Simple challenge: figure out what this Windows executable does, win a ticket to one of the kewlest infosec conferences in Europe.
Yeah, right. I wish my reverse-engineering skills and assembly-fu were that strong. I do like the stats they gave from last year’s challenge though: over 50,000 downloads, less than 30 people successfully figured out what the executable does.
Saw this on the Dailydave mailing list today, it’s a video of a tool from Immunitysec called VisualSploit. In this demo, they’re using it to peform a buffer overflow on a program called NIPrint and get shell access to a Windows machine. Definitely one of the kewlest tools I’ve ever seen, I especially like the cartoonish kid-like buttons on the GUI!
VisualSploit 1.0 in action
In alot of spam comments, I’ve noticed that spammers enclose their URL’s in [url] and [/url] tags. When WPBlacklist tries to add these URLs to it’s blacklist, it picks up the opening bracket of the [/url] tag. What this does is make the entire URL regex-unsafe, because the opening bracket indicates the start of a character set. With no closing bracket, the preg_* function call barfs.
I’ve created a small patch file which escapes opening brackets in the URL’s. It gets rid of the preg_* function call failures, but I haven’t done uber-extensive testing, so I’ve no idea if this breaks anything else. Anyway, there it is, use at your own risk.
It might just be me (for some reason I’m really tired right now), but is the author of this paper saying he’s found a way to break AES?
Seriously thinking about asking the crypto mailing list for comment…
It’s been a bit of a slow Sunday (for once), so here’s a few things I’ve been looking at lately:
- DNS Amplification Attacks – An interesting paper by Randal Vaughn and Gadi Evron that outlines the mechanics behind the recent attack against Blue Security.
- Computer Security Threats – An online video of Mikko Hyppönen’s (Chief Research Officer, F-Secure Labs) recent presentation at DePaul University in Chicago. A good talk, but the sound quality is really crappy.
Is anyone else under an enormous barrage of comment spam? I used to get maybe something like 5 or 10 spam comments a day tops, but over the last few weeks, the number has skyrocketed to (literally) over 400 a day!
To me, this can only mean one of three things:
1. This blog is far more popular that I originally thought (not terribly likely).
2. The spammers have decided to single me out for some reason (do I look that much like a blue frog?).
3. The spam comment problem has just gotten that much worse across the board (in which case we’re all screwed).
So yeah, if you’ve seen this spam explosion too, or if you have any tried-and-true methods for dealing with it in WordPress, let me know.
Wow, just wow.
I honestly never, in my wildest dreams, ever thought that I would see cup stacking and computer security together in the same article.
And yet, here they are!
Man, guess it’s time for me to put down my darts and dust off my Speed Stacks Cups