Scary Beasts Security
MAY 29, 2009
(Note: v2.1.2 is the same as v2.1.1 but with a compile fix) vsftpd-2.1.2 is released with full details as always on the vsftpd home page: [link] For users, a couple of nasty regressions are fixed: SSL transfers would drop due to an errant timeout firing; this is now fixed. Also, an absent per-user config file was fine with v2.0.7 but an error in v2.1.0. v2.1.2 restores v2.0.7 behaviour.
Scary Beasts Security
MAY 20, 2009
As a quick recap, "E4X" is the name of a Javascript standard relating to strong XML support in the language. Firefox has had an implementation for quite some time but no other major browser seems to have followed suit. My colleages Filipe Almeida and Michal Zalewski led the way in E4X security; check out: [link] However, the attack scenarios in that document are in my opinion not likely to occur in many web apps.
Scary Beasts Security
MAY 1, 2009
I recently had the pleasure to be invited by Dhillon to present at HackInTheBox (HiTB) Dubai with Billy Rios on our "Cross Domain Leakiness" work. Here is a link to our updated slides: [link] It was a very productive conference, all told. The sort of conference where new attacks materialise over breakfast conversations. In terms of new and pending material, I'll do separate posts regarding: My latest E4X cross-domain theft attack (building on the work of my colleagues Filipe and Michal) A new "d
Expert insights. Personalized for you.
50 
Let's personalize your content