http://blog.rickzhong.com Information (In)Security @ Where It Matters Mon, 17 Oct 2011 00:59:06 +0000 http://backend.userland.com/rss092 en #include<stdio.h> main() { printf("Goodbye World"); } http://blog.rickzhong.com/2011/10/17/rip-dennis-ritchie-1941-2011/% POP POP RET - Sample assembly pattern for exploiting SEH based vulnerability. After too much high level dealing with  IS risk, metrics, governance, I found myself a nice SEH exploit development tutorial from Corelan Team to fulfill my itchiness to the geeky stuff. Here it is - Link Nice neat stuff ... http://blog.rickzhong.com/2011/04/28/week-of-exploit-developement-basics-abusing-the-seh/% For the past one month, I probably spent half of my free time in playing Starcraft II on the Battlenet. While I am trying to pull back a bit and get back to the usual IS research stuff I am doing, I just find the two (Information Security & Starcraft ... http://blog.rickzhong.com/2010/10/04/information-security-and-starcraft-ii/% Recently th security industry becomes more and more exciting and "cool" with various 007 style secret operations. "Operation Dynamaphone" - Aug 3, two-day operation by UK and Ireland police to crack down a group of six individuals for pilfering funds from 10000 online banking accounts through phishing emails.  "Operation Pin Pad" - April 16 2010 Brazil ... http://blog.rickzhong.com/2010/06/21/information-security-the-007-style/% Finally I decided to give it a push and placed this part-time toy project to a bigger stage. I have registered this project with OWASP and I am pleasantly surprised by the level of support and encouragement from the OWASP folks. So here it goes - OWASP Security Assurance Testing ... http://blog.rickzhong.com/2010/03/08/owasp-security-assurance-testing-of-virtual-worlds-project/% Some advice from Heartland Payment CTO after the largest credit card data breach in history - Link from Bank Systems and Technology - http://www.banktech.com/blog/archives/2009/10/heartland_calls.html?cid=nl_bnk_daily Heartland Calls for End-to-End Encryption, Cooperation to Prevent Data Breaches http://blog.rickzhong.com/2009/10/21/get-the-security-geeks-in-the-room-and-kick-the-lawyers-out/% In an era when newsletter from vendors are almost the equivalent of spam emails, I am pleasently surprised by the content of Microsoft Security Newsletter - at least for this issue volume 6, issue 10. First of all it is of the right length, no chunky huge paragraph and with ... http://blog.rickzhong.com/2009/10/20/a-pleasent-surprise-from-microsoft-security-newsletter/% I can't believe this is the first entry in my blog for the past 6 month and we are more than half way through year 2009. It has been ... 'busy'... (err.. i tend to not use this word because everyone is busy and it's not really justifiable due to ... http://blog.rickzhong.com/2009/08/14/business-process-security-the-layer-8-of-information-security-model/% I have to admit that the recent malwares like Storm, Conficker have really impressed me - the various top-notch feature implementations and the strong skills and knowledges demonstrated. If you still think the malware developers are the bunch only knows to package published vulnerability POCs and inserts the payloads into ... http://blog.rickzhong.com/2009/03/31/from-storm-to-conficker-a-changing-perception-of-malware-developers/% What do you think of when you see the pinky pig ? :-) And the balance is tilt to the pinky pig !! http://www.iss.net/ [caption id="attachment_55" align="alignnone" width="300" caption="Oink..oink..."][/caption] http://blog.rickzhong.com/2009/03/02/get-rid-of-monday-blue-a-self-pwned-ads-from-ibm-iss/%