Will Dormann

@wdormann

Vulnerability Analyst at the CERT/CC. My thoughts are my own, not my employer's.

Joined August 2012

Media

  1. 23 hours ago

    It is the CA's duty to revoke certificates issued for private keys that have been compromised (e.g. released to the public). If your social experiment is to see how a CA treats a customer who repeatedly proves that they are unable to control their private key material, go nuts?

  2. Feb 1

    It goes back to 2000, if not earlier. should know better than to claim they were there first without being quite sure about it.

  3. Jan 29

    I think I'd like to have a word with the folks involved with the creation/distribution of this sign.

  4. Jan 26

    I'll move to Hyper-V for virtualization on my home computer... Smaller attack surface, and enables the ability to use extra exploit mitigations. 1) Broadcom network driver causes BSODs when Hyper-V bridges a VM to that network. 2) Hyper-V NAT doesn't even provide DHCP. Sigh...

  5. Jan 26
    Replying to

    I'm not sure that I believe you. 1) The email came from servers 2) The email doesn't link to any site not on the domain. If it is a phishing email, you might have an insider threat problem. And a misguided one at that.

  6. Jan 26

    Hey , Find somebody at your organization that appreciates the difference between HTTP and HTTPS, and listen to them. Thanks.

  7. Jan 25

    Indeed! The GIMP developers have indicated that people do not expect the "Delete" key to delete pixels. Who knew?

  8. Jan 24

    Based on suggestions from and I've updated No longer requires dumpbin.exe or listdlls.exe (if Python pefile and psutil are available). Also exports the findings as a CSV. Any reported app is a good candidate for EMET or WDEG force ASLR!

    Show this thread
  9. Jan 23
    Replying to

    I can confirm that even in 2015, file extension matching involved some sorts of unexpected behaviors.

  10. Jan 22

    Since this doesn't seem to be a thing, I've created a rudimentary python script that does it. Seems useful. Note: For now it requires both Sysinternals ListDLLs and Microsoft dumpbin.exe

    Show this thread
  11. Jan 22

    Are there any tools to auto-enumerate any running processes in Windows that don't leverage ASLR themselves, or have libraries loaded that don't leverage ASLR? Sort of like what's outlined at but without requiring any user interaction.

    Show this thread
  12. Jan 21

    Wait, using the exact same UI as the "enable macros" bar, which as far as I can tell is used to compromise your computer? 🤔

  13. Jan 20
    Replying to
  14. Jan 20
  15. Jan 20

    Note that Citrix is rolling out changes to address CVE-2019-19781 for some versions at Unauthenticated users no longer appear to be able to request the pages in question.

    Show this thread
  16. Jan 20
    Replying to

    Just use btrfs, right? I'm pretty sure that users are fine with potential data loss if they choose to use RAID5/6. And performance that degrades with the addition of each new snapshot.

  17. Jan 19

    I think your CVE is a typo.

  18. Jan 17
    Replying to
  19. Jan 16

    CVE-2020-0601 : Read 's SSL And The Future Of Authenticity Though in this case it's not a rogue CA, but a Windows flaw that allows a certificate to claim to be issued by a CA that it wasn't. HTTPS spoofing is *one* example. Use your imagination here.

    Show this thread
  20. Jan 16
    Replying to

    I suspect that everyone is attempting to visit that site simultaneously right now, so expect connectivity problems. But when I was able to get to it from my phone:

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·