Source: http://feedproxy.google.com/~r/metasploit/blog/~3/z0Y3tCjxjPE/w3af-open-source-success-story.html
network design network security training web site security hypnosec xss
Thursday, 31 March 2011
Google Building Fiber Network in Sprint's Backyard
Sprint and Google are apparently going to working more closely together in more ways than one.
Source: http://feeds.pcworld.com/click.phdo?i=305629abfea37c2b43cc1cbb32d6fae2
Mobile Battles Take PC Founding Father Back to Early Wars
One of the founding fathers of the original IBM PC, Mark Dean, says competition in the smartphone and tablet markets today is as wild as the early microcomputer...
Source: http://feeds.pcworld.com/click.phdo?i=eea08c4b808adfda4c1ab49a01b47b8a
web application security network analysis web site testing web application testing about hypnos infosecurity
Wednesday, 30 March 2011
Telcos Advise EU Regulators on Fiber Networks Rollout
European regulators should focus on making the economics work for fiber roll-out and avoid political deals with dominant firms, say telecommunications companies...
Source: http://feeds.pcworld.com/click.phdo?i=8a8a78e2fe538a819ef645d99ab1ff4b
protocol analysis packet analysis network design network security training web site security
Twitter Feed
I've been doing this Twitter thing for a while now - I really like it, folks can get a feel for what you're up to each day.
If you're interested, you can see what I'm up to by clicking 'Follow' at http://twitter.com/michael_howard
Source: http://blogs.msdn.com/b/michael_howard/archive/2008/09/17/twitter-feed.aspx
hypnos security ahmedabad iso 27001:20005 ahmedabad ethical hacking ahmedabad code review web application security
Practical Defense in Depth
<sent from Cabo San Lucas Airport - heading back to Austin >
Crosstalk has published an article for mine regarding how we use Defense in Depth within the SDL, and in Microsoft in general.
Source: http://blogs.msdn.com/b/michael_howard/archive/2008/09/26/practical-defense-in-depth.aspx
Houston, We Have a Problem: Critical NASA Systems Vulnerable
Security experts weigh in on security audit report from NASA indicating a number of mission critical servers are vulnerable to cyber attack.
Source: http://feeds.pcworld.com/click.phdo?i=833cfc67eab9b510f6824f92f728622f
information systems information security hypnos security ahmedabad iso 27001:20005 ahmedabad ethical hacking ahmedabad
Tuesday, 29 March 2011
Savvier Job Scheduling With Platform, Terracotta Updates
Hadoop and Java get enhanced job scheduling support from Platform Computing and Terracotta, respectively
Source: http://feeds.pcworld.com/click.phdo?i=7235e07705923b9b3d563e71b9336b3e
google circles pen-testing ahmedabad security security awareness training information systems
Twitter Feed
I've been doing this Twitter thing for a while now - I really like it, folks can get a feel for what you're up to each day.
If you're interested, you can see what I'm up to by clicking 'Follow' at http://twitter.com/michael_howard
Source: http://blogs.msdn.com/b/michael_howard/archive/2008/09/17/twitter-feed.aspx
packet analysis network design network security training web site security hypnosec
Overlong UTF-8 Escapes Bite
Every once in a while a security bug pops up that really piques my interest, and a new directory traversal bug that affects Apache Tomcat (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938) most certainly made me take notice because I haven't seen this bug type in a lllooonnnggg time.
It caught my eye because of these six little characters:
%c0%ae
Many people think these characters represent a 16-bit Unicode character. Wrong. They are an invalid sequence of characters that represent the ?.' (%2e) character, it's often called an "overlong UTF-8 escape". You may be wondering why I know this little piece of trivia about UTF-8; IIS4 and IIS5 were bitten by the same class of bug eight years ago, and was an attack vector for the Nimda worm. The bulletin that fixed the bug is MS00-078.
Thumbing to page 379 of Writing Secure Code 2nd Edition, I am reminded that the canonical form of a UTF-8 character is the smallest number of bits that can represent that character. Remember, UTF-8 can encode characters wider than 8 bits. Without going into all the involved bit-manipulation, the correct form for a ?.' character is a one-byte escape: %2e, not a two-byte escape: %c0%ae.
RFC 3629 states that "Implementations of the decoding algorithm MUST protect against decoding invalid sequences."
UrlScan for IIS6, and IIS7's Request Filtering detect and reject non-canonical UTF-8 URLs by default.
A patch for Apache Tomcat is available at http://tomcat.apache.org/security.html.
Source: http://blogs.msdn.com/b/michael_howard/archive/2008/08/22/overlong-utf-8-escapes-bite.aspx
Identifying Faces Faster in IPhoto
Macworld forum visitor skfx4 faces the daunting job of identifying faces. He writes:
Source: http://feeds.pcworld.com/click.phdo?i=644f7a878651325b7e7ca5ebdcefc701
network analysis web site testing web application testing about hypnos infosecurity protocol analysis
Subscribe to:
Posts (Atom)