Saturday, April 26th, 2008
How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Saturday, April 26th, 2008
WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...
Posted in Coding, Internet, Privacy, Security, Software | 1 Comment
Friday, April 25th, 2008
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Friday, April 25th, 2008
Opera 9.5 Beta 2 has stepped up its security game. The browser has added fraud protection and support for EV SSL (Extended Validation Secure Sockets Layer) certificates to help prevent identity theft.
Opera’s move to join the EV SSL crowd leaves Safari as the only browser without anti-phishing protection. As you ...
Posted in Internet, Software | No Comments
Friday, April 25th, 2008
In the old days, as our parents frequently love to remind us, life was much simpler. You bought a computer, and when you finally figured out what you wanted to do with it, you assembled a list and went down to your local Egghead for some software. It was straightforward, ...
Posted in Internet, Privacy, Security | No Comments
