Category Archives: IT Security

Any security related topics such as posts about vulnerabilities, malware, rootkits

Nett, eine sichere Pastebin-Alternative

Projektseite und Testinstallation (des Autors?) Super Geschichte. Ich hoffe, daß es noch auf GitHub oder BitBucket erscheint, so daß man die volle Versionsgeschichte bekommt. // Oliver

Posted in DE, IT Security, Software | 2 Comments

“Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)”

Interesting article about Vupen to which a colleague pointed me (thanks, Anna ). I have problems with their business model on so many levels, but just two points: Their business is completely legal, although it may be immoral I doubt … Continue reading

Posted in EN, IT Security, Thoughts | Tagged , , , | Leave a comment

Android, what is it all about?

So I did it. I actually bought a cheapo Android phone (Simvalley SP-60) with dual-SIM feature, because that’s the single most important feature of a phone for me. Of course I went immediately to the privacy settings to turn off … Continue reading

Posted in EN, IT Security, Software, Thoughts | 8 Comments

A promising project

… for malware analysis in a sandbox. Check it out over at www.cuckoobox.org.

Posted in EN, IT Security | Leave a comment

StartSSL code signing certificate

Today I want to explain how to get the StartSSL code-signing certificates into a state that is usable for signtool. It is an affordable solution for individuals that would rather sign the code they publish. I bought one this week … Continue reading

Posted in EN, IT Security, Programming, Software | Tagged , , , , , , , , | 11 Comments

Carefully hidden criticism

Honest Achmed wants to be included as trusted CA

Posted in EN, IT Security | Leave a comment

Damn …

Trying to break into my Yoggie Open Firewall Pico via SSH since I forgot the password. Using the current method it will take approximately 41 days and 6 hours to finish around 1.5 million passwords. *gnarf*

Posted in /dev/null, EN, IT Security, Linux | 4 Comments

XMPP S2S with Google and no TLS?

I’m running an ejabberd instance and it’s configured to use TLS in S2S (server to server) communications. It works perfectly fine with jabber.ccc.de, but Google’s server does not seem to like TLS. Very awkward. First I thought it may be … Continue reading

Posted in EN, IT Security, Linux, Software, Unix and unixoid | 3 Comments

F-Secure documentary about BRAIN

Watch it over here.

Posted in EN, IT Security, Reversing, Software | Leave a comment

iptables flowchart

Just uploaded a flowchart that shows the order of packet processing in iptables to my downloads. You can find it here. There is the Visio file from which I created it in the same folder, just in case you want … Continue reading

Posted in EN, IT Security, Linux | Leave a comment

WordPress/twentyten header image

Had some trouble with the built-in twentyten images. The header image is saved inside a serialized hash in the database complete with the protocol and server name as well as the blog home URI. The problem with this is if … Continue reading

Posted in EN, IT Security, Programming, Software | Tagged | Leave a comment

Some changes to the blog

Despite the server change, which you may not even have noticed, I’m also blocking any and all login attempts, renamed the admin user name (some people were apparently trying to get in) and the administration area is entirely off limits. … Continue reading

Posted in /dev/null, EN, IT Security | 3 Comments

DCOM error

Just got the following error in the event log on XP (SP3): Source: DCOM EventID: 10000 User: NT AUTHORITY\NETWORK SERVICE Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: “Access is denied. ” Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe … Continue reading

Posted in EN, IT Security, Software | 1 Comment

“The system cannot execute the specified program.” #2

I did indeed solve the issue reported here. The problem must have been somewhere between my ears. Once you do it right, it works While sigcheck from Sysinternals is a very nice tool, it simply does not compare to signtool. … Continue reading

Posted in EN, IT Security, Programming | Tagged | Leave a comment

“The system cannot execute the specified program.”

There is a pretty interesting article over at winprogger.com about the problems connected with IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY (set through /integritycheck ever since VS2005) and ERROR_INVALID_IMAGE_HASH (aka Win32 error code 577). Now, I’ve been fighting with this problem for two full days and … Continue reading

Posted in EN, IT Security, Programming, Reversing, Software | Tagged , , , | 4 Comments

Painful lessons I had to learn again and again

Since this is something I’ve stumbled over several times now and since it is discussed in Microsoft’s documentation only as if there is only the option to import it into your store, i.e. within your user account. Now, I was … Continue reading

Posted in EN, IT Security, Programming, Software | Tagged , , | Leave a comment

LinkIconShim bequem verpackt

Hier ein vorübergehender Fix für das Problem mit LNK- und PIF-Dateien (CVE-2010-2568). Ich habe das Projekt LinkIconShim von Libor Morkovsky genommen und als MSIs verpackt um die Installation zu erleichtern. Erstmal muß man allerdings noch die korrekte MSI runterladen. Hier … Continue reading

Posted in DE, IT Security, Programming, Software | Tagged , , , | Leave a comment

LinkIconShim conveniently packaged …

Here’s a preliminary fix for the problem with LNK and PIF files (CVE-2010-2568). I took the LinkIconShim from Libor Morkovsky and packaged it as an MSI for easier installation. For now you will still have to choose the right MSI, … Continue reading

Posted in EN, IT Security, Programming, Software | Tagged , , , | 1 Comment

Fix for the LNK exploit

A clever fix has been made available against the exploit that has recently been found in the LNK icon handler.

Posted in EN, IT Security, Software | 1 Comment

Redefining “Security Researcher”

A nice blog post about the Full Disclosure and friends. // Oliver

Posted in EN, IT Security, Software | 1 Comment