Month: April 2007

  • Disclosure: Apache Axis Nonexistent Java Web Service Remote Path Disclosure

    [This was originally disclosed on the VIM mail list. VulnDB ID 34154] Watchfire’s Appscan product looks for this vulnerability (not sure what they officially title it, the title above is my own), but I can’t find any reference to it. Google finds a lot of indirect references suggesting it is common knowledge to the folks […]

  • Anatomy of TWOVB hoax…

    [This was originally published on the OSVDB blog.] In the final days of March, a “week of Vista bugs” was announced. As some suspected, it turned out to be a hoax. For the full story on how it was carried out, check the breakdown from the perpetrators. All in all, not a very impressive hoax […]

  • Finding New Music

    I’m always looking for new music. I currently have almost two gigs of music to listen to and filter through before potentially adding it to my playlist. on average, for every 30 songs I listen to only one makes it to my “probably good” folder. Weeks or months later I make a pass through that […]

  • Analogies Keep Failing

    [This was originally published on the OSVDB blog.] One of the most often used, and later debated, analogies used for actions in the security/hacker industry is that of comparing port scanning to walking down a road checking doors and windows to see which are unlocked. This is fundamentally flawed because port scanning looks for open […]

  • News Pundits, the Real Tragedy

    windbags like Nancy Grace are saying she will *demand* answers about why there wasn’t a better response, why students weren’t told about the shooter, how they could have saved 31 lives if they had, and why [person|group] didn’t [act|react] to [incident|shooter|actions]. she is pointing fingers at the campus administration for not having a better incident […]

  • [update] Month of PHP Bugs

    [This was originally published on the OSVDB blog.] I previously blogged about the Month of PHP Bugs [MOPB], an effort lead by Stefan Esser and the Hardened PHP Project to raise awareness about vulnerabilities in the PHP language. The month has come and passed and of course I have to wonder about a few things. […]

  • Book Review: City Come A-Walkin’

    Author: John ShirleyISBN: 0-9642505-1-9Dell Publishing / Eyeball Books Depending on who you ask, the history of Cyberpunk literature starts around 1980, but is heavily influenced by different people. According to William Gibson, one of the five writers associated with the cyberpunk genre, is credited by critics and peers for typifying the cyberpunk writing form in […]