Yesterday, I bought a new wireless router for home. I was in the computer store to buy some DVDs and picked it up in more of an impulse. My old router was not performing well so I bought the first draft-n gigabit router I happened to stumble upon after quickly having verified that it was [...]

First of all: No I am not dead and yes I will continue to blog here. I just took a bit of a ‘blogging sabbatical’ the last couple of months.
That said,  I  (and many others so it seems) downloaded Chrome, Google’s vision of a web browser this week and played around with it for a while. [...]

I blogged about it before but every now and then someone finds a new physical ‘hack’ into windows. Here is an example of a recent hack using backtrack to gain access.
This just illustrates one of Microsoft’s 10 Immutable Laws of Security:
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not [...]

This week, I got my invite for Google App Engine in the mailbox. If you have not heard of it, Google App Engine is a beta product from Google where you can publish your web apps to Google’s massive infrastructure. Currently only Python is supported as a language but Google intends to add other languages [...]

It is interesting to see how we perceive our privacy on the Internet. When we see a third party publish personal information about us on the Internet without our permission, we tend to feel violated in our privacy. However, when we publish the same information on our LinkedIn, Facebook, Twitter, … profiles ourselves, we seem [...]

As you may know, firewire devices can have access to the main memory of a PC thanks to DMA.
Because of this, firewire can be used as an attack vector against a running PC. This not news. Adam Boileau presented this technique back in 2006 but because of recent news, I decided to give it a [...]

Some time since I posted here (work, travel. holiday and other excuses) but I hope to have a little more spare time in the future.
I woud like to use this post to raise some awareness on basic incident handling procedures. I learned some time ago at SANS that Incident Handling is a process which consists [...]

While I was looking into writing my own gadget for Vista’s Sidebar to display my Google Reader news, it hit me that Gadgets are really simple web browser applications.
They consist of only 1 XML and 1 HTML file in general and can contain JavaScript, vbscript, wmi scripts,… (everything basically). This should make you think because [...]

With the application vulnerability threat landscape evolving more and more towards 3rd party application exploits (Flash, Adobe, Winamp,….) instead of the classic network worms based on Microsoft Windows exploits, it becomes more and more needed to keep this 3rd party software up to date as well.
In large managed environments this is done by a central [...]

Microsoft just released their monthly patches.
It contains:

one important patch (LSAS, local exploit)
In my opinion, especially important for systems like terminal servers or shared multi-user systems.
one highly critical patch (vulnerability in TCP/IP stack)

The reason why I am writing about this and put the TCP/IP vulnerability in bold is that this is one [...]