secgeeks's blog

I was reading on various websites that the bug has been leaked.halvar flake posted something and after that people at matasano chargen posted another post in response to that.although they quickly took it down.but considering the popularity of their blog many people already read that post before they took it down.i come to know that it has been available on reddit now.
considering the fact that they had got the details about this bug directly from the dan kaminsky(person who discover this bug) through a voice conference,i am sure that blog post contains some accurate details.  read more »

I m getting tons of spam daily.but this one is bit different.check it:

Special issue of news from CNN! Urgent Fresh News!
Usama bin Laden(Osama bin Laden) one of the largest organizers of terrorist activity, and similarly the largest leaders of terrorist organization of Al Kaeda, detained American soldiery force in Iraq.  read more »

Didier Stevens has modified spidermonkey (Mozilla’s C implementation of JavaScript) for malware analysis.he has added the support for following:
* document.write
* eval(arg) writes arg to a file

you can download it from
here

good work,hope it helps you in deobfuscating the scripts.

From last few months there is a rise in activex vulnerabilities.If we look at milw0rm than there are lots of POCs which exploits activex vulnerabilities.In this article i am going to show what is activex exploitation.

Introduction
ActiveX are com objects.Com is a technology used by microsoft,which allows using components written in one language to be used by another language.for example,suppose you have written one dll in VC++ then com allows you to use it in VB.  read more »

Spammers are everywhere.they are using almost all the sites to send fake antivirus[trojan],viagra and all the shitty stuff.I am receiving some stupid mails these days.some of them containts links to wikidot.com
following is one the url:
http[://]israel-viagra[.]wikidot[.]com
and following is the text:

?????? ??????
?????? ??????
?????? ?????
?????? ????

not sure what does it means though :-p anyone has any idea?
on the other side on visitng indiasphere.com my antivirus popsup saying the it contains some html trojan clicker.  read more »

many of the folks i interact with always says that sql injection and xss does not matter much these days.i say i m strongly disagree.it takes skills to write a buffer overflow/heap overflow and therefor not many people really preffer doing it that way.if you want to own some site i bet my first guess anyone will do is look for either sql injection or xss.
there are many such bugs discovered in various popular softwares.it is not possible to ignore this attacks.only thing i want to say here is take them seriously otherwise some kid will come an hack your site.

It has been quite on the news from last tuesday.Every security person i know is talking about this bug.Its a flaw in DNS implementation which dan kaminsky calls a design hole.He will disclose it at blackhat 2008 las vegas.He has one link on his website from which you can check wheather your DNS server is vulnerable or not.
here are some links which may help you:
here  read more »

The team behind the popular torrent site The Pirate Bay has started to work on a new encryption technology that could potentially protect all Internet traffic from prying eyes. The project, which is still in its initial stages, goes by the name “Transparent end-to-end encryption for the Internets,” or IPETEE for short. It tackles encryption not on the application level, but on the network level, the aim being that all data exchanged on your PC would be encrypted, regardless of its nature — be it a web browser streaming video files or an instant messaging client.  read more »

These days you might be getting lots of mails regarding best antivirus,xp antivirus 2008 etc.they claim to provide you one of the best antivirus available,although its a different thing that there sites are poorly coded,bad looking,text is messed up and on visiting those sites they automatically start downloading a exe.  read more »

I just come to know about a new service which supports the blogging by email.you only needs to send a mail containing a blog post and then this service will create a blog for you.No doubt it makes life much simple but then it can be misused easily.consider a case when someone want to spam the site as there are no login required some one can easily sent tons of spam from different ips,emails and the result will be dangerous.  read more »

i am quite busy these days and not getting time to manage secgeeks from last few months.things are changing now and hopefully i can get some free time to work on secgeeks now :)

Today i come to know about Hex Ray decompiler
i think it only works with the IDA pro and can generate pseudo code from the assembly.i think this what makes RE easier.consider a case of diffing two dlls,i know there is halvar flaks bindiff but that requires you to understand and digg through the assembly code while hex ray makes it easy to genrate the pseudo code and then you can easily determine the changes.  read more »

Dear Users,
update:i have removed tht due to some functionality problem.
I have added the support for voting down the stories which you don't like.I hope it will help to identify what you like and what you don't and then i can take proper actions.

Regards,
SecGeek

you can check the various presentations for BlackHat 2008 here
Personally i will recommend the DTrace and GSM hacking paper.
have fun in reading....

Dear Users,

As many users requested,I have added the support for searching using google on this site.Now you can search on this site for your favorite topics and keywords.

Cheers,
SecGeek

Today while surfing youtube.com a thought comes in mind.Spammers are deriving new ways to spam the users on the internet like audio spam,pdf spam etc. what if they started using video spamming?
Imagine that you visit youtube.com and found a video that has some hot and sexy chicks photos,videos which endorse some viagra or other products.at the last they display a url from where you can purchase them.these URLs are classic old urls which you daily receives in your spam.for once many novice and even experiance users will open that URL?  read more »

Looks like the script support in orkut scraps and profile is causing devasting effects to its users.daily there are new worms coming up which scraps everyones scrap book and send some stupid message.this messages are either contains some pornographic image or some trick to view others locked profile.  read more »

This is not related to security but i thought it would be nice to share with my readers.check out the story bellow(from http://consumerist.com):-  read more »

recently i was reading the shellcoder's handbook.its a nice book which contains the indepth chapters for buffer overflow,shell code,format string and other stuff.if you are starting to write your own exploits then this book is a must read.check it out.

I was reading about heap sprying techniques and i found one good presenatation which explains everything.it from determina and presented at blackhat.
you can download it's PDF here