Category Archives: IT Security

Any security related topics such as posts about vulnerabilities, malware, rootkits

Will we learn from the NSA eavesdropping scandal?

Having used encryption for a long time and having used PGP consequently for more than five years it seems unlikely to me that people will go the extra mile to ensure the confidentiality of their electronic correspondence. Leaving aside the … Continue reading

Posted in EN, IT Security, Thoughts | Tagged , , , , | Leave a comment

Webdesigners who don’t want me to use there website

… are the ones to use some fancy JavaScript snippet to display a black box saying “You need Flash player to see this” or something similar instead of letting me activate Flash on demand. Opera has the setting as long … Continue reading

Posted in EN, IT Security, Thoughts | Leave a comment

Annoying

… companies that tell me may passwords have to be alphanumeric or set an arbitrary upper limit to its length. More annoying: companies that do both. 🙄 // Oliver

Posted in EN, IT Security | 1 Comment

The abuse of (automated) abuse reports

Abuse reports abound. So do false positives in antivirus (AV) products. Worst of all, false positives in AV products spread within the industry, reports (and corrective action) about them don’t. Try to get rid of a false positive that affects … Continue reading

Posted in EN, IT Security | Leave a comment

SSL error with a newly signed cert?

Last night I literally spent hours figuring out an alleged issue with the certificate from StartCom. Of course the problem was entirely on my end, in the editor to be precise. But what happened? I fetched ca-bundle.pem and entered it … Continue reading

Posted in Administration, EN, IT Security, Linux, Software | Tagged , , | 3 Comments

German federals looking for trojan author – still

The German federals (BKA = Bundeskriminalamt, roughly the German equivalent to the FBI in the US) are still looking for someone with the qualifications to write what had been dubbed “Bundestrojaner” (literally: federal trojan) in 2008. This means that first … Continue reading

Posted in C/C++, EN, IT Security, Reversing, Software, Thoughts | Tagged , , | Leave a comment

Cool

COPSSH, another SSH implementation on Windows. And it even seems to be convenient to use.

Posted in Administration, EN, IT Security, Software | Leave a comment

Nett, eine sichere Pastebin-Alternative

Projektseite und Testinstallation (des Autors?) Super Geschichte. Ich hoffe, daß es noch auf GitHub oder BitBucket erscheint, so daß man die volle Versionsgeschichte bekommt. // Oliver

Posted in DE, IT Security, Software | 2 Comments

“Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)”

Interesting article about Vupen to which a colleague pointed me (thanks, Anna 😉 ). I have problems with their business model on so many levels, but just two points: Their business is completely legal, although it may be immoral I … Continue reading

Posted in EN, IT Security, Thoughts | Tagged , , , | Leave a comment

Android, what is it all about?

So I did it. I actually bought a cheapo Android phone (Simvalley SP-60) with dual-SIM feature, because that’s the single most important feature of a phone for me. Of course I went immediately to the privacy settings to turn off … Continue reading

Posted in EN, IT Security, Software, Thoughts | 8 Comments

A promising project

… for malware analysis in a sandbox. Check it out over at www.cuckoobox.org.

Posted in EN, IT Security | Leave a comment

StartSSL code signing certificate

Today I want to explain how to get the StartSSL code-signing certificates into a state that is usable for signtool. It is an affordable solution for individuals that would rather sign the code they publish. I bought one this week … Continue reading

Posted in EN, IT Security, Programming, Software | Tagged , , , , , , , , | 11 Comments

Carefully hidden criticism

Honest Achmed wants to be included as trusted CA 😉

Posted in EN, IT Security | Leave a comment

Damn …

Trying to break into my Yoggie Open Firewall Pico via SSH since I forgot the password. Using the current method it will take approximately 41 days and 6 hours to finish around 1.5 million passwords. *gnarf*

Posted in /dev/null, EN, IT Security, Linux | 10 Comments

XMPP S2S with Google and no TLS?

I’m running an ejabberd instance and it’s configured to use TLS in S2S (server to server) communications. It works perfectly fine with jabber.ccc.de, but Google’s server does not seem to like TLS. Very awkward. First I thought it may be … Continue reading

Posted in EN, IT Security, Linux, Software, Unix and unixoid | 3 Comments

F-Secure documentary about BRAIN

Watch it over here.

Posted in EN, IT Security, Reversing, Software | Leave a comment

iptables flowchart

Just uploaded a flowchart that shows the order of packet processing in iptables to my downloads. You can find it here. There is the Visio file from which I created it in the same folder, just in case you want … Continue reading

Posted in EN, IT Security, Linux | Leave a comment

WordPress/twentyten header image

Had some trouble with the built-in twentyten images. The header image is saved inside a serialized hash in the database complete with the protocol and server name as well as the blog home URI. The problem with this is if … Continue reading

Posted in EN, IT Security, Programming, Software | Tagged | Leave a comment

Some changes to the blog

Despite the server change, which you may not even have noticed, I’m also blocking any and all login attempts, renamed the admin user name (some people were apparently trying to get in) and the administration area is entirely off limits. … Continue reading

Posted in /dev/null, EN, IT Security | 3 Comments

DCOM error

Just got the following error in the event log on XP (SP3): Source: DCOM EventID: 10000 User: NT AUTHORITY\NETWORK SERVICE Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: “Access is denied. ” Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe … Continue reading

Posted in EN, IT Security, Software | 1 Comment