|
 |
divendres, 23 / desembre / 2005 |
[The Register] Palm pledges three new smart phones in 2006. El proper any ens portarà tres nous telèfons mòbils de Palm. Es parla de suport de 3G i, molt probablement, de WiFi.
In November, Caris & Co. analyst Susan Kalla claimed Palm was preparing two new smart-phone designs dubbed 'Lowrider' and 'Hollywood', presumably because they're pitched at low-end and multimedia-oriented markets, respectively. Hollywood is also thought to be a 3G model. She also said Palm was working on the Treo 700p, which observers have taken to be the Palm OS version of the 700w.
|
21:54 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
Vídeo que explica tècniques d'injecció SQL: Blind MySQL injection and database stressing (enllaç eMule). Mostra les tècniques explicades en aquest article
Currently tools are being used to get SQL data from a blind (Microsoft) sql injection, like datathief of absinthe. The problem in Mysql is the dificulty to get the database structure. In Mysql there are no Objects database or alike, so it's not possible to create an stored procedure to walktrough a database catalog as these programs do with other database managers.
The approach explained here is from a web service viewpoint. It's, from a web service vulnerable to sql injection.
|
19:49 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
L'experiència de l'equip intern de Microsoft que analitza la seguretat dels seus productes.
Attack and penetration testing is a set of techniques and methodologies to test compliance to security policies, and to detect previously unknown vulnerabilities. The overall goal is to limit the points of exposure and to restrict the ability of unknown attackers to gain entry. However, developing an effective attack and penetration testing team presents unique management challenges. This discussion gives some best practice advice and lessons learned from the Microsoft IT experience building and operating an internal attack and penetration testing team.
|
12:44 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[The Register] Critical Symantec bug hits 40 products. Vulnerabilitat crítica a 40 productes de Symantec, tant de la línia de consumidors com corporatius. La vulnerabilitat es troba en el processament de fitxers RAR i pot ser utilitzada per a l'execució remota de codi.
A flaw affecting many Symantec security products - both consumer and enterprise - has been discovered. Users of Symantec's Norton Internet Security 2005, Norton AntiVirus 2005, Norton Antivirus for Macs, corporate anti-virus apps and Brightmail anti-spam software (among others) all need to apply patches following the discovery of the "critical" security bug. In all 40 packages are affected.
The vulnerability stems from a flaw in an library component (called Dec2Rar.dll) involving the processing of RAR archives. This vulnerability can be exploited as a means to inject hostile code onto vulnerable systems when a malicious RAR file is scanned. The flaw affects Dec2Rar.dll version 3.2.14.3 and potentially hits all Symantec products that use the library file, hence the large number of affected packages.
Symantec aconsella l'actualització de les signatures dels antivirus així com diverses mesures per evitar l'impacte d'aquest problema.
|
12:24 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2003-2006 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
Contingut actualitzat
Categories
Darrers comentaris
Arxiu
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
|
 |
 |
 |
 |
|
