2011 Jun 20, 11:25A cautionary tale in chart form: lesson is make sure you can always upgrade your hashing algorithm or don't have security dependencies on hashing algorithms.
reference hash encryption security table technical humor 2011 May 30, 3:13"We covered the Newstweek, a wall-wart sized box that injects fake news stories over public WiFi connections last February, but now there’s a great walk through and it seems our doubts about this
project were disproved."
security journalism wifi hack technical 2011 May 28, 11:00
I wanted to ensure that my switch statement in my implementation of IInternetSecurityManager::ProcessURLAction had a case for every possible documented URLACTION. I wrote the following short
command line sequence to see the list of all URLACTIONs in the SDK header file not found in my source file:
grep URLACTION urlmon.idl | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > allURLACTIONs.txt
grep URLACTION MySecurityManager.cpp | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > myURLACTIONs.txt
comm -23 allURLACTIONs.txt myURLACTIONs.txt
I'm
not a sed expert so I had to read the
sed documentation, and I heard about
comm from Kris Kowal's blog which happilly was in the
Win32 GNU tools pack I
already run.
But in my effort to learn and use PowerShell I found the following similar command line:
diff
(more urlmon.idl | %{ if ($_ -cmatch "URLACTION[a-zA-Z0-9_]*") { $matches[0] } } | sort -uniq)
(more MySecurityManager.cpp | %{ if ($_ -cmatch "URLACTION[a-zA-Z0-9_]*") { $matches[0] } } | sort -uniq)
In
the PowerShell version I can skip the temporary files which is nice. 'diff' is mapped to 'compare-object' which seems similar to comm but with no parameters to filter out the different streams
(although this could be done more verbosely with the ?{ } filter syntax). In PowerShell uniq functionality is built into sort. The builtin -cmatch operator (c is for case sensitive) to do regexp is
nice plus the side effect of generating the $matches variable with the regexp results.
powershell tool cli technical command line 2011 May 22, 10:44Links to the IETF draft document of and describes the perf benefits of SSL False Start.
security google browser web webbrowser https performance ssl tls technical 2011 Apr 27, 2:23"The gradual disappearance of open wireless networks is a tragedy of the commons, with a confusing twist of privacy and security debate. This essay explains why the progressive locking of wireless
networks is harmful — for convenience, for privacy and for efficient use of the electromagnetic spectrum."
law eff wireless internet technical privacy security 2011 Apr 8, 2:07"On average their method gets to within 690 metres of the target and can be as close as 100 metres – good enough to identify the target computer's location to within a few streets.", "When a landmark
machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time
difference narrows the search down further."
technical internet privacy geo geolocation security 2011 Apr 4, 11:18Two eBook frauds involving the automated creation and publishing of books in order to make money off the long tail. The spam of books.
ebook fraud bruce-schneier security amazon copyright publishing 2011 Jan 23, 4:49Sysinternals Mark Russinovich writes a novel (fiction) and gets a Bill Gates blurb for the cover: “Mark came to Microsoft in 2006 to help advance the state of the art of Windows, now in his latest
compelling creation he is raising awareness of the all too real threat of cyberterrorism.” —Bill Gates
book security microsoft sysinternals mark-russinovich novel fiction technical 2011 Jan 23, 3:26Personal photos from the Back to the Future set during filming taken by a Universal security guard.
photos bttf backtothefuture movies 2011 Jan 19, 7:45I always wondered how easy it would be to hack the key fobs. Now we know...
security hack car technical 2010 Sep 24, 8:38"Comedian Stephen Colbert joined the panel of witnesses at a House hearing on immigrant farm workers. Mr. Colbert has partnered with United Farm Workers and their campaign calling on unemployed
Americans to take jobs in the agriculture sector. The organization's president, Arturo Rodriguez, also testified at the Judiciary Subcommittee on Immigration and Border Security hearing chaired by
Rep. Zoe Lofgren (D-CA).
Washington, DC : 2 hr. 10 min."
humor video stephen-colbert politics immigration farm labor house 2010 Jul 20, 6:45Hack based on DNS rebinding plus home router's web front end.
security technical web router dns dns-rebinding hack 2010 Jul 12, 7:11How to get around Hulu's physical location filtering: Use something like Fiddler to add the X-Forwarded-For header that HTTP proxies with an IP address associated with a phyiscal location you desire
and block your port 1935 which Flash uses for RTMP (see http://kb2.adobe.com/cps/164/tn_16499.html)
hulu proxy security tv howto technical 2010 Jul 5, 4:23Cross-site scripting attack on YouTube over the weekend: "That turned out to be as simple as using two script tags in a row (<script><script>fun scripting stuff goes here!), as noted by
F-Secure researcher Mikko H. Hypponen on Twitter—the first of the two tags would get stripped, and the second was allowed through."
technical youtube security cross-site-scripting javascript 2010 Jun 30, 11:08Come one and all from all over the web and tell me your password...
security javascript password tool 2010 Jun 25, 2:58"... all you need to do is specify the /W switch and the file or folder you want to overwrite—after you have already deleted it. cipher /W:C:\Path\To\Folder"
technical cmd privacy security windows cipher delete
Some rights reserved