Desktops from Sysinternals

It’s not a new concept but it’s still cool. Sysinternals have released a new tool
that allows you to have four virtual desktops. You can work on all four desktops
at once having different windows maximized/minimized in each:

image

 

You can download it at:

Desktops v1.0

 

One Major advantage of this tool is that it is a simple executable that has no need
for installations and it comes from Sysinternals…

DEP and ASLR in Vista circumvented?

Two researchers claim to have found a way to circumvent both Data Execution
Protection (DEP) and Address Space Layout Randomization (ASLR). These techniques
are meant to protect the way information is stored in RAM, ASLR is relatively new
and it randomizes the way that DLLs are loaded on startup dealing a sever blow
to anyone that would try to estimate which space in RAM a worm would need to overwrite
during a buffer overflow attack.

The researchers (Mark Dowd of IBM Internet Security Systems (ISS) and Alexander
Sotirov, of VMware Inc.) will discuss the weaknesses they have found at the Black hat
briefings in Las Vegas.

Book Review – Administering Windows Vista Security ,The Big Surprises

Haven’t managed to go through a book from cover to back in a long time. Well,
the draught has been broken. I picked up “Administering Windows Vista Security
The big surprises” (known henceforth as ‘the book’) and just finished reading it
cover to back. Summing it up:One of the better technical books I read in a long time.

The book covers security issues related to Windows Vista with the correct balance of
theory and practice, while the authors (Mark Minasi, Byron Hynes and Jennifer Allen)
do a great job of keeping you interested.

The book covers the following topics (and a few additional topics):

  1. UAC
  2. File and Registry Virtualization
  3. Mandatory Integrity Control (wrote about this a while back)
  4. BitLocker (Part 1,Part 2,Part 3[I hope])

Pros

  1. A relatively short and to the point book (255 pages)
  2. Focused on the topic (ok,I said that already,but I was so happy to read book
    that cuts down on the fluff that I had to mention it twice)
  3. Well written,easy to read
  4. Correct balance between theory and practice

Cons

  1. Written a long time ago (how about a second edition?)
  2. A few technical inaccuracies (due to the usage of pre-RTM software)

 

image

http://www.minasi.com/vistsecbook/

http://www.amazon.com/Administering-Vista-Security-Big-Surprises/dp/0470108320/sr=11-1/qid=1168300170