Was I just overcharged for a free copy of Windows 10 ???

Everyone is talking about Windows 10, and articles pop out left and right informing people about the new and technically the "last version of" Windows you will ever need! Well, to rephrase that, Microsoft is presenting Windows 10 as "the last version of Windows" you’ll ever need to get. After that, you will receive regular feature updates and product improvements.

shell: command in Windows - Did you know?

I recently discovered that not many people are aware of the shell: command in Windows. Windows Explorer (not the Internet Explorer) recognises the command shell: allowing you to open specific system folders. (you can also use: shellnew: instead of shell:)

For example, type the command shell:startup in the address bar and hit Enter.

This action will open the StartUp folder which under Windows 8.1, it is located here:

C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Burp Suite - Error handshake alert: unrecognized_name

This is the first time I had to deal with this error in Burp and I was trying to figure out what was the problem. It seems there is a problem with Java which causes Burp to fail when accessing some specific websites. This is the screen you get when this particular error occurs. 

Figure 1 - Burp Error handshake alert: unrecognized_name

If you ever stumble upon this problem the solution is easy once you know what to do. As a start, make sure you have the latest version of Java installed. 

What is the process to verify a particular certification?

I recently had people coming to me asking me what is the process to verify a particular certification and if I knew of a centralised way for doing this. 

Unfortunately (or fortunately as some may say) there isn't a centralised way where you could query for a particular certification. 

For example, the PCI Security Standards Council (PCI SSC) maintain a list of all certified companies and Qualified Security Assessors which is constantly up-to-date. If you want to verify a consultant's certification the only thing you need to do is to visit this link. 

Anyhow, this blog post is intended as a reference guide to the various webpages where you can verify a particular certification. If you do know of any other or you found that the list needs to be be updated just send me a message on Twitter and I will update it as soon as possible.

Below, the certifications are listed Alphabetically according to the respective company which have issued each certificate. 

Critical Patch by Microsoft - MS15-078

Vulnerability in Microsoft font driver could allow remote code execution. This vulnerability requires immediate remediation (16 July 2015). 

Microsoft patch MS 15-078 addresses a serious security flaw found in the way Windows products read certain types of fonts. 

An attacker can send you an office document or ask you to visit a specific web page with a specific font being used. The attack is straight forward and simple to execute, and for that reason it is highly important to patch immediately. 

The attack is possible because it focuses on the Windows Adobe Type Manager Library and the way it deals with OpenType fonts, allowing Remote Code Execution. 

Please note that this vulnerability affects all modern versions of Windows. Also, if you install a language pack after you install this update, you must reinstall this update. Therefore, install any language packs that you need before you install this update. For more information, see Add language packs to Windows.