If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: http://www.godblock.com/#what "block sexual, and psychologically harmful material" like "holy texts". Protect "from being indoctrinated"
- wishinet: Load average: 23.69 20.11 14.95 - jepp, this is obviously bad.
- wishinet: http://img2.moonbuggy.org/imgstore/ethernet-killer.jpg
- wishinet: According to my 400d stats the most viewed page at my blog is phpids's xss warning. You can do better! :)
- wishinet: I'm super-hungry after some meditation... guess this isn't normal. :-) 0xf000000d
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
pwnage
Explicit and implicit security in software development - measures and change
Tue, 03/23/2010 - 22:28 | wishi
Fix your bugs!
I recently had an interesting discussion with several people involved into software-development of certain product that not the most secure in the planet. In fact it's one these projects whose names regularly pop up in various advisories. What a great popularity push...
It doesn't seem to bother anybody. Because: "Soon Vista will be the standard and that will mitigate these attacks."
Implicit and explicit
Implicit security - let's define that for a moment - is security that is built in into a platform. If you plan to deploy for Windows Vista there're a bunch of security enhancements that come with the newer operating system. Therefore you passively inherit at least some security - as long as you don't run stuff in compatibility mode.
A practically secure mail setup - counter spammers with Linux mail-servers
Wed, 02/24/2010 - 23:03 | wishi
Who needs this?
Yay, free mails in a sustaining setup!
This is a tutorial on how to practically setup a relatively secure mail-server.
It's supposed to be as minimal as reasonable nowadays, and for a small amount of users (standard root server, max. ~20 mail-users at once). Without a real DB backend. It doesn't scale business-needs, however it's supposed to be extendable.
The reference system this setup works with is a Debian GNU Linux with:
- Maildrop - instead of Procmail for more flexible filter rulesets
- Postfix and Postfix-pcre ~ 2.7
wishi's blog | 
Add new comment | 1+[encrypted]+#b94+ | 
Tags: Configuration, Debian, Internet Protocols , Linux, pwnage, Security Tools, Unix
Socially pwned
Thu, 02/04/2010 - 14:07 | wishi
It's the famous data-kraken! He'll get us all.
When I was playing around with Facebook lately to setup an excuse account with my valid eMail address, in case some retard wants to impersonate me, I found out that social networks not only collect member data. Newer (iPhone/i* - stuff) applications for example make users synchronize their phone contacts into these web-services.
Windows Integrity Control - a model of trust and classification
Tue, 01/05/2010 - 17:15 | wishi
Malicious Office Documents
On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.
So fast - so weekly: teaching the hacks
Sun, 05/17/2009 - 19:17 | wishi
nowadays with "Agent Smith sunglasses" and TFT
We don't teach you...
I recently joined a channel on Freenode IRC and asked where to find some documentation for a special Metasploit auxiliary module, that was very new in the SVN repro. hdm sometimes is lurking around, people there normally are very friendly and helpful. It turned out not to be that typical day: "We don't teach you how to hack [...] use Google" - But we use your exploits?!
View on: Gray Hat Python by Justin Seitz
Fri, 05/08/2009 - 12:34 | wishi
For Hackers and Reverse Engineers?
"Security professional" as a term doesn't really sell that well? In any case the book in Germany was hard to get. Maybe because some people get especially nosy if they read the "Hacker" term - even if referenced by the MIT definition.
It turns out that's not the only reason why it's hard to get. Reverse Engineering skills in today's Malware infested distributed systems, like internet or LANs, are essential to maintain a certain amount of effective countermeasures. Speaking of Stormworm or Confickr, where it's intelligence vs. intelligence.
So it's not that surprising: the book begins, introducing setups, and with debugging examples. But that's briefly and introductorily. The more advanced stuff starts in chapter 3.
wishi's blog | 1 comment | 1+[encrypted]+#b94+ | Tags: Exploits, pwnage, Security Tools, Windows security
