Geeks With Blogs
ex-blog Information security world August 2004 Entries
The beauty of Earth
Most beautiful 'Earth from above' pictures (by Yann Arthus-Bertrand) I ever seen... check them! [via and haruma]

Posted On Tuesday, August 31, 2004 1:40 PM

SHA-1 Break Rumored
Via Ed Felten: There's a rumor circulating at the Crypto conference, which is being held this week in Santa Barbara, that somebody is about to announce a partial break of the SHA-1 cryptographic hashfunction ... At the Crypto conference, Biham and Chen have a paper showing how to find near-collisions in SHA-0, a slightly less secure variant of SHA-1. On Thursday, Antoine Joux announced an actual collision for SHA-0. And now the rumor is that somebody has extended Joux's method to find a collision ......

Posted On Tuesday, August 17, 2004 10:46 AM

How does Explorer know which zone a file was downloaded from?
Interesting post by Mike Dimmik about mechanism behind Explorer 'Open File - Security Warning': When Internet Explorer, Outlook Express, or Windows Messenger in XP SP2 write a downloaded file, they use the IAttachmentExecute interface (I think - the documentation is obscure). This writes an Alternate Data Stream on an NTFS drive, which is named 'Zone.Identifier'. ... When you open a file (I assume of a limited set of types, but I can't find any configuration for it) Windows checks for the Zone.Identifier ......

Posted On Tuesday, August 17, 2004 10:25 AM

Your Phishing IQ
http://survey.mailfrontier.... [via Keith Brown, via Michael Howard] I also took this quiz and also got only 9/10 correct ;-). I think I made the same error as Keith - do not catch clever script tricks with 'view source'... (and it is bad, because I cannot see full message source in Outlook) ......

Posted On Tuesday, August 17, 2004 9:43 AM

AMD K8 microcode update (in)security
Interesting hardware security vulnerability (via last CryptoGram, rss). Turns out that it's possible to update the AMD K8 processor (Athlon64 or Opteron) microcode. And there's no authentication check. So it's possible that an attacker who has access to a machine can backdoor the CPU: If one is able to get root access on a machine even once, it is hypothetically possible to install a microcode update specifically to help compromise security from userspace at a later time. Such an update could be ......

Posted On Monday, August 16, 2004 9:04 AM

Whidbey security efforts
VS2005 release team and Somasegar posted some information about security push in MS DevDivision: With Visual Studio 2005, we have made security as one of the top priorities for the product development organization. Later this fall, the entire Whidbey team will be engrossed in a series of security related reviews we call the ‘security push’. The key to remember is that teams won’t be thinking about security for the first time during the security push. They think about it every day. ......

Posted On Saturday, August 14, 2004 4:28 PM

Data Execution Protection in XPSP2
Geoff Hill posted interesting information about 'Data Execution Protection' aka 'No Execute' (NX) memory protection in XP SP2: There is now a software DEP built into SP2 which you can activate! It probably isn't as robust as the hardware DEP listed above, but it’s there. If you go My Computer – Properties – Advanced tab – Performance Settings button – Data Execution Tab you can turn on the software. Oops, I missed this configuration setting at my laptop, so I'm going ......

Posted On Friday, August 13, 2004 12:16 PM

Using native Cert store handles in Whidbey
Shawn Farkas mentioned usefull addition to P/Invoke in Whidbey - SafeHandle class, which can be used to wrap around handles to unmanaged resources: SafeHandle is an abstract class, which you derive from to create a wrapper around specific types of handles. (Or other unmanaged resources that require some sort of cleanup). The CLR will then work with P/Invoke to marshal your safe handle back and forth to managed code. More in in Chris Brumme's Finalization blog entry. So CertDuplicateStore declaration ......

Posted On Friday, August 13, 2004 11:02 AM

Nmap and Windows XP SP2
As you may be know raw sockets support was removed in Windows XP SP2 (mb after Steve Gibson complaints ;-). As Fyodor quoted in nmap-hackers maillist: "We have removed support for TCP sends over RAW sockets in SP2. We surveyed applications and found the only apps using this on XP were people writing attack tools." Huh?! But thanks to Dana Epp's patch invaluable nmap tool could work on XPSP2 again. Update: Michael Howard posted explanation of exact changes in functionality: ... the ability to send ......

Posted On Friday, August 13, 2004 10:28 AM

Top Security Papers for New Security Software Engineers
Dana Epp posted list of his favorite "security papers": Recently on the SC-L mailing list a discussion on some of the topic good security papers has insued. As you know, on the right side of my blog I have some of my personal favorites. Those are papers that at the time of reading, actually "changed" my thinking in some way. What it doesn't truly reflect is what are GOOD papers for OTHER security software engineers ......

Posted On Thursday, August 12, 2004 12:03 PM

Simple and interesting solution for hidden root kit files
Microsoft Research has a short paper on using hackers' tricks against them, including using differential file system scans (using WinDiff) from infected vs. clean OS boots to detect hidden files [via G. Andrew Duthie]

Posted On Tuesday, August 10, 2004 4:12 PM

Threat Modeling book review
Dana Epp posted review of Threat Modeling by Frank Swiderski: If I could sum up the book in a single sentence it would be something like, "Frank took the ball from Michael in Writing Secure Code (WSC) and ran with it to the goal line." This book picks up where Michael left off, and completes the picture of threat modeling in greater depth. But you would have to expect that. The threat modeling process is evolving at Microsoft and the snap shot we see in this book is knowledge improved upon since ......

Posted On Wednesday, August 4, 2004 9:44 AM

Updated security guides
List of Microsoft security guides updated last week: Windows XP Security Guide v1.5 Windows Server 2003 Security Guide v1.3 Exchange Server 2003 Security Hardening Guide v2.0 Microsoft Identity and Access Management Series v1.1 Exchange Server 2003 Message Security Guide v2.0 ......

Posted On Tuesday, August 3, 2004 9:46 AM

Copyright © John Doe | Powered by: