Musings on Information Security: December 2009

skip to main | skip to sidebar

_ Where facts are few, experts are many

Home
Advisories
Daily News Paper
About Me
Contact
Subscribe RSS

No posts. Show all posts

Home

About Me

Thierry Zoller: Welcome to my personal Blog - In here I blog about Information Security and in general anything I regard as newsworthy. On the professional side I am currently working as an EMEA Practice Lead at Verizon Business for Threat and Vulnerability Management

Quick-links
▪ My vulnerability disclosure policy
▪ About me / Profile
▪ Tools / Talks / Whitepapers
▪ Contact Me

The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.

View my complete profile

Follow @thierryzoller

Follow by Email

Subscribe To

Posts

Atom

Posts

All Comments

Atom

All Comments

Cluster Map

Blogs I read

Securosis Highlights

Pragmatic Key Management: Introduction - Few terms strike as much dread in the hearts of security professionals as *key management*. Those two simple words evoke painful memories of massive PKI ...
7 hours ago
Schneier on Security

The Psychology of Immoral (and Illegal) Behavior - When I talk about *Liars and Outliers* to security audiences, one of the things I stress is our traditional security focus -- on technical countermeasure...
10 hours ago
Metasploit

Using BackTrack 5 R2 with Metasploit Community or Metasploit Pro - As of version 5 R2, BackTrack comes pre-installed with Metasploit 4.1.4, so it's now easier to use Metasploit Community Edition or Metasploit Pro on Back...
14 hours ago
A Few Thoughts on Cryptographic Engineering

TACK - (source/cc) Those who read this blog know that I have a particular fascination with our CA system and how screwed up it is. The good news is that I'm not ...
23 hours ago
VRT

Flame Malware, Targeted Attacks, and You - It seems no good holiday goes by without some quality new malware being dropped, and this year's Memorial Day was no exception. Announced in posts by Kaspe...
1 day ago
Androguard

news .... - Hi ! after feedbacks from Dexlab about errors on the parsing of android bytecodes, I decided to rewrite the module as Baksmali. Now, each instruction is an ...
1 day ago
Leblanc

Blog Post: .NET and the XAdES standard -
6 days ago
Secure Belief

SQLMap - Operating System Takeover - Windows - Today I'm trying to use "OS takeover" feature of sqlmap. sqlmap can be used to get command shell using sql injection. sqlmap provides following options fo...
6 days ago
Krebs on Security

WHMCS Breach May Be Only Tip of the Trouble - A recent breach at billing and support software provider WHMCS that exposed a half million customer usernames, passwords -- and in some cases credit cards ...
6 days ago
TaoSecurity

Whistleblowers: The Approaching Storm for Digital Security - Last week in my post SEC Guidance Is a Really Big Deal I mentioned the potential significance of whistleblowers with respect to digital security. I came to...
1 week ago
Troy Hunt

Everything you ever wanted to know about building a secure password reset feature - Recently I’ve had a couple of opportunities to think again about how a secure password reset function should operate, firstly whilst building this functi...
1 week ago
Lenny Zeltser on Information Security

5 Favorite Security Reads of the Week - Here’s a listing of my 5 favorite on-line security articles, papers and blog posts that I read in the past week: - Why the Public Cloud Shuns Security...
1 week ago
Ma petite parcelle d'Internet...

PaulDotCom Security Weekly 288 - D emain 17 mai, on m'a très chaleureusement invité à participer au numéro 288 de l'excellent PaulDotCom Security Weekly. Programmé en live à 18:00, heure d...
2 weeks ago
Uncommon Sense Security

A meandering rant on sexism. - This has been a bad year for technology. Not necessarily for the business of technology (although it is very hard to discuss the current state of the te...
2 weeks ago
The New School of Information Security

Why Sharing Raw Data is Important - Bob Rudis has a nice post up “Off By One : The Importance Of Fact Checking Breach Reports,” in which he points out some apparent errors in the Massachusett...
2 weeks ago
Cognitive Dissidents

“Building a Better Anonymous” Series: Part 6 - Building a Better Anonymous – Details By Josh Corman & Brian Martin 2012 If you are new to this series, please begin with Part 0 and the index. NOTE: We wi...
2 weeks ago
IBM Internet Security Systems Frequency X Blog

The Advanced Persistent Threat in 2012 -
3 weeks ago
Digital Forensics is a Science

Computer Forensic Failures - File system issues - I'm very happy to report that I received short story that clearly resulted in the author learning from their actions. The author of this story wished to re...
5 weeks ago
/dev/ttyS0

Telegraph Relay Controller - A bit of old-school hacking today. I picked up an old J.H. Bunnell telegraph relay, which from what I’ve been able to deduce is a mainline type 2-3 relay m...
1 month ago
Security

vsftpd-3.0.0 and seccomp filter sandboxing is here! - vsftpd-3.0.0 is released. Aside from the usual few fixes, I'm excited about built-in support for Will Drewry's seccomp filter, which landed in Ubuntu. To g...
1 month ago
Chatter on the Wire: How excessive network traffic gives away too much!

CapLoader 1.0 - I've been playing with a beta of this product for the past month or so. Straight from Erik's writeup: Here are the main features of CapLoader: • Fast loadi...
1 month ago
Fun Over IP

Antivirus Sandbox Evasion (part1) - Hmmm, it seems that I wrote something very nice .. $ ./msfvenom -p windows/meterpreter/reverse_https -f raw LHOST=172.16.1.1 LPORT=443 \ | ./ultimate-paylo...
3 months ago
root labs rdist

SSL optimization and security talk - I gave a talk at Cal Poly on recently proposed changes to SSL. I covered False Start and Snap Start, both designed by Google engineer Adam Langley. Snap St...
3 months ago
Cup of Security

Free Mobile ou Roaming Orange, vérifiez le vous-même avec votre iPhone ou smartphone Android - Si comme moi vous avez changé d'opérateur Mobile pour Free Mobile, vous n'avez pas pu passer à côté des lourdes accusations portées contre Free Mobile par ...
3 months ago
...And You Will Know me by the Trail of Bits

Pwn2Own Pre-Game - Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses “Bug Hunting and Analysis 0×65” by Aaron Portnoy and ...
6 months ago
ax330d's blog

Summing up SVG fuzzing in browsers - Hi there. As the title states, this is a summary of SVG fuzzing results. Today I would like to prattle a bit about what I was doing for some 2 weeks in t...
8 months ago
Nynaeve

NWScript JIT engine: Wrap-up (for now) - Yesterday, I provided a brief performance overview of the MSIL JIT backend versus my implementation of an interpretive VM for various workloads. Today, I’l...
1 year ago

Show 10 Show All

Labels

Advisory (52)
Rants from Thierry (19)
Tool (14)
Vulnerabilties (10)
Misc (8)
How-to (6)
Lectures (2)
Whitepaper (2)
zero day (1)

Copyright Musings on Information Security Template by Michael Jubel

About Me

Follow by Email

Cluster Map

Popular Posts

Blogs I read

Links

Labels