Home > Uncategorized > Security News #0x64

Security News #0x64

Did you know that this is entry #0x64 in the series, i.e. number 100? And the Super Bowl starts in less than an hour. Coincidence? Or just super? You be the judge!

  • A new vulnerability has been reported for the Thunderbird 17.0.6. Apparently payloads sent that are both base64 encoded and in <object> tags are not properly sanitized.
  • A new remote exploit has been reported for Oracle Forms and Reports 11.1
  • Since it is the start of the semester, many of my students are learning how to get shells. What many don’t know are the sheer variety of methods that can be used to serve a shell. Take a look at PenTestMonkey to learn a number of different approaches.
Learning More
  • The folks at SkullSecurity have a nice write up of their solution to a 299 level challenge from the recent Ghost in the ShellCode challenge.
  • Would you like to learn how to build a Linux ELF executable with nothing but a hex editor? No compiler, no linker, just you and some bytes. Take a look at the blog post of Robin Hoksbergen who does just that. Now if you want to talk about editors, well that is a different discussion.
  • If you want to learn more about stack protection and canaries, you might be interested in what codeblog says about the new option -fstack-protector-strong in gcc.
  • Natalie Silvanovich has some wonderful posters on different kinds of programming flaws and how to avoid them.
Industry News
  • Threatpost reports on a cross platform Java bot being used for DDOS attacks.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: