Volume 6 of the Uninformed Journal is out. This issue contains the following:
Engineering in Reverse

Subverting PatchGuard Version 2
Locreate: An Anagram for Relocate

Exploitation Technology

Exploiting 802.11 Wireless Driver Vulnerabilities on Windows

I’ll follow up with comments later. Not sure which one’s I’ll end up reading, but I will make an effort to at least read one of […]

To anyone who has `register_global` turned on for PHP versions 4 thru 4.4.3,< 5.1.4, update your Wordpress; 2.0.7RC1 is available. The exploit takes advantage of code flaws in wp-trackback.php…. again, allowing a SQL injection admin hash disclosure.
Thanks dominik at the Basecamp for the heads up. I don’t need to update this time though.. :p

Today Congress will ask the President for an update on National Strategy for Pandemic Influenza. This reminded me of an article I read in the December 2006 issue (pp 36-43) of Information Security Magazine. One of the feature stories, Don’t Wait for Disaster, looks at what some security managers are doing to address the risk […]

Thank you very much InformationWeek! I was reading an IW article, Adobe Patches Acrobat And Reader XSS Bug, 3 Other Flaws, hoping to get some useful information from it. The article contains 15 links, two of which are other IW articles and three direct to Adobe’s website. The rest are “techweb” definitions for words like: […]

I see Michael Farnum has responded to Terry Sweeney’s blog post on Phishing your own users. I would just like to remind everyone that while intentions may be good, to remember the times people have tried this tactic with viruses. How many times did we hear about someone writing a virus that removes viruses or […]