InfoQ Homepage Security Vulnerabilities Content on InfoQ
-
IEEE’s Hans Karlsson Standards Award 2012 for Paul R. Croll
IEEE announced that the Hans Karlsson Standard Award 2012 has been given to Paul R. Croll for dedicated leadership of the IEEE Systems and Software Engineering Standards Committee, and for his diplomacy and collaboration in facilitating the development of a collection of high-quality standards.
-
Padding Oracle Affects JSF, Ruby on Rails, ASP.NET
Using a Padding Oracle (PO) attack a malicious user can access encrypted data such as cookies, state, membership password, etc. According to Juliano Rizzo and Thai Duong, two software engineers specialized in security, the security vulnerability affects JavaServer Faces, Ruby on Rails, ASP.NET and other technologies and platforms.
-
IBM X-Force Report: Enterprise Security Exploits Are Rising
IBM has published the IBM X-Force® 2010 Mid-Year Trend and Risk Report August 2010 (112 pages long, free registration required) containing detailed information about the security vulnerabilities and exploits of 2010, such as JavaScript and PDF obfuscation, the current security threat trends in the enterprise, and a look into the future.
-
Learning About Security Vulnerabilities by Hacking Google’s Jarlsberg
For those who have wondered what it is like to hack into another system, Google has created a special lab named Jarlsberg containing a web application full of security holes ready to be exploited by developers who want to learn hands-on what are some of the possible vulnerabilities, how malicious users use them and what can be done to prevent such exploits.
-
A .NET Security Vulnerability Has Affected Firefox
A security vulnerability that has hit Internet Explorer through .NET has also hit Firefox. The culprit for Firefox, a .NET add-on, has been put on Mozilla’s blocked list.
-
Internet Security: an Interview with David Durham
David Durham, manager of Intel's Security and Cryptography Research group, was recently interviewed on the subject of Internet and Computer Security. The interview covers a wide range of topics including the "monetization of malware," Cloud-based detection of malware, security of data stored in the Cloud, "Botnets in the Dark Cloud," and malware as a tool in geo-politics.
-
Ruby on Rails Security Vulnerabilities
There has been a buzz around the Ruby on Rails community lately with discovered security vulnerabilities and subsequent updates every Rails developer should be made aware.
-
DoS Vulnerability in BigDecimal
A DoS vulnerability has been found in all Ruby 1.8.x versions, fixes are now available in 1.8.6-p369 and 1.8.7-p173. Current JRuby versions also seem to be affected.
-
Security Vulnerabilities in Safe Level, WEBrick, Dl, DNS lookup
A few security vulnerabilities were discovered in Ruby 1.8.5 to 1.8.7 and 1.9.x. The vulnerabilities are found with safe levels, WEBrick has a DoS vulnerability in a particular regular expression, shared library API dl doesn't check taintedness and resolv.rb has a problem with DNS spoofing.
-
Ruby interpreter vulnerabilities
A few vulnerabilities were found Ruby 1.8.x and 1.9.x and could potentially allow for DoS attacks or allow attackers to execute arbitrary code. Patched versions of Ruby are already available.
-
A Train-Wreck Waiting To Happen: Managed Code and the Windows Shell
The CLR has a major design flaw; each process can only have one. When you combine this with a ubiquitous process like explorer.exe, disaster can strike.
-
Preventing SQL Injection Attacks in .NET Applications
Back in September InfoQ reported on Michael Sutton's alarming study of SQL injection vulnerabilities. Fortunately Scott Guthrie shows us that preventing most of them in .NET is not that hard.
-
Study Shows That 11% of Sites Are Vulnerable to SQL Injection Attacks
In an informal study, Michael Sutton of SPI Dynamics was able to demonstrate that 80 out of 708 tested web sites were susceptible to SQL injection attacks.