Archive for July, 2008

0

Blackberry squash

Posted by wooshy
July 30, 2008

A serious blackberry flaw was squashed and patched up by RIM.

0

Ratproxy

Posted by wooshy
July 28, 2008

Google have introduced another web proxy assessment tool in the form of
Ratproxy. The good thing about it, it roots out potential vulnerabilities, even in Javascript snippets and considers browser oddities. However, the proof of the pudding would be how it handles authenticated sessions. Something that I know Paros proxy does not particularly do well.

2

DNS poisoning patch and the big leak!

Posted by wooshy
July 25, 2008

Earlier in the month (July 2008), it was reported that vendors had released a fix for a then undisclosed problem with DNS. Even now the big ISP players are still dragging feet in terms of this critical patch. They really should hurry up because an attack code has magically appeared on the multi-purpose testing tool, [...]

1

Pwnie Awards

Posted by wooshy
July 23, 2008

The nominees are in for the security’s answer to the Oscars.

0

Access control and privilege escalation…

Posted by wooshy
July 22, 2008

Just an off-the-cuff article here from personal experience. I’ve seen a number of privilege escalation of issues with web applications. Nothing strange in that. Except that they have been happening in Microsoft .Net applications. The .Net framework does have some mature security get-out-jail-for-free cards but it does cover everything. I’ve seen id enumeration available on [...]

Next Page