.com/njmagazine/cs_20080531_6948.php Some interesting...
Author: rhensing Date: 05/29/2008
SensePost blog on arbitrary file downloads in a Juniper AX
Fascinating blog over @ SensePost about a Juniper AX control that allowed arbitrary file downloads...
Author: rhensing Date: 05/23/2008
Safari "carpet bombing" Fail Open Goat Award
So last week Nitesh and Billy Rios found a vuln in Safari that lets a remote attacker / malicious...
Author: rhensing Date: 05/22/2008
Live.com video search!
Whoa - check this out: https://search.live.com/video/results.aspx?q=ferrari&form=QBVR Use...
Author: rhensing Date: 05/21/2008
Gmail - Fail Open Goat Award
Gmail is this month's winner of the Fail Open Goat Award:...
Author: rhensing Date: 05/12/2008
Security news feed
Here's a great RSS feed to subscribe to if you're into getting interesting securtiy news:...
Author: rhensing Date: 05/06/2008
Mah Bluehat blogz - let me show you them!
My somewhat random thoughts on the battle for your PC and how it may play out in the coming year . ....
Author: rhensing Date: 04/30/2008
PayPal throws down . . .
This is VERY interesting and I wonder what sort of time frame they plan on doing this in - because...
Author: rhensing Date: 04/18/2008
Flash NULL pointer + offset code execution . . .
I tend to agree - Mark Dowd is clearly not human:...
Author: rhensing Date: 04/15/2008
Hyper-V
So Brandon Baker is a senior guy on the Hyper-V team. I just came across this blog post of his:...
Author: rhensing Date: 04/14/2008
Espionage using Office documents in the news
First a Wired article: https://www.wired.com/politics/security/news/2008/04/chinese_hackers Next a...
Author: rhensing Date: 04/11/2008
IE8 - DEP enabled by default?
W00t!!! So I guess this is public now:...
Author: rhensing Date: 04/10/2008
I feel dirty . . .
So I've been running WS2008 for a while now. I've got a nice beefy machine that I do all my repro...
Author: rhensing Date: 04/09/2008
Get Kraken!
So much ado is being made about Kraken in the press with people speculating this bot is bigger than...
Author: rhensing Date: 04/07/2008
Apple opting into /GS, DEP and ASLR?
Somebody pinch me . . . I must be dreaming:...
Author: rhensing Date: 04/07/2008
Yet another product with 360 in the name . . .
Ferrari F360 :)Xbox 360Anderson Cooper 360Symantec Norton 360Nordick Track 360Fortify 360?...
Author: rhensing Date: 04/02/2008
On Vista, OSX and security researchers
So I made an interesting observation at Cansec last week. By day 3 I realized that I was the sole...
Author: rhensing Date: 04/01/2008
CanSecWest Day 3 - PWN2OWN update - Vista pwnd
EDIT: So during my presentation today (the 2nd to last one of the day) I guess Shane ended up pwning...
Author: rhensing Date: 03/28/2008
And the Mac falls within 10 minutes on day 2.
So Dragos just announced before lunch that within 10 minutes of opening Day 2 of the pwn2own contest...
Author: rhensing Date: 03/27/2008
CanSecWest - Day 2 Part 1
This morning we started off with a talk on Mobitex from a Toolcrypt guy (OlleB). Olle was a very...
Author: rhensing Date: 03/27/2008
Well done Apple - Safari 0wns!
Not only did it take less than a week (as it did with the beta release) to find critical vulns in...
Author: rhensing Date: 03/27/2008