Robert Hensing's Blog

Software Security . . . and stuff.

This week's Fail Open Goat Award goes to - Credit Card Processing

http://www.veracode.com/blog/2008/10/credit-cards-failing-open/

Author: rhensing Date: 11/02/2008

Microsoft SideSight?

Looks cool: http://www.gearlog.com/2008/10/microsofts_sidesight_something.php

Author: rhensing Date: 10/29/2008

SmoothHD

Akamai / IIS7 / SilverLight 2.0 / VC-1 == HD over broadband happiness. It's sort of cool - the video...

Author: rhensing Date: 10/29/2008

Mass SQL Injection : The Chinese Way

The blog pretty much speaks for itself:...

Author: rhensing Date: 10/23/2008

Out of band security update planned for today (MS08-067)

Updated 10/23/2008 @ 1:17pm ESTWe have pushed the update live - here's the direct link to the...

Author: rhensing Date: 10/23/2008

Flash 10 & IE8b2 Per Site ActiveX

So I've got IE8b2 installed on all of my machines and I've noticed that since installing Flash 10...

Author: rhensing Date: 10/22/2008

Flash 10 is out - install it like . . . yesterday.

If I were a bad guy and I wanted to pwn lots of people via the web - I'd probably focus my efforts...

Author: rhensing Date: 10/17/2008

MAPP + Exploitability Index == Protected Customers, Better Security Update Prioritization

Today we officially launched our MAPP program...

Author: rhensing Date: 10/14/2008

Shostack on "Threat Modeling"

Adam Shostack is incredibly smart - and he also happens to be responsible for managing the threat...

Author: rhensing Date: 10/13/2008

iPhone running WM 6.1?

Okay - I'm not sure if this is real or not - but the interview itself is hilarious - the questions...

Author: rhensing Date: 10/13/2008

I'm a PC and I fight for the users . . .

Tron Guy makes a cameo in our "I'm a PC" video wall:...

Author: rhensing Date: 09/22/2008

Extreme Ad Makeover - We are now entering "the 2nd phase"?

You know, I have one simple request. And that is if we are to have an ad campaign with sharks, that...

Author: rhensing Date: 09/18/2008

Zune 3.0 - Using wifi to download songs right from the ZMP (speed test)

Today a friend asked me how fast downloading songs / albums from the ZMP was and I had to admit - I...

Author: rhensing Date: 09/17/2008

GOVCERT.NL and German authorities recommend against installing Chrome!?

It was only a matter of time - the first few days worth of bugs were so bad I gave up covering them...

Author: rhensing Date: 09/12/2008

Why I'm not running Chrome anymore (back to IE8 beta 2 for me)

http://www.milw0rm.com/exploits/6367Long strings leading to stack overruns? Really Google? Srsly? I...

Author: rhensing Date: 09/05/2008

It begins . . .

UPDATE: Go here and watch the video - it's higher resolution and better:...

Author: rhensing Date: 09/05/2008

On Chromium and Practical Windows Sandboxing

UPDATE 9/13/2008: The authors of the Chromium whitepaper linked to below wrote to me the day after I...

Author: rhensing Date: 09/03/2008

Google Chrome coming today? Launch early and iterate? srsly?

UPDATE: Reading the Google chrome comic that I received offline - man, I have to admit, this does...

Author: rhensing Date: 09/02/2008

The truth about the Dowd / Sotirov Vista memory protection bypass stuff

Good short interview with Sotirov who clarifies what actually happened at Blackhat for some folks:...

Author: rhensing Date: 08/12/2008

Happy Patch Tuesday - Random thoughts

The SnapShot Viewer 0-day that has seen limited exploitation in the wild is now patched - here's an...

Author: rhensing Date: 08/12/2008

VMWare Fail Closed Goat Award

Here's one for the schadenfreude files - VMWare users running ESX 3.5.x Update 2 will be unable to...

Author: rhensing Date: 08/12/2008

OpenID Fail Open Goat Award

Really interesting that CRL checks aren't baked into a lot of open source OpenID providers:...

Author: rhensing Date: 08/08/2008

Today's Fail Open Goat Award goes to: Insecure 3rd party software updaters

You'll notice Microsoft's auto-updaters (Windows Update / Microsoft Update / Automatic Updates) are...

Author: rhensing Date: 07/29/2008

2% of a big number, is a big number

Don't be evil.http://blogs.pcmag.com/securitywatch/2008/07/google_blogger_hosts_2_of_worl.php

Author: rhensing Date: 07/24/2008

Microsoft Mojave

"We are here in San Francisco, where we've secretly replaced the fine operating system these people...

Author: rhensing Date: 07/24/2008

Antivirus fail . . .

Lately I'm not a big fan of AV and it amazes me that AV hasn't been beaten up more badly than it has...

Author: rhensing Date: 07/24/2008

DNS Fail Open Goat Award

Kaminsky's flaw has a metasploit module: http://www.caughq.org/exploits/CAU-EX-2008-0002.txt On the...

Author: rhensing Date: 07/23/2008

Pwnie Awards - Vista nominated for . . .

Most Epic Fail: http://pwnie-awards.org/2008/awards.html#fail Gee . . . I hope we . . . win? No . ....

Author: rhensing Date: 07/22/2008

Dan's DNS checker - We need a new ship!

Heres' an interesting, somewhat reflective blog from Kaminsky on security researcher drama, and how...

Author: rhensing Date: 07/13/2008

Chris Rohlf joins Matasano

I have mad respect for Matasano and I can't believe a friend of mine now works...

Author: rhensing Date: 07/13/2008

Memory dumpers for Windows

So I still get IR related questions on occasion . . . one of which being 'what is the best way to...

Author: rhensing Date: 07/03/2008

Adobe Acrobat 9 - Creamy Security Goodness (on Vista / WS2008)

So I noticed yesterday that Adobe had quietly released Acrobat 9 to the web. I decided to download...

Author: rhensing Date: 07/03/2008

Dino secretly wants Apple to release 64bit Vista

Interesting article from Dino: http://blogs.zdnet.com/security/?p=1325 Vista x64 has like . . . 4.5...

Author: rhensing Date: 06/24/2008

Today's FOGA goes to Google for (implicitly) admitting they have a problem (via stopbadware.org)

Man - not sure why this didn't grab the media's attention until today:...

Author: rhensing Date: 06/24/2008

SQL injection is teh suck . . .

So do something about it:...

Author: rhensing Date: 06/24/2008

Security 'silly season' has officially begun . . .

In Formula 1, silly season usually begins near the middle to end of the F1 calendar (although it...

Author: rhensing Date: 06/24/2008

Microsoft Blogs and Web Resources about Security

This guy has spent an insane amount of time collecting and organizing useful security links . . ....

Author: rhensing Date: 06/19/2008

Next>