Wednesday, May 7th, 2008
In PHP there exist two functions to escape shell commands or arguments to shell commands that are used in PHP applications to protect against shell command injection vulnerabilities.
- escapeshellcmd()
- escapeshellarg()
Unfortunately it was discovered that both functions fail to protect against shell command injection when the shell uses a locale with ...
Posted in Coding, PHP, Security | No Comments
Wednesday, May 7th, 2008
Since version 4.2.0 PHP automatically seeds the random number generators on the first usage of rand() and mt_rand(). This is done with the help of the GENERATE_SEED() macro.
Unfortunately it was discovered that the GENERATE_SEED() macro contains several problems that can lead to a weaker seed than expected. In the worst ...
Posted in Coding, PHP, Security | No Comments
Tuesday, May 6th, 2008
The PC version of Mass Effect is going to include some fairly serious security measures that may prove to be more of a threat to the game's popularity than they are to piracy.
According to Derek French, Mass Effect's technical producer at BioWare, the game's security begins with the same SecuROM ...
Posted in Coding, Gaming, Security | No Comments
Tuesday, May 6th, 2008
Tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing.
The tool is somewhat related to delta, which is a more featured general purpose optimizer but is meant specifically for dealing with unknown or complex data formats (without the need ...
Posted in Coding, Privacy, Security | No Comments
Monday, May 5th, 2008
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments