August 2007 - Posts

VMWare Guest Isolation Vulnerability
I have run across a design issue in VMware’s scripting automation API that diminishes VM guest/host isolation in such a manner to facilitate privilege escalation, spreading of malware, and compromise of guest operating systems. VMware’s scripting API...
Posted: Aug 22 2007, 10:12 PM by MB's Windows Security
Filed under: , , ,
Lesson two on what not to do with a CAPTCHA
In my previous post on CAPTCHAs I mentioned that “…you need to make sure the end user can’t do anything to influence what code you pick.” For this example, I will pick on captchas.net, which provides a free CAPTCHA service for anyone...
Posted: Aug 22 2007, 01:02 PM by MB's Windows Security
Filed under: , ,
These CAPTCHAs are just not working out
Filling out a web form without also having to pass a CAPTCHA test nowadays is pretty rare. CAPTCHAs weren’t really that annoying to me when they were more of a rare occurrence but I have been finding myself more and more bothered with them lately...
Posted: Aug 21 2007, 08:47 PM by MB's Windows Security
Filed under: , , , ,
Once again, a search engine exposes private data
I almost feel embarrassed writing a post like this because it is such old news. Google hacking really shouldn’t be that interesting anymore. But it still is. Although Google Code Search hacking has been mentioned in the news many times already,...
Posted: Aug 21 2007, 08:15 PM by MB's Windows Security
Filed under: , ,