Back to Top

Tuesday, October 28, 2008

Mixed links

Via Pat’s Daily Grind: Philosophical Health Check and Battleground God. Very cool pages which aim to discover discrepancies/contradictions in your world view.

I've been using Chrome for some time now and my conclusion is: it doesn't matter what browser you use, as long as it is a reasonably new one. Thins I've liked:

  • resizable textboxes
  • HTTPS warnings (the UI seems much nicer)
  • the separation in processes makes killing of errant pages / plugins and recovery much easier

WinZip password collision. WinZip (or more precisely: zip) supports many encryption methods, some of them very weak (like the original one described here) and some of them industry grade (AES). The drawback of this diversity is that not all zip/unzip programs support all of the algorithms, so (IMHO) you are better off using unencrypted zips or something like 7zip (Open Source and free) when encryption is needed.

Via Joel Esler's blog: who would win?

See on Souriz's blog: examples of reverse engineering syllabuses. I would recommend such courses to every programmer / sysadmins so that they can more accurately judge the threats which are out there.

From spl0it.org comes the User Agent lookup script. In the same spirit: the fact that there are no FORM's on your webpage doesn't mean that its not accepting input from the user. Remember: the user controls also the headers (and implicitly the cookies). Also, they can control the result of the reverse DNS lookup...

From stackoverlow, funny: suggest additions to the C preprocessor :-):

#dogma, basically there to counteract all the pragmatic stuff creeping into modern C and get back to basics.

#karma, to override (run over) the #dogma

Via Bruce Schneier: sending messages to the TSA - I'm not sure how an idea this is...

From Gadi Evron: Introducing yourself. This was always a problem for me. How do you explain m malware researcher to a lay person?

Via the Dynamoo blog: "eval(function(p,a,c,k,e,r)" - in fact this is a legitimate JS packer which is being used on sites such as CNet. However, to any prospective user of such methods, my advice is the same as in the case of executable packers: it very probably degrades performance, makes your script look more suspicious (thus causing problems for users with AV / IDS products) and is not more effective than javascript minification combined by transparent gzip compression (which is supported by 99.99% of browsers).

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.