Month: April 2007

  • Disclosure: Apache Axis Nonexistent Java Web Service Remote Path Disclosure

    [This was originally disclosed on the VIM mail list. VulnDB ID 34154] Watchfire’s Appscan product looks for this vulnerability (not sure what they officially title it, the title above is my own), but I can’t find any reference to it. Google finds a lot of indirect references suggesting it is common knowledge to the folks…

  • Anatomy of TWOVB hoax…

    [This was originally published on the OSVDB blog.] In the final days of March, a “week of Vista bugs” was announced. As some suspected, it turned out to be a hoax. For the full story on how it was carried out, check the breakdown from the perpetrators. All in all, not a very impressive hoax…

  • Finding New Music

    I’m always looking for new music. I currently have almost two gigs of music to listen to and filter through before potentially adding it to my playlist. on average, for every 30 songs I listen to only one makes it to my “probably good” folder. Weeks or months later I make a pass through that…

  • Analogies Keep Failing

    [This was originally published on the OSVDB blog.] One of the most often used, and later debated, analogies used for actions in the security/hacker industry is that of comparing port scanning to walking down a road checking doors and windows to see which are unlocked. This is fundamentally flawed because port scanning looks for open…

  • News Pundits, the Real Tragedy

    windbags like Nancy Grace are saying she will *demand* answers about why there wasn’t a better response, why students weren’t told about the shooter, how they could have saved 31 lives if they had, and why [person|group] didn’t [act|react] to [incident|shooter|actions]. she is pointing fingers at the campus administration for not having a better incident…

  • [update] Month of PHP Bugs

    [This was originally published on the OSVDB blog.] I previously blogged about the Month of PHP Bugs [MOPB], an effort lead by Stefan Esser and the Hardened PHP Project to raise awareness about vulnerabilities in the PHP language. The month has come and passed and of course I have to wonder about a few things.…

  • Book Review: City Come A-Walkin’

    Author: John ShirleyISBN: 0-9642505-1-9Dell Publishing / Eyeball Books Depending on who you ask, the history of Cyberpunk literature starts around 1980, but is heavily influenced by different people. According to cyberpunk.ru: William Gibson, one of the five writers associated with the cyberpunk genre, is credited by critics and peers for typifying the cyberpunk writing form in…