A Stick Figure Guide to the Advanced Encryption Standard (AES)

Tuesday, September 22nd, 2009

Here is another awesome blog post from Jeff Moser over at Moserware.  It's literally a stick figure guide to AES.  A must-read.  Even if you don't quite understand it. http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Almost all Windows users vulnerable to Flash zero-day attacks

Monday, July 27th, 2009

More than 9 out of every 10 Windows users are vulnerable to the Flash zero-day vulnerability that Adobe won't patch until Thursday, a Danish security company said today. According to Secunia, 92% of the 900,000 users who have recently run the company's Personal Software Inspector (PSI) utility have Flash Player 10 ...

Zero-day vulnerability in Adobe Flash Player, Reader and Acrobat

Thursday, July 23rd, 2009

Adobe is warning of a critical security vulnerability in its current Flash Player for Windows, Macintosh and Linux. Adobe Reader and Acrobat 9.x for all platforms are also affected. The vulnerability is already being actively exploited two ways, via crafted PDF documents and manipulated web sites (drive-by downloads). It's reported ...

Shutting Down XSS with Content Security Policy

Tuesday, June 23rd, 2009

For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy, designed to shut these attacks down. We wanted to give a bit of ...

‘Ardilla’ Automatically Roots Out SQL Injection And XSS, Generates Attacks

Thursday, June 18th, 2009

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications. The so-called Ardilla tool uses a technique developed by the researchers -- MIT's Adam Kiezun, the University of Washington's Michael Ernst, Stanford's Philip Guo, and Syracuse University's Karthick Jayaraman -- that creates ...