Bluehat V8: Mitigations Unplugged

I first got to see Matt Miller speak in person a few Bluehat’s ago when he was talking about ‘Temporal return addresses’ . . . ah yes – the talk was entitled “Temporal Chronomancy” according to Mr. Shostack’s blog and it was all the way back in 2005.  The basic premise behind the talk was that…

1

Interesting stuff and the end is near (for my blog)

First off – OneCare is dead – long live . . . OneCare . . . err Morro?http://news.cnet.com/8301-1009_3-10101582-83.html?tag=newsLeadStoriesArea.1 Next up – Zune 3.1 is out – download it – love it. http://www.engadget.com/2008/11/18/zune-3-1-update-out-today-now-featuring-sudoku/Also – the flash memory based Zunes are getting price chopped from $10 – $30 in time for Christmas:http://www.engadget.com/2008/11/18/microsoft-ratchets-down-pricing-on-flash-based-zunes/Things I loved about the 3.1…

1

Microsoft SideSight?

Looks cool: http://www.gearlog.com/2008/10/microsofts_sidesight_something.php

1

SmoothHD

Akamai / IIS7 / SilverLight 2.0 / VC-1 == HD over broadband happiness.  It’s sort of cool – the video started off a tad blurry and then got sharper after a few seconds and I didn’t have a single glitch.  Pretty impressive stuff: http://www.smoothhd.com/Also see: http://www.akamai.com/smoothhd

0

Mass SQL Injection : The Chinese Way

The blog pretty much speaks for itself: http://www.circleid.com/posts/20081022_sql_injection_attacks_chinese_way/ Client-side browser vulns are of little use without an effective way of spreading them to the victims – unfortunately – it’s still relatively easy for the miscreants to spread them around using tools like this.Interesting the comment about SQL injection via cookies . . .

0

Out of band security update planned for today (MS08-067)

Updated 10/23/2008 @ 1:17pm ESTWe have pushed the update live – here’s the direct link to the bulletin:http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx (if it doesn’t work for you – keep trying – it will be live real soon now).Also note that the Microsoft Malware Protection Center also has generic detection for the malware dropped in the targeted attacks!You can read…

1

Flash 10 & IE8b2 Per Site ActiveX

So I’ve got IE8b2 installed on all of my machines and I’ve noticed that since installing Flash 10 that all web sites now prompt me before running Flash 10!  The new gold bar experience users will see when they install Flash 10 on IE8 is described here (thanks to Eric Lawrence for the URL: http://blogs.msdn.com/ie/archive/2008/05/07/ie8-security-part-ii-activex-improvements.aspx)….

1

Flash 10 is out – install it like . . . yesterday.

If I were a bad guy and I wanted to pwn lots of people via the web – I’d probably focus my efforts on ubiquitous software guaranteed to give me a lot of bang for my buck (like Flash and Acrobat).  Software like Flash would seem like a good target given that it’s installed on just…

0

Win7 to officially be called . . . Win7?

I actually for once – LOVE that we are keeping the name of the OS simple and leaving it at Win7.  I will admit – I was somewhat disappointed when XP’s name was announced internally (internally it was known as Whistler) and I was downright horrified when we decided to call Longhorn “Vista” (my friends…

1