[ad] This has just been posted to Bugtraq. For now you can test if your version is vulnerable, here. (will cause Firefox to close) So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable. The code used on the test page and the one submitted to Bugtraq […]
Archives for October 2006
PMD – Java Source Code Scanner
Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner. PMD scans Java source code and looks for potential problems like: Possible bugs – empty try/catch/finally/switch statements Dead code – unused local variables, parameters and private methods Suboptimal code – wasteful […]
Anti-Spyware Groups Still Require Legislation
[ad] Cyber and computer laws are always a grey area, they tend to be very vague and don’t cover specific technologies. Spam is a good example, look at how long we’ve been getting spammed, and it’s been a SERIOUS problem for at least the last 5 years, spam legislation has only started coming in to […]
BobCat SQL Injection Tool based on Data Thief
BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user […]
Security Companies Fight Against Microsoft Security Center
[ad] No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it? Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate. The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point […]