Mah Bluehat blogz – let me show you them!

My somewhat random thoughts on the battle for your PC and how it may play out in the coming year . . . (and by your PC I really mean your Mom’s since you’re of course running IE7 on Vista with UAC enabled and DEP forced on etc. right?):http://blogs.technet.com/bluehat/archive/2008/04/28/the-battle-for-the-browser-your-pc.aspx EDIT:  I’d like to give out…

0

Mac vs. PC – can’t we all just get along?

So I’m on the road with my boss . . . he brought his Mac . . . I brought my Vista x64 Dell.  They only offered wired internet so I decided to try out Vista’s connection sharing stuff . . . I figured I would plug in the cable and share the connection out…

1

PayPal throws down . . .

This is VERY interesting and I wonder what sort of time frame they plan on doing this in – because right now AFAIK their list of supported browsers would be IE7 and IE8 (based on the EVSSL statements). 🙂 http://www.eweek.com/index2.php?option=content&task=view&id=47667&pop=1&page=0&hide_js=1 Also found this to be very interesting:EV Certificates Unproven, but Best Solution Yet The jury…

0

Flash NULL pointer + offset code execution . . .

I tend to agree – Mark Dowd is clearly not human: http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ This kind of thing makes me want to like . . . go work on cars or something. 🙂 So here’s what’s sort of scary about Mark’s paper and mentioned in the Matasano post – but worth reiterating here . . . this paper could…

2

Hyper-V

So Brandon Baker is a senior guy on the Hyper-V team.  I just came across this blog post of his: http://blogs.msdn.com/rsa2008/archive/2008/04/07/isolation-of-virtual-machines.aspxIf you read my blog – you may have seen my blog from CanSec where Oded did a presentation on VMWare’s new VMSafe initiative / APIs and how shocked myself and many other attendees were…

0

Espionage using Office documents in the news

First a Wired article: http://www.wired.com/politics/security/news/2008/04/chinese_hackers Next a Businessweek article: http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm We live in ‘interesting’ times.

0

IE8 – DEP enabled by default?

W00t!!!  So I guess this is public now: http://www.eweek.com/c/a/Security/Microsoft-Details-IE-8-Security-Default-Change/ This is huge . . . DEP is a fairly complex process on Windows today . . . far less trivial than I would like.  By default on our client operating systems your program has to somehow opt-in to DEP protection and if it doesn’t -…

1

I feel dirty . . .

So I’ve been running WS2008 for a while now.  I’ve got a nice beefy machine that I do all my repro work on.  It’s an Intel quad proc box with 4GB of RAM and an ATI Radeon x1950Pro.  I’ve got some nice LCDs and run multi-mon.  And I absolutely hate what we’ve done to the shell on…

0

Get Kraken!

So much ado is being made about Kraken in the press with people speculating this bot is bigger than storm – which was already terribly over-hyped in terms of numbers by the press.If you’re curious – here’s our AV team’s write-up on it here: http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147369263 and here: http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147368536 Our next Security Intelligence Report summarizing the last…

0