<![CDATA[Sowhat的blog]]> http://hi.baidu.com http://hi.baidu.com http://img.baidu.com/img/logo-hi.gif http://hi.baidu.com/secway zh-cn www.baidu.com 5 <![CDATA[激情奥运]]>

独得八金的外星人,菲尔普斯

回头张臂捶胸减速冲刺9.69秒的百米飞人博尔特

最后十多秒以一个一本绝地逆转的佟文
阅读全文
类别:Misc 查看评论]]> 2008-08-17 16:04 http://hi.baidu.com/secway/blog/item/eb4a7cb3bfab1ba1d9335ad5.html <![CDATA[Pwnie Awards 2008最终获奖名单]]> Pwnie Awards 2008的最终获奖名单:

Best Server-Side Bug:

  • Windows IGMP kernel vulnerability (CVE-2007-0069)

    Discovered by: Alex Wheeler and Ryan Smith

    Not only did Alex Wheeler and Ryan Smith lay claim to a lucky CVE

阅读全文
类别:Vulnerability 查看评论]]> 2008-08-12 10:37 http://hi.baidu.com/secway/blog/item/5d2f479b2f6410b3c9eaf4e5.html <![CDATA[Impressing Girls with Vista Memory Protection Bypasses]]> 期待已经的paper终于出来了.


Mark Dowd & Alex Sotirov
Impressing Girls with Vista Memory Protection Bypasses
拜读.
类别:Security 查看评论]]> 2008-08-08 22:31 http://hi.baidu.com/secway/blog/item/bde7b0ce69f9bf0592457e42.html <![CDATA[MAPP (Microsoft Active Protections Program)]]> 这个计划就是在补丁推出之前向AV,IPS等安全厂商提供漏洞细节.
主要是为了保护微软客户吧, 因为从推出补丁到exploit出来的时间越来越短了, 黑白红绿蓝客经常比安全厂商还要快.

当然这个计划不会向哪些卖漏洞和exp的厂商开放,比如CANVAS和CoreImpact.

参与这个计划的标准包括:
    * Members must offer commercial protection features to Microsoft customers against network- or host-based attacks.
    * Member 阅读全文
类别:Security 查看评论]]> 2008-08-05 23:12 http://hi.baidu.com/secway/blog/item/e80d8efad702c9d8b48f3111.html <![CDATA[F-Secure Reverse Engineering Challenge]]> http://www.khallenge.com/

Level One:
http://www.khallenge.com/c3d679cda24c6c4543e4ede3a65a0b64/FSC08_Level1.zip
类别:Security 查看评论]]> 2008-08-01 17:54 http://hi.baidu.com/secway/blog/item/c6c5ef824dc7e2b96c8119a5.html <![CDATA[Sexy Hacking]]> http://sexyhacking.com/

"Sexy Hacking is a series of online videos where sexy girls teach hacking techniques, tips, how-to's, tools, social engineering, security industry news and spoofs. Why read some boring news article or lame documentation when you can get the goods demonstrated by a sexy hacker girl? This is real information security - just sexier. "
类别:Security 查看评论]]> 2008-07-30 07:59 http://hi.baidu.com/secway/blog/item/b6e68f035a70f18ed43f7c33.html <![CDATA[测试你的DNS]]>
https://www.dns-oarc.net/oarc/services/dnsentropy

测了一下我家的,ft.


阅读全文
类别:Vulnerability 查看评论]]> 2008-07-28 10:34 http://hi.baidu.com/secway/blog/item/8318008da1981814b21bba75.html <![CDATA[漏洞: Flashblock绕过]]> 推荐Flashblock这个工具, 今天偶然发现, Flashblock+firefox3可以被轻易绕过.

