If you ever interested in making your own compiler, try this:
Mar 12, 2009
Mar 11, 2009
PDF Exploit PoC without any user interaction
Tags:
exploitation
Last week, Belgian security researcher Didier Stevens demonstrated that a PDF exploitation could be possible with the user only selecting the file (the answer lies in Windows Explorer Shell Extensions).
Now he took it even a level further: you can be vulnerable by just having an infected file. The problem lies with the Windows Indexing Service.
Here is still a list of possible countermeasures:
Related posts:
Now he took it even a level further: you can be vulnerable by just having an infected file. The problem lies with the Windows Indexing Service.
Here is still a list of possible countermeasures:
- Disable JavaScript in Adobe Acrobat Reader.
- An up-to-date anti-virus.
- Host-based IDS/IPS signatures.
- Disable automatic rendering of PDFs in the browser
- Use an alternative PDF reader like Foxit Reader or Sumatra PDF.
- Disable or deinstall windows indexing service.
Related posts:
What's Your Location?
Tags:
Google
There are a few ways provided by Google, to show your location, or geotagging, when you post to your blog site or sending email.
- Google Latitude: to see your friends on map. You can check this using your phone, computer, or both.
- Gmail Message Signature: Enable "Location in Signature" option in Gmail Labs, and follow by "Append your location to the signature" in Setting page, it will be able to see where you send the email out. With Google Gear install, the Gears Geolocation API can make use of network servers to determines the client's position including the client's IP address and information about any cell towers or WiFi nodes it can detect. Cool!
- Blogger Geotagging: This is an option only enabled in Blogger in Draft. It provides an option to add location in the post editor. You can search, zoom, click, drag on a map to choose and save a location.
Mar 10, 2009
Information Security in Cloud Computing
Tags:
cloud computing,
Google,
infosec
This is a typical example of information security within cloud computing: you just don't know when will you're vulnerable.
See how Google has handled a bug reported on Google Docs: error allowed unauthorised document access.
See how Google has handled a bug reported on Google Docs: error allowed unauthorised document access.
Mar 9, 2009
Subscribe to:
Posts (Atom)