mitigations
The Mysterious DNS Exploit
On Tuesday, July 8th, Microsoft’s usual package of patches seemed to end-users like every other Patch Tuesday — some security updates to various and sundry Windows files to patch security vulnerabilities unknown. However, it contained something very unusual this time — a design change to DNS. DNS has been around since the 1970′s, so people [...]
Blacklists and Cross-Site Scripting
Microsoft gets a lot of criticism over Internet Explorer not being “standards-compliant.” However, it’s actually not so simple, for a variety of reasons. One of them is that the web itself is not very standards-compliant — while IE8 has a standards-compliant-browser mode, it has to offer an IE7 rendering fallback mode because most web sites [...]
Whole-Disk Encryption Cracked
Early this week, some researchers at Princeton University’s Center for Information Technology Policy released a fascinating video of whole-disk encryption being cracked quite quickly and easily. Whole-disk encryption products — such as PGP Whole Disk Encryption, TrueCrypt System Encryption, and Windows Vista’s BitLocker — work by encrypting the entire hard disk with a symmetric key, [...]
ASUS Eee PC and Linux vmsplice Vulnerabilities
It wasn’t a good weekend for Linux. The ultraportable ASUS Eee PC has seen quite a bit of publicity lately. With prices starting as low as $300, it’s about as cheap as laptops get, and runs on a solid-state drive instead of a hard disk. Of course, to get such a low price, it doesn’t [...]
OS-Based Mitigations Against Common Attacks
In my last post about finding a job in information security, when discussing application security, I off-handedly mentioned several mitigation technologies — GS, DEP, SAL, and ASLR. These are technologies developed by OS vendors to provide system-wide protection against common attacks, and are things every application developer should know about when dealing with native (unmanaged) [...]
