Security News #0x64
Did you know that this is entry #0x64 in the series, i.e. number 100? And the Super Bowl starts in less than an hour. Coincidence? Or just super? You be the judge!
- A new vulnerability has been reported for the Thunderbird 17.0.6. Apparently payloads sent that are both base64 encoded and in <object> tags are not properly sanitized.
- A new remote exploit has been reported for Oracle Forms and Reports 11.1
- Since it is the start of the semester, many of my students are learning how to get shells. What many don’t know are the sheer variety of methods that can be used to serve a shell. Take a look at PenTestMonkey to learn a number of different approaches.
- The folks at SkullSecurity have a nice write up of their solution to a 299 level challenge from the recent Ghost in the ShellCode challenge.
- Would you like to learn how to build a Linux ELF executable with nothing but a hex editor? No compiler, no linker, just you and some bytes. Take a look at the blog post of Robin Hoksbergen who does just that. Now if you want to talk about editors, well that is a different discussion.
- If you want to learn more about stack protection and canaries, you might be interested in what codeblog says about the new option
- Natalie Silvanovich has some wonderful posters on different kinds of programming flaws and how to avoid them.
- Threatpost reports on a cross platform Java bot being used for DDOS attacks.