Friday, August 28, 2009

apache ssh key compromised... that's not nice :(

from netcraft:

the compromise is "not due to any software exploits in Apache itself", but was instead due to a compromised SSH key.

private key oh private key...

actually I'm wondering how they figured out that it was compromised...

Labels:

dont go wireless in japan

the can crack your WPA in 1 minute...

I never trust wireless anyway...

Labels:

Wednesday, August 12, 2009

M$ must patch

sans considered Microsoft August 2009 Black Tuesday Overview

plenty of awful vulnerabilities:

perhaps the worst one would be ATL (Active Template Library)

It is interesting that someone had already formed a theory in regards to MSVIDCTL.DLL

<snip>
This is a cute little bug. First of all, it is a beautiful example of a single excess "&" in the source code. But what is most amusing about this bug is the centrality of it
we have here is a bug in a component that is used fairly widely, and that has the property of being statically linked

<snip>

it affects many things, third party apps, including also M$ own outlook & windows media player.

Interestingly, this vulnerabilty has been patch in MS09-034 for IE.

Labels:

Friday, August 7, 2009

hibernation

active bear: 100 heart beats / min
hirbernating bear: ~ 8 heart beats /min

Labels: ,

Monday, August 3, 2009

CSRF often pronounced "sea surf"

CSRF: Cross-site request forgery or XSRF.. basically type of subtle attack that exploit the hole where a browser has already been authenticated - to send unauthorized command.

Unlinke XSS (Cross-site scripting), which exploits the trust of a user to website, CSRF exploits the trust of a web tie in a user's browser.

some preventive measure:
RequestPolicy Firefox extension.

NoScript Firefox extension

Labels: