Whilst looking for potential privilege escalation vulnerability, I found this gem regarding to kernel exploitation:
Windows VDM Zero Page Race Condition Privilege Escalation (MS07-022; BID=23367; CVE-2007-1206)
Monday 30 July 2007
Monday 23 July 2007
i can't right click and i can't see the source
I found an interesting site whilst looking for photos of myself. It's at http://www.myeventphoto.co.uk If you dig further in the site, you will find galleries where you would have to pay for photos. I think to myself I just want a little snapshot. But the site looks to have Javascript code to stop you viewing the source and right-clicking. It looks well looked down.
However, remember files maybe stored in Internet temporary directories and sure enough I found a photo of myself in there. You could stop prohibitive nature of the application by disabling Javascript!
However, remember files maybe stored in Internet temporary directories and sure enough I found a photo of myself in there. You could stop prohibitive nature of the application by disabling Javascript!
Tuesday 17 July 2007
Facebook can used against you
It was reported that the university authorities are using facebook to throw the book at students at Oxford University. The student union are urging students to tighten their security settings so that not much details can be viewed.
Have a look at: http://news.bbc.co.uk/1/hi/education/6902333.stm
Also in a news article, I saw these interesting facts:
*
* A survey of 600 British companies showed that 1 in 5 had logged on to Facebook and similar websites to vet potential workers.
* Five students were banned from a school trip in Toronto after disparaging remarks about teachers were found on Facebook.
* A US consultancy rejected an applicant after reading that is interest included "smokin' blunts with the homies"
To be fair, I've started using facebook to catch up on old friends. But trying to keep myself as anonymous as possible. If you can call it that. But I am beginning to find already, it's not what *you* put on facebook that could give information leakage. It's what other people put in their facebooks about you. e.g. photos, etc.
But as I say to myself. There's enough information out there about me to paint a picture. But nothing substantial.
Have a look at: http://news.bbc.co.uk/1/hi/education/6902333.stm
Also in a news article, I saw these interesting facts:
*
* A survey of 600 British companies showed that 1 in 5 had logged on to Facebook and similar websites to vet potential workers.
* Five students were banned from a school trip in Toronto after disparaging remarks about teachers were found on Facebook.
* A US consultancy rejected an applicant after reading that is interest included "smokin' blunts with the homies"
To be fair, I've started using facebook to catch up on old friends. But trying to keep myself as anonymous as possible. If you can call it that. But I am beginning to find already, it's not what *you* put on facebook that could give information leakage. It's what other people put in their facebooks about you. e.g. photos, etc.
But as I say to myself. There's enough information out there about me to paint a picture. But nothing substantial.
Monday 16 July 2007
Java and flash patches
I'm falling behind guys because my social life gets in the way. I'll try my best to throw lil tidbits from now on in and show what is in my empty head of mine...
Interesting how vulnerabilities and patches were released for both Java and Flash on Friday the 13th. I'm still not superstitious!
Have a look at: The Register's take on those two patches.
Interesting how vulnerabilities and patches were released for both Java and Flash on Friday the 13th. I'm still not superstitious!
Have a look at: The Register's take on those two patches.
Sunday 1 July 2007
Careful what you say...
I remember an old work colleague telling me, "Look I'm going to tell you something really important about work but I'll tell you later". The reason I found out later was that you never know who was on board that train from London. And you know he is right. When you are in public, you represent a number of things, yourself, your family, your religion, your country and your workplace. You have to be careful what you say. Admittedly, you are not likely to be famous and no-one is likely to care. But people will overhear and remember things like anger, swearing and anything illicit. I remember from a kid's story that the 'corn has ears' and can pass messages when the wind blows through the cornfields.
I am a firm believer in keeping a low profile and not drawing too much attention to oneself. You will always leak information about yourself but you can certainly control the amount you give. The little information you give, the less information people have to use against you and chances of such things of id theft happening become slimmer.
Similarly that's why I am not keen on social networks, I mean all the data going into the databases. For example check out: mobuzz on facebook and does what happens in the facebook stay in the facebook
Now I do have a myspace and a facebook but I am trying to leak as little information as possible. The only correct thing you should need is an email address. But again in a public arena, with data bound to be logged, you do still have be careful what you announce. Hmmm is everything we say logged? I mean I was a bit mortified to release all my gtalk discussions was logged within gmail. I mean all your most intimate conversations are logged if someone broke into this feature then that would cause all kinds of brown stuff to hit the fans. Can we trust yahoo or hotmail in the same vein?
Referring to the mobuzz video once more, amazon and ebay appear to store information about you and that's become more apparent with the fact that you cannot close your accounts with them....
So in summary, be careful what you reveal about yourself...
BE CAREFUL WHAT YOU SAY!!!
I am a firm believer in keeping a low profile and not drawing too much attention to oneself. You will always leak information about yourself but you can certainly control the amount you give. The little information you give, the less information people have to use against you and chances of such things of id theft happening become slimmer.
Similarly that's why I am not keen on social networks, I mean all the data going into the databases. For example check out: mobuzz on facebook and does what happens in the facebook stay in the facebook
Now I do have a myspace and a facebook but I am trying to leak as little information as possible. The only correct thing you should need is an email address. But again in a public arena, with data bound to be logged, you do still have be careful what you announce. Hmmm is everything we say logged? I mean I was a bit mortified to release all my gtalk discussions was logged within gmail. I mean all your most intimate conversations are logged if someone broke into this feature then that would cause all kinds of brown stuff to hit the fans. Can we trust yahoo or hotmail in the same vein?
Referring to the mobuzz video once more, amazon and ebay appear to store information about you and that's become more apparent with the fact that you cannot close your accounts with them....
So in summary, be careful what you reveal about yourself...
BE CAREFUL WHAT YOU SAY!!!
Subscribe to:
Posts (Atom)