http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-03-24 06:18:01 - Kernel Mustard : I tweeted something a bit ago that I think deserves a bit more of an explanation This is creepy dig OpenDNS wwwgooglecom IP address of OpenDNS proxy http bitly aIQ481 Background I ve always been suspicious of DNS servers that I don t own And of some of the ones I do own, but that s another story So, I ve http://www.secuobs.com/revue/news/204784.shtmlhttp://www.secuobs.com/revue/news/204784.shtml Secuobs.com : 2010-03-10 12:20:26 - Kernel Mustard - Sorry for all of the blog spam I had experimented with the idea of auto-posting my tweets to my blog, on the theory that I rarely tweet, and it tended to be the same sort of thing I d have posted here Turns out that I tweet more often than I thought, and generally about pretty http://www.secuobs.com/revue/news/200177.shtmlhttp://www.secuobs.com/revue/news/200177.shtml Secuobs.com : 2010-03-10 12:20:26 - Kernel Mustard - I just saw Sergey Bratus s talk at TROOPERS 10 He s an interesting guy, and his talk was good He s a CS professor at Dartmouth, and he s actually making an effort, on behalf of the academic community, to inject some genuine security clue into the education of CS students He obviously has a tough topic to http://www.secuobs.com/revue/news/200176.shtmlhttp://www.secuobs.com/revue/news/200176.shtml Secuobs.com : 2010-03-09 20:03:20 - Kernel Mustard - OpenSSL site is back up Here s the rfc5746 announcement http bitly buleD4 http://www.secuobs.com/revue/news/199877.shtmlhttp://www.secuobs.com/revue/news/199877.shtml Secuobs.com : 2010-03-09 20:03:20 - Kernel Mustard - RT marshray WEareTROOPERS In Heidelberg for troopers10 anyone going out Headed to Untere Straße 41 79 843 96 82 to meet up http://www.secuobs.com/revue/news/199876.shtmlhttp://www.secuobs.com/revue/news/199876.shtml Secuobs.com : 2010-03-08 18:16:08 - Kernel Mustard - I m getting ready to head out to Heidelberg, Germany with Marsh to attend TROOPERS10 Marsh and I are finally doing a more technical version of the TLS talk It should be a great time If you re going to be in the area Heidelberg or northern Switzerland, where I m flying in out of , drop me a line http://www.secuobs.com/revue/news/199398.shtmlhttp://www.secuobs.com/revue/news/199398.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - Had much fun on the responsible disclosure panel Thanks mckeay and hdmoore, k3em0, bradarkin, Michael and Tim for a fun conv http://www.secuobs.com/revue/news/199321.shtmlhttp://www.secuobs.com/revue/news/199321.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - ShmooCon vids up Once again, sorry about the sweaters http bitly ahw0CW http://www.secuobs.com/revue/news/199320.shtmlhttp://www.secuobs.com/revue/news/199320.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - If you thought typing https gmailcom into your browser was the safe way to get to GMail w o sslstrip you d be wrong http://www.secuobs.com/revue/news/199319.shtmlhttp://www.secuobs.com/revue/news/199319.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - Light Blue Touchpaper provides rigorous grounding for what we already knew security questions suck http bitly aIY8ZQ via Rootsecure http://www.secuobs.com/revue/news/199318.shtmlhttp://www.secuobs.com/revue/news/199318.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - Insane SSL is so broken that even Schneier thinks it s useless Or something like that http bitly d4DEY5 http://www.secuobs.com/revue/news/199317.shtmlhttp://www.secuobs.com/revue/news/199317.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - iphone re-unlocked blacksn0w ftw http://www.secuobs.com/revue/news/199316.shtmlhttp://www.secuobs.com/revue/news/199316.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - Neat SMS question to GOOGLE eg, wal-mart, leawood, KS and get an answer w ph , address, and maps link http://www.secuobs.com/revue/news/199315.shtmlhttp://www.secuobs.com/revue/news/199315.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - Looks like OpenSSL 098m was released, with support for safe renegotiation RFC 5746 But,, opensslorg is down Popular release http://www.secuobs.com/revue/news/199314.shtmlhttp://www.secuobs.com/revue/news/199314.shtml Secuobs.com : 2010-03-08 13:45:34 - Kernel Mustard - Oh yeah, and Apahce 2215 with safe renegotiation support Doesn t look like it got backported to 20, which is vulnerable http://www.secuobs.com/revue/news/199313.shtmlhttp://www.secuobs.com/revue/news/199313.shtml Secuobs.com : 2010-03-07 15:46:06 - Kernel Mustard - I ve updated Wordpress and am thinking about starting to blog again If nothing else, I need to keep up with my recent one-post-per-year pace, and 2010 doesn t have anything in it yet Somehow it feels like I have less time than ever lately, so we ll see if I can keep up http://www.secuobs.com/revue/news/199113.shtmlhttp://www.secuobs.com/revue/news/199113.shtml Secuobs.com : 2009-02-12 22:45:32 - Kernel Mustard - I’m