2011/12/8 Michal Zalewski :
> What part? The change of a URL that is not associated with the
> repainting of window contents? I believe that they are very unlikely
> to catch this after initially examining the URL, in absence of other
> indicators (change in URL length, page repainting, throbber ac
Just another short note... this is a somewhat compelling and entirely
unnecessary phishing opportunity - and a tiny symptom of the mess with
URL handling.
Firefox and Opera allow you to omit MIME type in data: URLs, possibly
put random garbage into that section, and still get a valid HTML
document
ALL,
Just a reminder that the call for trainers closes on December 15th.
We welcome all proposals at varying levels of technical content as
well as non web-specific training.
Submit proposals to http://training.appsecdc.org/
Regards,
The AppSec DC Program Committee
On Mon, Oct 24, 2011 at 2:2
Affected Software: HTCVideoPlayer.exe
Tested on: HTC Touch2 T - Windows Mobile 6.5
Vulnerability: Memory Corruption
Details:
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This
media player is prone to a memory corruption vulnerability while parsing stbl
atom o
CA20111208-01: Security Notice for CA SiteMinder
Issued: December 08, 2011
CA Technologies Support is alerting customers to a potential risk in
CA SiteMinder. A vulnerability exists that can allow a malicious user
to execute a reflected cross site scripting (XSS) attack. CA
Technologies has is
Asterisk Project Security Advisory - AST-2011-014
ProductAsterisk
SummaryRemote crash possibility with SIP and the "automon"
feature enabled
Asterisk Project Security Advisory - AST-2011-013
ProductAsterisk
SummaryPossible remote enumeration of SIP endpoints with
differing NAT settings
OMG, it's Christmas again!!
But happily this year we don't have to lurk in the corner of a dingy pub
trying to look like we're having fun amongst the estate agents, bankers
and stock borkers annual do's, as we have our very own cosy well stocked
*private* bar and meeting space as per norma
> And you don't believe that people would think that's suspicious?
What part? The change of a URL that is not associated with the
repainting of window contents? I believe that they are very unlikely
to catch this after initially examining the URL, in absence of other
indicators (change in URL leng
