CMD.EXE and its shellshock-like qualities

“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.

“What, Cygwin’s bash?” I asked.

“No, in CMD.EXE.”

I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.

Read more

The CP/M-DOS forensics don’t prove much

I saw the headline on Slashdot: Forensic evidence trying to prove whether MS-DOS contained code lifted from CP/M. That got my attention, as the connection between MS-DOS and its predecessor, CP/M, is one of the great unsolved mysteries of computing.

Unfortunately, the forensic evidence doesn’t prove a lot.

Read more

Open-source licenses, the CISSP, and the real world

You may have a question about open-source licenses on your CISSP exam. I don’t remember the specifics and wouldn’t be able to repeat them anyway, but I had a question on my exam where knowing the differences was helpful in finding the right answer.

And I had to deal with an issue this past week involving open-source technologies where the licenses made a big difference.

Read more

WordPress Appliance - Powered by TurnKey Linux