starting a new Internet radio show, Security Break Live Startingtomorrow at 11:00 Central, and every two weeks after that, I’ll behosting a half-hour call-in Internet radio show discussing datasecurity topics Tomorrow’s topic is “ATM fraud in broad daylight,”and for the occasion I’ll be dissecting the various ways that Bad Guystry http://www.secuobs.com/revue/news/61384.shtmlhttp://www.secuobs.com/revue/news/61384.shtml Secuobs.com : 2009-02-06 05:45:40 - Kernel Mustard - I read a study about high-fructose corn syrup today, after being amazedby another article I read about how they make the stuff TheWikipedia entry has a lot to say too Here’s the kicker: at leastsome HFCS has a higher mercury concentration 056 ppm than most*fish you eat So, if you’re someone who http://www.secuobs.com/revue/news/59128.shtmlhttp://www.secuobs.com/revue/news/59128.shtml Secuobs.com : 2009-01-15 05:27:48 - Kernel Mustard - After a ton of time essentially off the Internet radar, mostly doingPhoneFactor stuff, I’m starting to get re-engaged with the onlineworld It having been a couple of years since the Web 20revolution, and since I started blogging, I thought I’d take a freshlook at some of the sites that seem to http://www.secuobs.com/revue/news/51617.shtmlhttp://www.secuobs.com/revue/news/51617.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - I’ve been working with Karin Meier-Magruder from the SDK team atMicrosoft to get everyone’s favorite tool, errexe, re-added to thePSDK She’s working on getting it done, but meanwhile, as a specialtreat for Kernel Mustard readers, I have a newly updated errexe readyfor download There’s a EULA inside the zip that governs http://www.secuobs.com/revue/news/34526.shtmlhttp://www.secuobs.com/revue/news/34526.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - If you are in or near data security and you haven’t heard ofMetasploit, you owe it to yourself to check it out The RiskAnalysisblog observes today that Metasploit is the security Mendoza line I’lllet them explain the analogy for the non-baseball fans in the crowd Ithink I forgot to mention the release http://www.secuobs.com/revue/news/34525.shtmlhttp://www.secuobs.com/revue/news/34525.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - Ken and Rich Johnson from MSRC were both extolling the virtues of hiew asa hex editor a few weeks ago I recently needed to do some hex editingof a pcap file needed to manually munge some network packets for IMdriver testing, and my new laptop didn’t have a hex editor yet, sohttp://www.secuobs.com/revue/news/34524.shtmlhttp://www.secuobs.com/revue/news/34524.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - Intel is phasing out single-core desktop processors The end of the endof an era UPDATE: Ken covered this a while ago regarding a similardecision by AMDhttp://www.secuobs.com/revue/news/34523.shtmlhttp://www.secuobs.com/revue/news/34523.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - I’ve been hearing little anecdotes about Win7 for months now, but Ars hasone of the better articles I’ve seen so far Interesting: Traut runs ateam of about 200 software engineers at Microsoft that is responsiblefor the core kernel scheduling, memory management, boot sequence, andvirtualization technology such as Virtual PC and Virtual Server http://www.secuobs.com/revue/news/34522.shtmlhttp://www.secuobs.com/revue/news/34522.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - It’s been a long time since I’ve posted anything, but I promise this isgoing to be worth it: http://wwwyoutubecom/phonefactor Thanks to DanLeafblad for doing all the hard work to pull this together And Shameon Evan Conway for making me wear a conehead hat It looks… well… justwatch the video…http://www.secuobs.com/revue/news/34521.shtmlhttp://www.secuobs.com/revue/news/34521.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - Never argue with an idiot They drag you down to their level and thenbeat you with experiencehttp://www.secuobs.com/revue/news/34520.shtmlhttp://www.secuobs.com/revue/news/34520.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - Ken, Soren, and I are at DDC 2008 this week So far, the talks have beengreat, as is the weather If you’re around, drop one of us a line-Stevehttp://www.secuobs.com/revue/news/34519.shtmlhttp://www.secuobs.com/revue/news/34519.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - If you own a driver that makes assumptions about what processor you’reexecuting on at any point, you may want to re-think that strategy Ithas been possible in the past to assume that, if you’re running atDISPATCH_LEVEL on a given physical processor, you can get away withless locking if you do per-processor data http://www.secuobs.com/revue/news/34518.shtmlhttp://www.secuobs.com/revue/news/34518.shtml Secuobs.com : 2008-11-09 14:21:50 - Kernel Mustard - Wow, who knew Well, apparently everyone else Sigh…http://www.secuobs.com/revue/news/34517.shtmlhttp://www.secuobs.com/revue/news/34517.shtml