| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <012001c5c9a7$24de0a60$1b00a8c0@ngssoftware.com> Date: Wed, 5 Oct 2005 13:20:16 +0100 From: "David Litchfield" <davidl@...software.com> To: <bugtraq@...urityfocus.com> Subject: Some new whitepapers ... Hey all, I've written two papers available from here http://www.ngssoftware.com/papers.htm The first deals with buffer _underruns_ , DEP and Address Space Layout Randomization on Windows. During the paper's review process I was pointed to http://www.phrack.org/show.php?p=58 which deals with the same conceptual issues to defeat PaX on Linux but, as my paper was completed, I thought I may as well still go ahead and release it. Besides mine discusses buffer underruns, too :) The second paper talks about using inference as a means of drilling for data with SQL injection and it is based upon a talk I presented at Blackhat Europe earlier on in the year. I divide SQL injection data theft attacks into three classes - inband, out-of-band and inference. The first, in-band, uses the existing connection to get data out; the second, out-of-band, uses another channel, e.g. smtp by using builtin database mail functions; and lastly inference. With inference there is no actual transfer of data - rather it can be inferred what the data is by making observations about differences in the way an application behaves. Cheers, David Litchfield NGSSoftware Ltd http://www.ngssoftware.com/
Powered by blists - more mailing lists