March 26, 2004

Problems and omissions in PHP/SQL programming

An article in Bulgarian by sheib, outlining the basics of some of the most common attacks against PHP applications and ways to protect against them. Mentioned in the Network Security course forum.

Posted by roam at 12:52 PM

March 24, 2004

Analysis of the Exploitation Process

A quick write-up by Steven Hill of Covert Systems Research on several types of vulnerabilities in programs written in C and similar languages - stack/heap/function pointer overwrite, format string exploitation, return-to-libc. Announced in Steven's message to the vuln-dev mailing list.

Posted by roam at 10:12 AM

March 23, 2004

Corporate SPEAK

Via Ask's Notes, a curious attempt at a font made out of corporate logos.

Posted by roam at 02:51 AM

March 18, 2004

Shell scripting tutorial

A comment at a article on shell scripting for newbies led me to what looks like a nice shell scripting tutorial, albeit bash-oriented.

Posted by roam at 01:11 PM

March 17, 2004

U.S. topless coffee shop gets green light

This is already nearly a month old, but still:

BOSTON (Reuters) - Facing stiff competition from nationwide coffee shop chains, one Maine businessman wants to offer more than just a regular cup of cappuccino to perk up his customers -- so he's hiring topless waitresses.

The full story from Reuters, via VarChars.

Posted by roam at 02:51 PM

March 12, 2004

Analysis of Microsoft Windows XP Service Pack 2

Steve Friedl gets his hands on a beta of Microsoft's Windows XP Service Pack 2, and says he likes it. Judging from his analysis, I think I'm going to like it too, when I get around to reading the whitepaper - but this is *not* going to happen at 11:50pm the day before I get to be best man at yet another friend's wedding :)

PS. Is this notes blog actually turning into my security-related stuff blog?

Posted by roam at 11:46 PM

March 05, 2004

Does open-source software enhance security?

A nice write-up by The Register.

Posted by roam at 01:22 PM

March 02, 2004

Is password-lending a cybercrime?

A worrying precedent:

In a little-observed civil lawsuit involving tracking of magazine subscriptions, a federal court in Manhattan issued a ruling last week that could theoretically result in prosecutors going after people who use another person's password and userid with their permission, but without the permission of the issuer.

Posted by roam at 09:18 AM

March 01, 2004

Click on this...

An article from The Register, which pretty much mirrors my thoughts on the general public's blissful ignorance and irresponsibility regarding even the most trivial IT security issues.

Posted by roam at 03:11 PM