An Autonomous Zone

An autonomous zone to promote an exchange of ideas, skills, and experiences with computer (in)security.

An Autonomous Zone header image 4

Entries Tagged as 'Uncategorized'

Windows Messaging and Shatter Attacks

July 8th, 2008 · No Comments

I was chatting a while ago about Windows Messaging with someone and the pitfalls associated with it.
So – if one is unfamiliar with Windows Message Handling here’s a decent brush-up:
http://www.codeproject.com/KB/dialog/messagehandling3.aspx
BTW – the following is pretty much taken from toassa (like one of the best tech books ever written): http://taossa.com/
Essentially – Windows OS’s deliver messages to [...]

[Read more →]

Tags: Uncategorized

Breach Misconceptions

July 7th, 2008 · 1 Comment

I came across an interesting blog post of security misconceptions from Errata Sec. a while ago:
http://erratasec.blogspot.com/2008/06/verizon-500-breach-report.html
Basically the data came from a report/study of 500 forensic investigations that Verizon released.
http://www.verizonbusiness.com/resources/security/databreachreport.pdf
Personally – I think the security industry is chock-full of misconceptions of the what/how/why of hackers and breaches.
While this report is interesting – the biggest problem [...]

[Read more →]

Tags: Uncategorized

IPC Pipe pitfalls, mistakes and solutions

July 7th, 2008 · 1 Comment

IPC Pipes (especially on Windows) are a pretty interesting topic for me because it has a lot to do with generic object and file security.
First, here’s the definition of a Pipe from msdn: http://msdn2.microsoft.com/en-us/library/aa365780(VS.85).aspx :
A pipe is a section of shared memory that processes use for communication. The process that creates a pipe is the [...]

[Read more →]

Tags: Uncategorized

Weak Permissions and Dangerous Signals and Stuff

July 7th, 2008 · No Comments

So I think this a really cool blog entry by the Windows master Mark Russinovich: “The Case of the Insecure Security Software”.
In short it discusses a tool he wrote called AccessChk which helps identify weak permissions problems. Apparently he had received some requests from groups within Microsoft and elsewhere to extend its coverage of securable [...]

[Read more →]

Tags: Uncategorized

Anyone interested in finding bugs?

July 6th, 2008 · No Comments

So I’ve written a couple of posts about some fuzzing methodologies, mods to tools, etc. Basically they kind of went over the fact that at the moment I’m into fuzzing compressed binary files like zip, cab, rar, etc. and my thoughts on how I’m going about doing it.
For the last little while I’ve been looking [...]

[Read more →]

Tags: Uncategorized