LuisRei.com

The semester is almost over. Only minor stuff to do now.
Yesterday I read Dan Kaminsky’s Learning From Sony: An External Perspective. I would argue that the AV industry will not take the side of their customers in the future and it has made that clear. I remember Symantec stating that their definition of rootkit [...]

“Everybody needs a nap” is the beautiful conclusion to this article on the most recent Apple QA fuckup. Instead of admitting this was entirely their fault, Apple decided to also blame MS for it’s mistakes,
As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset [...]

I just found Didier Stevens’ blog. In this entry, he goes through the process of reverse engineering and encoding scheme which turns out to be base64.
Funny stuff.
By “just found” I meant “found it a couple of weeks ago or something and just bothered to post it now”.

I forgot to post this during the week before the GLP (tsk tsk):
I finally got around to (mostly skim) reading Apple’s Secure Coding Guide. It is a very good, very clear, simple introduction to secure programming with some good pointers to other resources (links also available on the web page).
Still on the subject, Tom [...]

People willing to create their own alternative protocols
Covert channels
Side channel attacks (wikipedia) - didn’t read about any new one recently

What Were They Thinking? Anti-Virus Software Gone Wrong made me wonder if it’s such a good idea to be runing anti-virus software. I’ve always used AV software in Windows and I’ve advised others to do so too but in the past (almost) 10 years all that the AV software has managed to do effectively is [...]

There are two things I’ve long decided not to blog about (to quote South Park, “I’m not touching that one with a 60 foot pole“):
1) The Arab-Israeli conflict
2) Mac OS
So you’ll forgive me (or not) if I totally sidestep the issue - the one Thomas Ptacek, Rui Carmo and others have been going on about [...]

Bugle is a collection of search queries which can help to identify software security bugs in source code available on the web. The list at the moment is rather small (you get the idea though), hopefully people will start sending more queries. Source code review is not a straight forward operation , using the list [...]

Malware that encrypts files and asks for a ransom to decrypt them has become a popular alternative to the standard business model of malware (installing adware/spyware). It’s still very much in its infancy but it shows promise. Consider a virus “renting” a user his files… DRM for the worse guys (the bad guys being the [...]

Microsoft is providing a Toolkit to Disable Automatic Delivery of Internet Explorer 7. For now.

Thanks to a group of Americans, Galileo will be open. God job. I’m also happy to find out about this:
Afraid that cracking the code might have been copyright infringement, Psiaki’s group consulted with Cornell’s university counsel. “We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the [...]

A pact with the Devil (PDF) is a very interesting paper even if you’re not a fan of computer security papers. It’s a paper for the whole family to read. Abstract:
We study malware propagation strategies which exploit not the incompetence or naivety of users, but instead their own greed, malice and short-sightedness. We demonstrate that [...]

I broke into uncontrollable laugher after I read this post (via Halvar Flake). I was like “ROTFLOL! DUMBASS!”. Than after I finally stopped laughing I realized that the guy that made the post is not only an experienced programmer but also apparently a researcher? How can anyone be a C programmer for years (hell, even [...]

How secure are the security products we use? After the witty worm a lot more people began asking that question. That there are poorly designed “security” products out there no one doubts. That some security products make a lot of ‘noise’ to ensure users know they are doing something is a well known fact (lots [...]

Symantec discontinues L0phtcrack.
We had some good times together…