http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-12-07 18:17:39 - Fotis' Blog : Before some days I decided to create a dynamic DNS service for a domain I own There are many dynamic DNS services, eg dyndns and FreeDNS, but none gives you the power I wanted For example I needed custom records such as SSHFP but most services don't allow you this type of entries Also, many http://www.secuobs.com/revue/news/345890.shtmlhttp://www.secuobs.com/revue/news/345890.shtml Secuobs.com : 2011-10-23 18:21:22 - Fotis' Blog - It's been a long time since I last updated my blog I have been very busy and I had no time to write a complete post I have started writing some posts but I never managed to finish them To be honest I knew that this may happen from very beginning, when I installed wordpress http://www.secuobs.com/revue/news/336410.shtmlhttp://www.secuobs.com/revue/news/336410.shtml Secuobs.com : 2010-03-25 00:55:55 - Fotis' Blog - Together with my presentation at 0 375 0 2 check previous post , I wrote a proof of concept program, PreZ What it does is create a new thread at a running program I will give a small description of the way it works The images below are taken from the presentation and refer to the linux version http://www.secuobs.com/revue/news/205156.shtmlhttp://www.secuobs.com/revue/news/205156.shtml Secuobs.com : 2010-03-22 22:14:33 - Fotis' Blog - It s been a LOT of time since I last posted to my blog Unfortunately, I ve been too busy to write something even if I had some ideas So, here is my first post after more than a month of absence I recently made a presentation at the 0 375 Thessaloniki Tech Talk Sessions You can find more info http://www.secuobs.com/revue/news/204158.shtmlhttp://www.secuobs.com/revue/news/204158.shtml Secuobs.com : 2010-01-14 11:41:01 - Fotis' Blog - I recently found a youtube video thanks stateless with professor Fernando Corbato It is about timesharing, something revolutionary at 1964 MIT professor Corbato is the founder of Multics which later lead to the creation of UNIX He has also received the Turing award for his work on resource sharing The video lasts 27 minutes but http://www.secuobs.com/revue/news/181508.shtmlhttp://www.secuobs.com/revue/news/181508.shtml Secuobs.com : 2010-01-04 00:08:17 - Fotis' Blog - There are a number of different bases, or radices Most of us use the decimal positional numeral system, ie base 10 for our everyday jobs When it comes to computers most people use the binary, the hexadecimal or even the octal numeral system However, there are a number of different unusual bases For example, there are http://www.secuobs.com/revue/news/177702.shtmlhttp://www.secuobs.com/revue/news/177702.shtml Secuobs.com : 2009-12-20 00:52:27 - Fotis' Blog - It s been a long time since I last posted something at my blog Unfortunatelly, I m too busy so I have almost no time to write something This post is about the online defrag the ext4 filesystem supports It is a very cool feature and allows you to defrag any file without even unmounting a filesystem This http://www.secuobs.com/revue/news/174325.shtmlhttp://www.secuobs.com/revue/news/174325.shtml Secuobs.com : 2009-12-01 05:13:27 - Fotis' Blog - I have moved my site to another host So if you have any problems please contact me or leave a comment More posts will come soon http://www.secuobs.com/revue/news/167078.shtmlhttp://www.secuobs.com/revue/news/167078.shtml Secuobs.com : 2009-11-20 15:49:39 - Fotis' Blog - Creating threads, mutexes, setting attributes and joining can be very easy using the pthreads library However, there are times when you don t want to link your program with another library or you need something fast As an example you can see the pipe exploit where I need only two threads to trigger the race condition Here s http://www.secuobs.com/revue/news/163418.shtmlhttp://www.secuobs.com/revue/news/163418.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Hello and welcome to my brand new blog Before some time I started a blog hosted at wordpresscom It was written in Greek and although I translated some posts to English, there were people who told me that they couldn t read it and an English blog would be much better Now I have registered a new domain name based on my http://www.secuobs.com/revue/news/157804.shtmlhttp://www.secuobs.com/revue/news/157804.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Yesterday I was trying some features of the google search engine such as the built-in calculator After trying some simple functions that it supports, I wanted to see its limitations First, I tried searching for 1 0 or ln 0 in order to see if it has support for infinity The calculator didn t even show up http://www.secuobs.com/revue/news/157803.shtmlhttp://www.secuobs.com/revue/news/157803.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Kgdb is a source level debugger for the linux kernel It requires two machines, one running a kernel compiled with kgdb enabled and the second one running gdb It can be found at sourceforge and a light version has been merged into the 2626 kernel There is an article at kerneltrap which contains all the http://www.secuobs.com/revue/news/157802.shtmlhttp://www.secuobs.com/revue/news/157802.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - This is the second time I write a post about inline assembly The last one was at my old blog which I had to remove However, since that was the most viewed article I think I should write about this again Although this is just a small introduction, you must know C and assembly in http://www.secuobs.com/revue/news/157801.shtmlhttp://www.secuobs.com/revue/news/157801.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - One of the biggest problems I face sometimes is what should I do when I find a bug I recently found a bug at the linux kernel version 2630, which was fixed at 2631, but I only told it to a friend of mine Posting the description to a mailing list or at my blog http://www.secuobs.com/revue/news/157800.shtmlhttp://www.secuobs.com/revue/news/157800.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Before some months, at the Black Hat 2009, Moxie Marlinspikes and Dan Kaminsky presented a vulnerability that exists at some implementations of SSL It s concept is pretty simple, you request a certificate having as a CN common name wwwpaypalcom x00examplecom This can be easy, especially for some public key infrastructures operated by companies for their internal needs, http://www.secuobs.com/revue/news/157799.shtmlhttp://www.secuobs.com/revue/news/157799.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Recently one of the people I follow at twitter yes, I have a twitter account, you can follow me asked if anyone knew an option for lynx which would make it bind to a certain interface I searched the manual page but there was no such option Some programs, like netkit telnet, have an option http://www.secuobs.com/revue/news/157798.shtmlhttp://www.secuobs.com/revue/news/157798.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Commit afc2b6932f48f200736d3e36ad66fee0ec733136 at the linux kernel is about a NULL pointer dereference that happens under certain circumstances As many of you already know, NULL pointer dereferences are exploitable and are actually a hot topic lately You can find a lot of references, such as Julien Tinnes great blog post, Brad Spender s enlightenment framework, etc I http://www.secuobs.com/revue/news/157797.shtmlhttp://www.secuobs.com/revue/news/157797.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Recently I received some comments from a friend about a previous article on linux kernel debugging using kgdb What he asked me was how could he load symbols from a kernel or a kernel module So I wrote a quick guide to help you start with kernel debugging After each step I will show you http://www.secuobs.com/revue/news/157796.shtmlhttp://www.secuobs.com/revue/news/157796.shtml Secuobs.com : 2009-11-05 14:58:52 - Fotis' Blog - Another exploit for the kernel pipe NULL pointer dereference bug This one is inspired by Spender s great work for his enlightenment framework It seems to exist at every 26 and 24 kernel version I ve tested Another sock_sendpage maybe This sample exploit only works for versions 2617 You can download it here As usual more information in http://www.secuobs.com/revue/news/157795.shtmlhttp://www.secuobs.com/revue/news/157795.shtml