This great book ( has a reference (Background IDA on Linux, Chapter 10, page 196) to the patch I developed for TVision. This patch allows IDA to be run in the background on Linux:
I talked to Ilfak to add the patch to the TVision source code, however he told me that now there is a […]

Allthreats has born!!!. I started with this project one year ago, however I was really busy then and I coudn’t finish it before. Now it’s time to announce it. Allthreats is a free online network traffic analyzer. This system is able to analyze a pcap file with several tools: IDS (only Snort at the moment […]

Part II: Skype File URI Security Bypass Code Execution Vulnerability

It’s time to reveal all the information about this vulnerability. I discovered ir several months ago. It was published via Idefense. Not too much information was revealed however it was more dangerous than the people thought
Basically Skype has some security restrictions when a file: URL is sent to a chat conversation. This URL is linkable […]

Virus Bulletin 2008 (Ottawa)

I’m back from Virus Bulletin 2008. This year it has been in Ottawa (Canada). This is my second VB. This year I’ve done a presentation about a project that I’m developing in Panda. You can download the slides:

If want to read more abou it, you can download the entire paper: “Graph, Entropy and Grid Computing: […]

Skype File URI Security Bypass Code Execution Vulnerability

Idefense has published my advisory about a potential security vulnerability in Skype. Explotation of this issue allows an attacker to execute arbitrary code.
To exploit it, an attacker needs to construct and send to the victim (as a skype chat message) a malicious file: URI. There are two flaws with this advisory. Once of them is […]

IDALinux in background: New patch for Tvision (release 20/11/2007)

There is a new Tvision version (released on 20/11/2007). You need it if you want to recompile Tvision for IDAPro 5.2. The patch to launch IDA in background doesn’t work with this Tvision package, so i have released a new patch for it. Enjoy it.
Tvision patch for IDALinux (Version 0.2) for TVision IDA port […]

Load Average, what does it mean?

The three load-average values in the first line of top output (you could use uptime or w (who) command too) are the 1-minute, 5-minute and 15-minute load average of the system. But what does load average really mean?. Reading from left to right, these values are the CPU load average for the last 1, 5 […]

Trend Micro SSAPI Long Path Buffer Overflow Vulnerability

This is my last discovered vulnerability. It’s a vulnerability in a Trend Micro product. Read the Idefense advisory.
I had developed a PoC for W2K SP4 however a PoC for WinXP is hard to develop because i couldn’t find a call esp, or similar instruction, with an unicode address format.
This is the technical analysis […]

NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities

In april I shared with Eset two discovered vulnerabilities (two stack overflow) in NOD32 Antivirus. they are very basic threats but can lead to local/remote arbitrary code execution.
Eset was contacted on April 19 and I receive a fast response. The comunication with Eset had been great, and the threats were patched fast (the update is […]

User Mode Linux: Bus error - the /dev/shm or /tmp mount likely just ran out of space

Sometime, when you are compiling some big applications inside UML, you can get a UML hang with the error:
Bus error - the /dev/shm or /tmp mount likely just ran out of space
Kernel panic - not syncing: Kernel mode signal 7
After some research and googling i could solve the problem. The host system had mounted […]