timb_machine: push(@debian, $evansdb); # debian-sec now installs clean, some lintian work to do and then I'll upload
timb_machine: push(@secgeeks, $debian-sec); # Rebuilding my Debian security tools repository, finally
timb_machine: push(@secgeeks, "Reviewing C# and C++ managed code, anything particular to look for?"); # Other than http://bit.ly/bdaUeQ
timb_machine: @icesurfer Well, I don't like to disappoint :)
timb_machine: @icesurfer ~1 month of compiling?
timb_machine: @0xcharlie From what I saw, there seemed to be definate value, although I guess they benefited from economies of scale
timb_machine: @0xcharlie The con was invite only, but they were collecting statistics on things like values that cause crashes on an industrial scale
timb_machine: $fail["rekonq"] ++; # More XSS, this time permanent, in Rekonq, this time in HTML based about: * views
timb_machine: RT @0xcharlie ... what I call meta-fuzzing research. Gathering lots of statistics from real fuzzing runs... <- I'm sure I saw such a talk ;)
Metasploit Unleashed - Mastering the Framework
Solaris Things: Don't be afraid of mdb - cont
Glenn Brunette's Security Weblog
timb_machine: RT @perlbuzz Help keep the world safe from SQL injection: http://perlbuzz.com/2010/02/help-keep-the-world-safe-from-sql-injection.html
timb_machine: @crstig Aye, only complaint, second half wasn't as good as the first
timb_machine: $brentford += 3; # Poor old Gills, couldn't happen to a nicer set of fans. Still only half time, more of the same please
timb_machine: @DinisCruz All of them, it's a team game :)
timb_machine: push(@website, "http://www.nth-dimension.org.uk/downloads.php?id=69"); # Patch to exploit @kingcope's abuse of Samba POSIX symlinks :)
timb_machine: @kingcope That samba vuln works like a charm :-)
timb_machine: @ioerror How about a proper security track? :)
timb_machine: @ioerror Heh, was just talking about DebConf with a few Indymedia folk right this minute... starting to plan :)
timb_machine: @coresecurity IE bug reminds me of a SOP violation I reported in Konqueror: http://www.kde.org/info/security/advisory-20091027-1.txt. Cute.
timb_machine: @jeremiahg Would be interesting to see, it's probably a little immature right now, but catching up fast... Nessus vs Qualys would also rock
timb_machine: @jeremiahg And yet, no @netsparker... missing a trick 'methinks
0x3e3e7f56 ^ 0x585f163a = "fail"
0x3e3e7f56 ^ 0x585f163a = "fail"
Bug 221661 - allow XMLHttpRequests to retrieve documents from a different domain
Konqueror 4.3.3 blocks local ajax requests • KDE Community Forums
Shellcode for setuid(0) + execve("/bin/sh") on x86_64 GNU/Linux