If you have an own PKI in your AD, you may stop reading and move on. Nothing to see here. My gut however tell me, many mid-sized companies don’t have one and are at the mercy of Alex Neff’s Python script. Wsuks2 positions itself as man-in-the-middle between a Windows Update Server (WSUS) and the various servers/clients. Read more

Security through obscurity1 is not working. This is not an allegation, it is a proven fact. Today’s proof has a particularly large impact on worldwide Microsoft Windows installations. The Windows Security Centre (WSC) API2 has been made to accept any program as an anti-virus solution. The WSC works as follows: If a manufacturer of an AV security solution wants to install his snakeoil, he/she first has to be able to switch off the anti-tempering mechanisms so that it is not identified as malware. Read more

Yes, I have a passion for exotic languages. This time I experimented with Purebasic1 and wanted to see how quickly a robust, multi-threaded HTTP REST API could be created. Cross-platform for Linux, Windows and OS X, free of additional dependencies as a single-file binary behind a reverse proxy that takes care of everything with TLS and load balancing. Read more

It feels like I’ve been getting more and more follower requests lately that I just have to turn down. Sometimes there are empty profiles, sometimes newly created ones, sometimes profiles with content, comments and followers, where I ask myself: Do you really want to stand in a context with these people? Read more