SecurityRatty: tag: method

Adobe Reader/Acrobat JavaScript Method Handling Vuln

2008-06-24 10:48:40 by Dave Lewis in Liquidmatrix Security Digest

...method and can be exploited to cause a crash or potentially execute arbitrary code via a specially crafted PDF file NOTE: The vulnerability is reportedly being exploited in the wild Note the note. This one is getting pwned as we speak Article Link

Tags: adobe, javascript method, execute arbitrary code, vulnerability, note, adobe readeracrobat, malicious people, article link, remote access

Authorization vs. Business Logic

2008-01-09 05:37:00 by Keith Brown in Security Briefs

...method begin? If there were some obvious distinction between the two, you could easily factor out the authorization logic and perhaps even centralize it If the authorization logic is simple, perhaps you have to be a member of some group or have some claim in order to be able to call a method, then it's easy to factor out that type of logic....

Tags: business logic, logic, authorization, authorization logic, factor, method, easily factor, security context, security

Building My Windows Vista Media Center (VMC) - Part 3 - MyMovies2

2007-11-02 23:52:49 by jrjones in Jeff Jones Security Blog

...Method (I don't use this normally Record the movie in the lowest quality you are comfortable with - perhaps "Good Create a folder and move the .dvr-ms file over to the folder Use the Collection Management application to add the "online" movie to your database. Search for the movie title and just a select a DVD version that represents you...

Tags: media center, movie, movie title, home media center, movie file, media center plug-in, vista media center, record movies, record

Password policies. Once again.

2007-09-04 22:14:00 by Steve Riley in Steve Riley on Security

...method that helps you remember unique phrases for each site, if you wish web mail: "my dog and i got the mail shopping: "my dog and i bought some stuff office: "my dog and i went to work This is why we disable account lockout by default. There are much better -- and much less expensive -- ways to mitigate the threat. Disabling unused...

Tags: account, enable account lockout, password, account lockouts, disable account lockout, 42-day default expiration, default, expiration, password expires

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...method for finding program failures (code errors) by supplying malformed input data to program interfaces (entry points) that parse and consume this data (e.g. file, network, registry, shared memory parsers). At Microsoft, we view fuzz testing as six distinct stages in which the output of each stage can impact or influence both the current...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Supporting your family, friends, and neighbors

2008-02-13 17:45:40 by Steve Riley in Steve Riley on Security

...method that helps you remember unique phrases for each site, if you wish Web mail: "my dog and i got the mail Shopping: "my dog and i bought some stuff Office: "my dog and i went to work If you dont follow this kind of system, eventually youll start to forget which password you used on which Web site. Ugh, how can you manage it all? How can...

Tags: suspicious e-mail message, mail, home computers defense, home computers, e-mail, home, web mail, windows live mail, site

Anton Security Tip of the Day #14: More accesslog Fun: What Are You Not GETting?

2008-03-12 13:35:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...methods . Let's see who is trying to POST or use some other method (OPTIONS, HEAD, PUT or something - see a list here ) on our site, instead of just GET'ting the content (GET command is used by web browsers to retrieve the pages, while POST is used to upload content, press buttons, etc - at least in "web 1.0" land - see earlier tip #12 where...

Tags: web server, server, web, web browsers, security, web discussion board, anton security tip, fun, modern apache

Phishing reloaded

2008-04-04 21:18:18 by Editor in Security x.0

...method, the phishers are moving on. Possibly just too bored with how simple it is to do a "normal" phish, or attempting to improve signal-to-noise ratio, they are building the tools that allow them to easily bypass the strong authentication that has not even been rolled out everywhere Recent reports indicate an increase in phishing-based...

Tags: fraudulent, fraudulent server replies, paper describes mechanisms, paper, dns lookups, specific dns lookups, fraudulent dns server, traffic redirectors, user authentication method

A Comparison of VNC Connection Methods

2008-04-30 00:00:00 by Editor in Infosec Writers Latest Security Papers

This paper, written by Frank Isaacs, discusses different methods of deploying VNC with an emphasis on the security considerations of each method, and the tradeoffs associated with the convenience of each method

Tags: security considerations, vnc, frank isaacs, methods, method, emphasis, discusses, tradeoffs, convenience

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo