Friday, July 4th, 2008 Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated "important."The Exchange and SQL flaws are "Elevation of Privilege" bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a ...
Posted in Internet, Security, Software, Windows | No Comments
Wednesday, July 2nd, 2008 SQL injection attacks are probably the most common way for hackers to strike Internet-facing SQL Server databases. No matter how secure your network is or how many firewalls you have in place, any application that uses dynamic SQL and allows for unchecked user input to be passed to the database ...
Posted in Internet, Privacy, Security, Software, Windows | No Comments
Tuesday, July 1st, 2008 Yesterday I wrote a quick proposal for the Synapse project. Since not everyone has access to the Synapse project, I will share some ideas here from time to time. I started with a proposal on how to detect Xpath vulnerabilities. Since Xpath can be used in combination with every server-side ...
Posted in Coding, Internet, Linux, Networking, Security | No Comments
Tuesday, July 1st, 2008 Our research team has identified a web-based attack technique that exploits the growing number of applications that require a web server being run on a local machine. Cross-Environment Hopping (CEH) is a result of this trend combined with the current limitations in browsers’ same-origin policy access restrictions.The CEH technique enables ...
Posted in Coding, Internet, Networking, Privacy, Security | No Comments
Tuesday, June 24th, 2008 The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is ...
Posted in Coding, Internet, Security, Software | No Comments
