Geeks With Blogs
ex-blog Information security world March 2005 Entries
Domain and Server isolation whitepapers
Some new Domain and Server isolation with IPSec whitepapers are released at Microsoft Download website: Domain Isolation Planning Guide for IT Managers Domain Isolation with Microsoft Windows Explained Server Isolation with Microsoft Windows Explained Windows Server 2003 ......

Posted On Tuesday, March 29, 2005 11:13 AM

Rootkits vs Revealers
Rootkits vs Rootkit revealers war begins: Robert Hensing (from PSS Security) posted how Hacker Defender was configured to target RootkitRevealer by its name. The advice is to use some random name of revealer and Mark Russinovich already modified RootkitRevealer in version 1.30 to perform scans using a randomly named copy of itself to defeat this attack. The same story with F-Secure BlackLight described in Spyware authors challenge BlackLight. BTW, did I mention that Mark started blog ;-) ......

Posted On Tuesday, March 22, 2005 10:10 AM

Image File Execution options key as an Attack Vector on Windows
Dana Epp posted interesting article about using Image File Execution options in the Windows registry to redirecting a process loading: By simply mapping the executable name to a different debugger source, you can actually load something else entirely. Let me give you a proof of concept: Start the Registry Editor: Click Start, click Run, and then type regedt32. Locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE... NT\CurrentVersion\Image File Execution Options\ To this hive, ......

Posted On Tuesday, March 22, 2005 9:58 AM

Security Development Lifecycle at Microsoft
Michael Howard posts that 'The Trustworthy Computing Security Development Lifecycle' document providing real insight on what is going on with Microsoft's own security development lifecycle is posted at MSDN security. It is an excellent document!

Posted On Monday, March 21, 2005 4:06 PM

Application Verifier Security Tools for Windows
Interesting article about security tools to check for common security issues, including places where your code won't run properly under non-administrative accounts that are included in Application Verifier is posted at TechNet. [via Larkware] Michael Howard also described SecurityChecks in his Code Secure ......

Posted On Thursday, March 17, 2005 10:49 AM

Exploiting Software: How to Break Code in Russian
Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw is now available in Russian. Great news for developers in Russia. Dana Epp reviewed this book last year. And one personal thing: Courier system - one of our (Validata) security products to secure email exchange systems passed Windows Client and Office platform test ......

Posted On Wednesday, March 16, 2005 6:26 PM

LDAP injection
The concept of LDAP injection is similar to SQL injection, except that the target is Active Directory or any LDAP server. The idea is to inject untrusted data into a LDAP query by malicious users. [via Eugene Siu] ......

Posted On Thursday, March 10, 2005 8:13 AM

Identity management blogs
I've found interesting blogs about identity management today: Kim Cameron's [rss] blog with 'The Laws of Identity' post and Stefan Brands's The Identity Corner blog [rss] with 'An elaboration on the first Design Principle of Identity' (via Archie Reed) ......

Posted On Friday, March 4, 2005 8:35 PM

Mark Lucovsky joined Google
May be the way how software is shipped today is flawed... Mark Lucovsky (markl), Microsoft Distinguished Engineer, one of the Windows NT kernel developers and architect of the largest source code control and build system moved to Google and desribes his reasons in blog [subscribed] ......

Posted On Friday, March 4, 2005 12:45 PM

Builds versioning
vincem posted versioning ideas article, there he described versioning scheme used in Microsoft (for Windows builds for example). Because I'm kind of “build master” here in our company for some products ;-) I'm also interested in versioning scheme. Some questions arise about QFE builds numbers, because I use sequential numbers for 'revision' field currently and may be it's better to adopt scheme that is linked to the bug number. [Update] Vince provided more info about builds versioning ......

Posted On Wednesday, March 2, 2005 10:04 AM

Copyright © John Doe | Powered by: