In October of 2006, a vulnerability in IE7 known as the “mhtml:” Redirection Information Disclosure was discovered.  RSnake wrote up a post about how nasty it was.  The basics: it took over the entire browser experience.
Fortunately, the bug was patched quickly, it required access to the web server/application (or HTTP header injection), and it only […]

Day one of PWN2OWN was unsuccessful, which is no big surprise.  But today, I am really hoping for something — otherwise we’ll have to wait until tomorrow for the third-party clieint-side exploits.
Here’s a little summary I wrote a bit back on how to increase the likelihood of exploiting the three systems.
Are Linux and Mac OS […]

Tomorrow, February 28th, is the first ever meeting for the brand new Hartford Owasp chapter. James McGovern, the chapter lead has been putting some effort into starting it off with a bang, so I hope everyone in the NY/CT/Mass area can make it. Agenda for the night is as follows:

Opening Remarks: 5:30 - 6:00 PM […]

On Sunday, we had some technical difficulties getting my laptop to work with the projector. In a scramble to get things up and running, I forgot to send the backup screenshots I had taken just in case. Ughh.. first conference talk I give, and everything that could have gone wrong, did. LOL. It was good […]

We’re back from a great weekend in Washington, D.C. at ShmooCon 08′. Dre and I arrived Thursday night just in time for the bar to close and with having no hotel room reserved, we were in for a long night. Interestingly enough though, at around 5am, we found that we were able to modify the […]