apache ssh key compromised... that's not nice :(
posted by omarg at
5:59 PM
0 Comments
Friday, August 28, 2009
Wednesday, August 12, 2009
M$ must patch
sans considered Microsoft August 2009 Black Tuesday Overview
plenty of awful vulnerabilities:
perhaps the worst one would be ATL (Active Template Library)
It is interesting that someone had already formed a theory in regards to MSVIDCTL.DLL
<snip>
This is a cute little bug. First of all, it is a beautiful example of a single excess "&" in the source code. But what is most amusing about this bug is the centrality of it
we have here is a bug in a component that is used fairly widely, and that has the property of being statically linked
<snip>
it affects many things, third party apps, including also M$ own outlook & windows media player.
Interestingly, this vulnerabilty has been patch in MS09-034 for IE.
plenty of awful vulnerabilities:
perhaps the worst one would be ATL (Active Template Library)
It is interesting that someone had already formed a theory in regards to MSVIDCTL.DLL
<snip>
This is a cute little bug. First of all, it is a beautiful example of a single excess "&" in the source code. But what is most amusing about this bug is the centrality of it
we have here is a bug in a component that is used fairly widely, and that has the property of being statically linked
<snip>
it affects many things, third party apps, including also M$ own outlook & windows media player.
Interestingly, this vulnerabilty has been patch in MS09-034 for IE.
Labels: security
posted by omarg at
11:55 AM
0 Comments
Friday, August 7, 2009
hibernation
active bear: 100 heart beats / min
hirbernating bear: ~ 8 heart beats /min
hirbernating bear: ~ 8 heart beats /min
Labels: stat of the day, the economist
posted by omarg at
10:32 PM
0 Comments
Monday, August 3, 2009
CSRF often pronounced "sea surf"
CSRF: Cross-site request forgery or XSRF.. basically type of subtle attack that exploit the hole where a browser has already been authenticated - to send unauthorized command.
Unlinke XSS (Cross-site scripting), which exploits the trust of a user to website, CSRF exploits the trust of a web tie in a user's browser.
some preventive measure:
RequestPolicy Firefox extension.
NoScript Firefox extension
Unlinke XSS (Cross-site scripting), which exploits the trust of a user to website, CSRF exploits the trust of a web tie in a user's browser.
some preventive measure:
RequestPolicy Firefox extension.
NoScript Firefox extension
Labels: security
posted by omarg at
11:51 AM
0 Comments
Previous Posts
- This blog has moved
- how corporation works in US, by Jon Stewart
- again...another IE 0-day...
- another IE 0-day...
- 60 minutes wingsuit base
- cool love story
- IE 0-day in the wild... scary...
- Adobe 0-day vulnerabilty... again ... again...
- IE 0-day in the wild... again
- drive by install... MS09-065.mspx
Archives
- November 2006
- December 2006
- January 2007
- March 2007
- April 2007
- May 2007
- June 2007
- July 2007
- October 2007
- January 2008
- February 2008
- March 2008
- April 2008
- May 2008
- June 2008
- July 2008
- August 2008
- September 2008
- October 2008
- November 2008
- December 2008
- January 2009
- February 2009
- March 2009
- April 2009
- May 2009
- June 2009
- July 2009
- August 2009
- September 2009
- October 2009
- November 2009
- December 2009
- January 2010
- February 2010
- March 2010
- deepsh.it
- my old blog
- Secunia
- F-Secure Blog
- The Register
- Schneier on Security
- Avert Labs Blog
- C.I.S.R.T.
- Kaspersky Lab Blog
- Symantec Blog
- Websense Blog
- ISC SANS Blog
- eEye Research Blog
- X-Force Blog
- M$RClowns Blog
- Dave Navarro
- router god
- Bangalore Tigers
- Security Fix
- Daemon News
- BSD at work
- Netcraft
Links
Subscribe to
Posts [Atom]