crazylazy.info

Why to hate typical Unix mailserver setups

I hate that stuff - and it's not that Postfix in particular sucks. But integrating with Postfix is absurd. Surely it works, and as long as it works nobody changes that stuff on how it's designed.

Even deploying an SSL/TLS setup is challenging. But no, you also need to install proper authentication. Locally, Postfix (for unknown reasons) is chrooted. People think that this is a security feature.

Malicious Office Documents

On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.

Some AV Vendors Lack Efficiency

Once upon a time we were living in a world where creating protective technology, still called Anti-Virus, was a good thing to do. These days vendors seem to be too relaxed with the idea of selling the pig in a poke.
(Source: Roel Schouwenberg's rant ;) - yes I reversed his message)

Teaching?

What took the most of us to learn,
is what we teach best.

I found a good collection of IT security specific learning materials. Even if you're an old hand in the fields, you might catch something new, nevertheless I guess it's a university course intended for starters.

Introduction and Source Code Analysis, Dan Guido
Reverse Code Engineering, Stephen A. Ridley
Memory Corruption, Dino Dai Zovi
Fuzzing, Mike Zusman
Client-side attacks and Post-Exploitation, Dean De Beer
Web Hacking, Erik Cabetas

About IT security and more

hey guess what: the trojan horse has got a black hat :)

The conference material at BH is always kewl. Attending to this con is highly expensive because it's far away - in my case. Well... here's the material publicly available. For personal entertainment: Follow this link.

Highlights for the moment Read more »

Not just the disks!

it turns out rock climbing sometimes is easier than diving.

Generations of forensic experts just used data from the hard-disk. They dived down deeply into the filesystems to dig for all kinds of incident. But what's with the surface?

It turns out if you've got a chance to get hands on RAM nowadays, you should take it. - Even in pentesting: here's why and how.

Why? Read more »

JS and the Acrobat bring the Swine Flu to Linux

Human or swine origin - in case of spammers that's now the question.

It seems to be a strange friendship: since JavaScript in Adobe's Acrobat Reader is common, targeted Office Malware attacks against it are everywhere. What's extraordinary dangerous here is, that especially unsophisticated users who just do their Office-stuff, are affected. - Not just the Administrator or any other IT person, that'll be far away to fix this.