使用Flashblock的同学可以打开下面这个页面测试一下:
http://secway.org/pr14/flashblock.htm

如果打开之后就能看到那个姑娘,说明你的flashblock被绕过了. (被youtube? youtube可以, 黑白客就可以)

开发者Phil 阅读全文
类别:Vulnerability 查看评论]]> 2008-07-25 19:17 http://hi.baidu.com/secway/blog/item/39131d063a10117d020881c3.html <![CDATA[Hacker in the stree]]>
http://www.youtube.com/watch?v=s-gUCb_L4b4


类别:无所不黑 查看评论]]> 2008-07-25 12:57 http://hi.baidu.com/secway/blog/item/2bc4feb16c655352092302fc.html <![CDATA[Skype Backdoor?]]> Speculation over back door in Skype

There has long been speculation that Skype may contain a back door. Because the vendor has not revealed details of its proprietary Skype protocol or of how the client works, questions as to what else Skype is capable of and what risks are involved in deploying it in an enterprise environment remain op

阅读全文
类别:Security 查看评论]]> 2008-07-25 10:22 http://hi.baidu.com/secway/blog/item/b6e68f03474acc8ed43f7c55.html <![CDATA[DNS欺骗漏洞代码已公布, 打补丁吧]]> DNS欺骗漏洞, 最近几个几个礼拜以来一直是焦点.
故事的发展也很有戏剧性.

在Microsoft, Cisco, Bind等各方联合发布补丁之后, 首先是质疑声一片, 很多人怀疑这个漏洞的威力,比如 matasano. 但是后来他们和Dan电话交流过之后, 立马被折服, 承认这个漏洞很牛x.

Dan同学打算去Blackhat Vegas做一个关于此漏洞的演讲, 所以细节也一直没有披露, 以为最起码能包到8 阅读全文
类别:Vulnerability 查看评论]]> 2008-07-24 08:55 http://hi.baidu.com/secway/blog/item/a022c5005df92d81e950cd48.html <![CDATA[买电视]]>
昨天跑去苏宁电器买电视, 放眼望去, 都是高清、LCD、平板、49寸。。。少说五六千,稍微nx点的,都在一万多两万。

没钱,就想买个一千多块的。找了半天没找到,一千块似乎连21寸的纯屏都买不到。
就在我累到快要绝望的时候,大老远看到一个nb闪闪放光芒的LCD电视,左上角贴个标签,“1085元”!
wk,赶紧冲过去,难得啊,外型也很cool,才一千出头,这哪家厂商这么好啊。。。

跑到跟前,刚想摸一下那电视,发现“1085元”左边还有两个 阅读全文
类别:Misc 查看评论]]> 2008-07-22 16:51 http://hi.baidu.com/secway/blog/item/43ca5c2e2a9589564fc226ab.html <![CDATA[2008 Pwnie Award nominees announced]]> Pwnie Award nominees

wushi大牛的flash漏洞被提名Best Client-Side Bug. 这个要支持!

Pwnie for Best Client-Side Bug

  • Adobe Flash DefineSceneAndFrameLabelData vulnerability (CVE-2007-0071)

    Discovered by: Mark Dowd and

阅读全文
类别:Vulnerability 查看评论]]> 2008-07-22 08:28 http://hi.baidu.com/secway/blog/item/8704cd093c3de7226b60fbe4.html <![CDATA[暴风影音0DAY]]> 一个暴风影音的0day, 挂马的同学又可以添新装备了, 因为这个漏洞可以通过浏览器远程触发.

至于dummy说的"因为此端口绑定的地址不是localhost, 从而导致此溢出可以 阅读全文
类别:Vulnerability 查看评论]]> 2008-07-20 20:59 http://hi.baidu.com/secway/blog/item/688e797b35d276f20ad18798.html <![CDATA[How to parse the .doc file format [SWI]]]>
How to parse the .doc file format
http://blogs.technet.com/swi/archive/2008/07/18/how-to-parse-doc-file-format.aspx

类别:Vulnerability 查看评论]]> 2008-07-19 10:58 http://hi.baidu.com/secway/blog/item/3a5153a412f600f19052ee93.html