Skip to content

DirectShow Vulnerability Exploited Everywhere

The DirectShow vulnerabilities are being exploited all over the place now. Unfortunately, the second vulnerability in DirectShow is still unpatched and exploit sites seem to be jumping on this. There is even some evidence that it's possible to successfully exploit the vulnerability without even using JavaScript. New exploit domains are popping after every day. DirectShow now seems to be what Flash and PDF were earlier in the year.
Categories: Malware, Security, SpyBye
Defined tags for this entry: , ,

Finn (1999 - 2009)

Finn (1999 - 2009)
Categories: News

Testing the Zowada Forced-Air Manifold

I had time to forge down the 2in pipe for the nozzle today which completed everything needed for the burner. Here is a video of the first test run. Propane and air can be mixed separately via the gate valves which should allow precise control over the atmosphere in the forge.
Categories: Hacking
Defined tags for this entry: ,

The Village Blacksmith

The landlord visited today while I was working on some bolt jaw tongs. When he saw me blacksmithing, he told me that he used to turn the crank blower for a blacksmith when he was a boy and recited the following poem:
Under a spreading chestnut tree
The village smithy stands;
The smith, a mighty man is he,
With large and sinewy hands;
And the muscles of his brawny arms
Are strong as iron bands.

His hair is crisp, and black, and long,
His face is like the tan;
His brow is wet with honest sweat,
He earns whate'er he can,
And looks the whole world in the face,
For he owes not any man.
Continue reading "The Village Blacksmith"
Categories: Hacking

Cybercrime 2.0: When the Cloud Turns Dark

We recently published an article on web-based malware in ACM's Queue Magazine. It provides a short overview of some of the challenges with detecting malicious web sites such as social engineering and examples of techniques for compromising web sites, e.g. htaccess redirection on Apache, etc. This is the article on which my recent ISSNet talk was based.
Categories: Malware, Security, SpyBye
Defined tags for this entry: , ,

Making A Monkey Tool

I learned how to make a monkey tool today. Monkey tools can be used for dressing tenons. The basic procedure is as follows.
Take 1in square stock and chamfer the edges. Take a slot punch and move it about an 1in from the corner - this is the hammer end. Line the slot punch up very carefully, so that its straight and divides the stock in the middle. Hit it a couple times to get a registration. Now, get the stock nice and hot, align the slot punch with the registration, hit it hard three times, cool the slot punch in water, rotate it by 180 degrees and repeat. At some point, the slot punch is almost through, flip the stock over and use the slot punch to punch out the remaining piece of metal. Now, use a drift to open up the hole to the desired size. Start the drift from the other side of the slot. Doing this over the hardy hole is a good idea. With the slot still inserted, dress up the faces. Then chamfer the corners. Cut off the other side for the length of the tenon and drill a hole of the right size.
That's it. Out of the four holes I drifted only two came out sort of in the middle :-)
Categories: Hacking
Defined tags for this entry: