SEARCH RESULTS
 
Showing 1-10 of 33 records
 
Expand article

Confidential information sent to PinPay.net and SoftCard.biz is exposed

The Article has images
2008-05-08 13:26:03 by Evan Francen in The Breach Blog
...destination (the web server). My information doesn't travel directly from my computer to the server. There are intermediaries (routers, switches, firewalls, etc.) that have to get (or forward) my information from my computer to the server As you can see depicted in the graphic above, there are at least 16 routers (or hops) between this...
 
Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...destination of a call in the instructions immediately after the mov The access violation happens on a mov instruction where the result is later used in a rep instruction as the source (esi), destination (edi) or count (ecx Fully automating the classification of these cases is complex and almost always requires an entire execution trace. As...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

Responsible-ish Disclosure

2008-05-08 20:50:57 by Chris Eng in Zero in a bit
 
...destination pointer. .text:00405C54 and ecx, 3 Dave asserts that publishing 16 commented assembly instructions makes this disclosure irresponsible. But look at the code its completely generic, just a textbook example of what it looks like when you forget to check a return value after calling operator new. Sure, Core gives you the exact...
 
Tags: text, esi, 00405c1b mov esi, ecx, 00405c31 push esi, 00405c3e mov ecx, recent dos vulnerability, vulnerability, 00405c21 test esi
 
 
 
 
Expand article

EPTS: Proposed Event Processing Definitions, September 20, 2006

2008-08-21 05:47:11 by Tim Bass in The Complex Event Processing Blog
 
...destination and. events can be configured to transmit to a default destination. JMS is an example of an event channel event cloud (n.) a partially ordered set of events (poset), either bounded or unbounded, where the partial orderings are imposed by the causal, timing and other relationships between the events. Typically an event cloud is...
 
Tags: event, event-object, business process management, process, event correlation, process refinement, simple, simple event, process events
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...destination buffer for the pixels is allocated based on the TIFF header values, and it is filled based on the JPEG values. This leads to a buffer overflow if a malicious image file contains a JPEG with larger dimensions than those in the TIFF header. Presumably the intent here was to support broken files where the embedded JPEG had smaller...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

What Does SHA1 is Broken Mean?

2007-12-12 07:35:00 by Eric Marvets in The Security Samurai
 
...destination. If the message does not match the hash, then we assume it was modified in transit Designed Strength of SHA1 When we hash data, the range of values for x is infinite. The hash on the other hand is a fixed size. Therefore, for each value in the range of our hash, there are an infinite number of possible values for x This range...
 
Tags: sha1, choose sha1, sha1 protects, hash data, data, sha1 drops, hash function, hash, function
 
 
 
 
Expand article

Phishers, Spammers, and Malware Authors Clearly Consolidating

The Article has images
2007-12-09 21:14:53 by HASH0x89fa6a4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...destination , with China's highly malware infected Internet population acting as the stepping-stone, not the original source of the attack Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in...
 
Tags: malware, malware attachments, malware attack, malware authors, hand malware authors, spammers, modern malware, storm worm malware, emails courtesy
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...destination buffer Could the SDL have caught this? Possibly, but I would err on the side of possibly not. With that said, we are now heavily focused on memcpy-related bugs as a result of having issued five memcpy-related security bulletins in the past few years. Examples include MS05-039 in PnP MS04-011 in PCT MS05-030 in Outlook Express Bugs...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Davidson Companies illegal network intrusion exposes clients

The Article has images
2008-02-01 14:51:54 by Evan Francen in The Breach Blog
...destination here Law enforcement agencies note that because people are constantly finding new ways to hack into systems, it's an ongoing problem, she said Commentary I think I speculated more about this breach than I about any other on The Breach Blog. Maybe its a Friday thing, and maybe I have a point to make even if my speculation is 180...
 
Tags: davidson, clients, davidson companies president, davidson companies clients, sensitive personal information, davidson login page, personal information, davidson companies, davidson trust