GNUCITIZEN.ORG has been a very successful site so far and as a result we are receiving tones of requests from advertisers to work with us. Well, we are doing what we do for the love of information security and therefore we have to reject offers which does not quite fit into our vision.
However, I do realize that we should work in equilibrium with the rest of the system. [...]
We’ve got some audio from the past Black Hat conference I’ve already talked about over here and here.
Keep in mind that without the slides it will probably sound very boring. Both parts of the presentation can be found here and here.
I stumbled across this song today and I liked it. It represents to a great degree how I feel about changing things around me.
At GC we feel that change is always good and we always strive to experiment, to discover new things constantly. This need is frequently expressed in our blog posts and also services which we use as tool to open your client’s minds to perceive the world in a different way. [...]
Google Chrome is a fact. It is a nice and slick looking browser. It is open source and it has some nice security features. However, these security features strive to protect the user from attacks which try to takeover your browser and operating system. As I explained here, because nowadays most of the data is located on the Web, it makes sense to have built-in security features to prevent the various forms of information leaks, XSS, CSRF, etc. attacks as well. [...]
The details of the vulnerability were covered in my previous post. In this one I would like to briefly talk about the impact.
Obviously, the vulnerability is very simple. Simple yet effective. However, this is not the type of vulnerability someone can exploit on a massive scale. Here is why.
Attack Vectors
The key element of the attack vector presented in my previous post is the attackers’ ability to point the victim to a file hosted on a NETBIOS share. [...]
In this post I intend to give a brief overview of the QuickTime vulnerability which I partially-disclosed over here. I should have made these details public long time ago but better late than never. The vulnerability has been fixed for several months now and I believe it is safe to talk about it in the public.
Let’s start with an example. The following is the source code of a malicious QuickTime SMIL file:
First of all, we start with the SMIL header (SMILtext). [...]
I finally got some time to write! Anyway, I believe that many of you want to see my Black Hat slides. If you are not aware, we have our Laboratory domain now. The slides have been up since yesterday.
Yes, it is time for a coffee. Unfortunately, it does not look as good as the one from the picture above. The slides can be found here. The next post is all about the QuickTime vulnerability which I partially-disclosed over here.
It is time to rethink the way the desktop works. Some of my ideas may seem radical but sometimes evolution is the only solution to all of our problems. Read on…
I have this idea for quite some time now. [...]
It is true what many of you have heard. Google is releasing their own browser. Google Chrome, as they call it, is based on WebKit rendering engine and introduces some novel approaches to interacting with web technologies. I must say, it is very exciting to see all of this happening.
What makes Google Chrome different is its architecture. The browser is no longer single-threaded process. Each tab is actually a separate process with own memspace. [...]
I am heavily frustrated from the way the Web works today. Everything seems to be broken beyond reason. I really want to fix the damn thing but I realize that it is not up to me to do that. It is up to all of us to make sure that code is written in the most secure possible way. Can we do that? Perhaps not! What can we do then?
Before I get to the point, I need to tell you how I fixed my insecure Wordpress blog. [...]
