March, 2012

article thumbnail

Some random observations on Linux ASLR

Scary Beasts Security

I've had cause to be staring at memory maps recently across a variety of systems. No surprise then that some suboptimal or at least interesting ASLR quirks have come to light. 1) Partial failure of ASLR on 32-bit Fedora My Fedora is a couple of releases behind, so no idea if it's been fixed. It seems that the desire to pack all the shared libraries into virtual address 0x00nnnnnn has a catastrophic failure mode when there are too many libraries: something always ends up at 0x00110000.

51
article thumbnail

CRTC Finalizes Anti-Spam Regulations – A Bit More Flexibility for Businesses

Privacy and Cybersecurity Law

The Canadian Radio-television and Telecommunications Commission (CRTC) has made and registered its Electronic Commerce Protection Regulations for the Anti-Spam Act (CASL). […].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

vsftpd-3.0.0-pre1 and seccomp filter

Scary Beasts Security

For the brave, there now exists a pre-release version of vsftpd-3.0.0: [link] [link] The most significant change is an initial implementation of a secondary sandbox based on seccomp filter , as recently merged to Ubuntu 12.04. This secondary sandbox is pretty powerful, but I'll go into more details in a subsequent post. For now, suffice to say I'm interested in testing of this new build, e.g.

50
article thumbnail

On the failings of Pwn2Own 2012

Scary Beasts Security

This year's Pwn2Own and Pwnium contests were interesting for many reasons. If you look at the results closely, there are many interesting observations and conclusions to be made. $60k is more than enough to encourage disclosure of full exploits As evidenced by the Pwnium results , $60k is certainly enough to motivate researchers into disclosing full exploits, including sandbox escapes or bypasses.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Anti-Spam Law: See updated CASL v. CAN-SPAM summary

Privacy and Cybersecurity Law

Are you one of those who have been monitoring the progress of Canada’s Anti-Spam Law (CASL)? If so, you may also […].