SecurityRatty: tag: overrun

SDL and the XSS Filter

2008-08-27 15:35:00 by sdl in The Security Development Lifecycle

...overrun defenses follows a somewhat similar pattern we started by prescribing coding techniques, banning the use of some APIs, and building tools that detect coding constructs that look like buffer overruns. As we gained a deeper understanding of how buffer overruns can be exploited, we enhanced the /GS compiler flag and added ASLR in a quest...

Tags: xss, xss filter, xss vulnerabilities, xss led, anti-xss library, xss attack, xss attacks, attacks, xss filter remembers

MS08-078 and the SDL

2008-12-19 01:59:00 by sdl in The Security Development Lifecycle

...overrun When data binding is used, IE creates an object which contains an array of data binding objects. In the code in question, when a data binding object is released, the array length is not correctly updated leading to a function call into freed memory The vulnerable code looks a little like this (by the way, the real array name is...

Tags: exploit code, exploit, exploit code runs, runs, defenses, system defenses, security defenses, data, multiple data

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle

...overrun detection defense (such as the Visual Studio C++ /GS flag) or exception handler defenses (such as the Microsoft Link /SAFESEH flag) - both of which are SDL requirements. I also assume that the code is not linked with No-Execute (/NXCOMPAT), which is also an SDL requirement. Summary Bugs are interesting, you can learn a lot from your...

Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers

Hunting Down Spyware and Adware

2007-08-01 19:28:00 by jack in adware and spyware

...overrun by spyware's development The best way, of course, to rid your computer of these problematic and irritating spyware is to prevent them from entering your system in the first place. An ounce of prevention is better than a pound of cure, as they say. You need to be cautious on the websites that you browse. Do understand that most of the...

Tags: spyware, spyware programs attach, spyware programs, infections, remove spyware infections, spyware software, quarantine spyware utilities, anti-spyware scanners, adware

Is Technorati relevant anymore?

2008-02-28 22:42:22 by HASH0x8b05bac in StillSecure, After All These Years

...overrun with queries. Putting Technorati tags into my articles was elementary and mandatory. I used to check my Technorati rankings everyday and judged my blogs popularity by its "authority". I would eagerly comb the rankings to see who linked to my site. Then a funny thing happened. Technorati started making so many changes, when I would log...

Tags: technorati, rankings, technorati rankings everyday, technorati tags, technorati anymore, bloggers, rsa bloggers, anymore, blogger

Corrupted Heap Termination Redux

2008-06-07 04:00:00 by sdl in The Security Development Lifecycle

...overrun: the next block header size does not match the expected current block size Buffer underrun: same as above, but the previous block header size does not match the expected current block size Attempting to free a free'd block (double-free bug Attempting to free a non 8-byte aligned block Passing a bogus heap handle, it could simply be an...

Tags: heap, free block list, block, handle, bogus heap handle, invalid, invalid heap, custom heap, block header

Good hygiene and Banned APIs

2008-10-22 22:08:00 by sdl in The Security Development Lifecycle

...overrun flaws and have been deprecated. In the Security Development Lifecycle book, an entire chapter is dedicated to the topic of banned function calls. In the book, we also provide a copy of the banned.h header file on the companion CD. This header file allows you to locate any banned functions in your code On MSDN, we have document the SDL...

Tags: header file, header, code, code reviews, runtime functions, functions, apis, w4-c4996 warnings, c4996 warnings

Wannabe Bond Villains' Last Line Of Defense

2008-11-02 22:00:00 by David Hambling in Wired Security

When security in your underground base is breached and you are about to be overrun, what's the last line of defense? It's a device called a Fast-Rising B Plug. And wannabe Bond villains inspired by the new movie should take note

Tags: wannabe bond villains, underground base, defense, line, device, note, plug, overrun, movie

Wannabe Bond Villains' Last Line Of Defense

2008-11-04 03:50:01 by Editor in Digg / Security

When security in your underground base has been breached and you are about to be overrun, what's the last line of defense? It's a device called a Fast-Rising B Plug

Tags: underground base, defense, line, plug, overrun, security, device

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo