Robert Hensing's Blog
Software Security . . . and stuff.
This week's Fail Open Goat Award goes to - Credit Card Processing
https://www.veracode.com/blog/2008/10/credit-cards-failing-open/
Date: 11/02/2008
Microsoft SideSight?
Looks cool: https://www.gearlog.com/2008/10/microsofts_sidesight_something.php
Date: 10/29/2008
SmoothHD
Akamai / IIS7 / SilverLight 2.0 / VC-1 == HD over broadband happiness. It's sort of cool - the video...
Date: 10/29/2008
Mass SQL Injection : The Chinese Way
The blog pretty much speaks for itself:...
Date: 10/23/2008
Out of band security update planned for today (MS08-067)
Updated 10/23/2008 @ 1:17pm ESTWe have pushed the update live - here's the direct link to the...
Date: 10/23/2008
Flash 10 & IE8b2 Per Site ActiveX
So I've got IE8b2 installed on all of my machines and I've noticed that since installing Flash 10...
Date: 10/22/2008
Flash 10 is out - install it like . . . yesterday.
If I were a bad guy and I wanted to pwn lots of people via the web - I'd probably focus my efforts...
Date: 10/17/2008
MAPP + Exploitability Index == Protected Customers, Better Security Update Prioritization
Today we officially launched our MAPP program...
Date: 10/14/2008
Shostack on "Threat Modeling"
Adam Shostack is incredibly smart - and he also happens to be responsible for managing the threat...
Date: 10/13/2008
iPhone running WM 6.1?
Okay - I'm not sure if this is real or not - but the interview itself is hilarious - the questions...
Date: 10/13/2008
I'm a PC and I fight for the users . . .
Tron Guy makes a cameo in our "I'm a PC" video wall:...
Date: 09/22/2008
Extreme Ad Makeover - We are now entering "the 2nd phase"?
You know, I have one simple request. And that is if we are to have an ad campaign with sharks, that...
Date: 09/18/2008
Zune 3.0 - Using wifi to download songs right from the ZMP (speed test)
Today a friend asked me how fast downloading songs / albums from the ZMP was and I had to admit - I...
Date: 09/17/2008
GOVCERT.NL and German authorities recommend against installing Chrome!?
It was only a matter of time - the first few days worth of bugs were so bad I gave up covering them...
Date: 09/12/2008
Why I'm not running Chrome anymore (back to IE8 beta 2 for me)
https://www.milw0rm.com/exploits/6367Long strings leading to stack overruns? Really Google? Srsly? I...
Date: 09/05/2008
It begins . . .
UPDATE: Go here and watch the video - it's higher resolution and better:...
Date: 09/05/2008
On Chromium and Practical Windows Sandboxing
UPDATE 9/13/2008: The authors of the Chromium whitepaper linked to below wrote to me the day after I...
Date: 09/03/2008
Google Chrome coming today? Launch early and iterate? srsly?
UPDATE: Reading the Google chrome comic that I received offline - man, I have to admit, this does...
Date: 09/02/2008
The truth about the Dowd / Sotirov Vista memory protection bypass stuff
Good short interview with Sotirov who clarifies what actually happened at Blackhat for some folks:...
Date: 08/12/2008
Happy Patch Tuesday - Random thoughts
The SnapShot Viewer 0-day that has seen limited exploitation in the wild is now patched - here's an...
Date: 08/12/2008
VMWare Fail Closed Goat Award
Here's one for the schadenfreude files - VMWare users running ESX 3.5.x Update 2 will be unable to...
Date: 08/12/2008
OpenID Fail Open Goat Award
Really interesting that CRL checks aren't baked into a lot of open source OpenID providers:...
Date: 08/08/2008
Today's Fail Open Goat Award goes to: Insecure 3rd party software updaters
You'll notice Microsoft's auto-updaters (Windows Update / Microsoft Update / Automatic Updates) are...
Date: 07/29/2008
2% of a big number, is a big number
Don't be evil.https://blogs.pcmag.com/securitywatch/2008/07/google_blogger_hosts_2_of_worl.php
Date: 07/24/2008
Microsoft Mojave
"We are here in San Francisco, where we've secretly replaced the fine operating system these people...
Date: 07/24/2008
Antivirus fail . . .
Lately I'm not a big fan of AV and it amazes me that AV hasn't been beaten up more badly than it has...
Date: 07/24/2008
DNS Fail Open Goat Award
Kaminsky's flaw has a metasploit module: https://www.caughq.org/exploits/CAU-EX-2008-0002.txt On the...
Date: 07/23/2008
Pwnie Awards - Vista nominated for . . .
Most Epic Fail: https://pwnie-awards.org/2008/awards.html#fail Gee . . . I hope we . . . win? No . ....
Date: 07/22/2008
Dan's DNS checker - We need a new ship!
Heres' an interesting, somewhat reflective blog from Kaminsky on security researcher drama, and how...
Date: 07/13/2008
Chris Rohlf joins Matasano
I have mad respect for Matasano and I can't believe a friend of mine now works...
Date: 07/13/2008
Memory dumpers for Windows
So I still get IR related questions on occasion . . . one of which being 'what is the best way to...
Date: 07/03/2008
Adobe Acrobat 9 - Creamy Security Goodness (on Vista / WS2008)
So I noticed yesterday that Adobe had quietly released Acrobat 9 to the web. I decided to download...
Date: 07/03/2008
Dino secretly wants Apple to release 64bit Vista
Interesting article from Dino: https://blogs.zdnet.com/security/?p=1325 Vista x64 has like . . . 4.5...
Date: 06/24/2008
Today's FOGA goes to Google for (implicitly) admitting they have a problem (via stopbadware.org)
Man - not sure why this didn't grab the media's attention until today:...
Date: 06/24/2008
SQL injection is teh suck . . .
So do something about it:...
Date: 06/24/2008
Security 'silly season' has officially begun . . .
In Formula 1, silly season usually begins near the middle to end of the F1 calendar (although it...
Date: 06/24/2008
Microsoft Blogs and Web Resources about Security
This guy has spent an insane amount of time collecting and organizing useful security links . . ....
Date: 06/19/2008