Keeping Knowledge Free for Over a Decade

Spam

Intel C++ smokes gcc

posted onJanuary 27, 2002

by hitbsecnews

Source: OpenMag.com

nocomment

→READ MORE

A Linux guy looks at NetBSD

posted onJanuary 23, 2002

by hitbsecnews

Source: News Forge

I have been a Linux user since 1995. It has been my desktop and server of choice since about 1997. But there is more in the Open Source operating system world than just Linux. So, I decided to play with the Wasabi Systems' distribution of NetBSD. The basic distribution comes on two CDs with a small instruction booklet.

Overview

nocomment

→READ MORE

screamingCobra, Automated Remote CGI Vulnerability Discovery

posted onJanuary 21, 2002

by hitbsecnews

Source: Screaming Cobra

ScreamingCobra is an application to find vulnerabilities in remote CGIs by using techniques that are able to spot very common bugs in many CGIs, usually when dealing with template files or any other files or applications.

nocomment

→READ MORE

Software detects possible cheating

posted onJanuary 20, 2002

by hitbsecnews

Source: CNN

L33tdawg: This is pretty interesting actually... I wonder how accurate the detection capabilities are.

A software program designed by Georgia Tech professors to detect cheating in students' computer programming homework turned up 186 possible violators, school officials say.

nocomment

→READ MORE

Can You su?

posted onJanuary 18, 2002

by hitbsecnews

Source: IT World

nocomment

→READ MORE

Using ssh Port Forwarding to Print at Remote Locations

posted onJanuary 17, 2002

by hitbsecnews

Source: Linux Journal

ssh--oh yeah, that's a secure Telnet program, right? Yes, it is, and it's much, much more. You're not still using Telnet, are you? Previous issues of Linux Journal have talked about the ``much, much more'' of ssh (see Resources). In this article I show a specific example of using ssh to do ``much, much more''. I also demonstrate how to use ssh's port-forwarding feature to connect the printing systems on different networks across the Internet, at the same time securing the data while in transit.

nocomment

→READ MORE

WebSphere Studio Application Developer

posted onDecember 21, 2001

by hitbsecnews

The WebSphere Studio Application Developer for Linux and Windows, a completely new tool built on the WebSphere Studio Workbench, is a pluggable tool-development and integration platform that incorporates the technology of the recently announced Eclipse open-source organization.

nocomment

→READ MORE

A Simple Oracle Host-Based Scanner

posted onDecember 18, 2001

by hitbsecnews

Source: SecurityFocus

L33tdawg: I've yet to try the tool out myself (mainly because I don't have access to an Oracle DB), however, if any of you have the time, perhaps you could give it a quick twirl and post your findings here.

nocomment

→READ MORE

Race Condition in FreeBSD AIO Implementation

posted onDecember 14, 2001

by hitbsecnews

AIO is a POSIX standard for asynchronous I/O. Under certain conditions, scheduled AIO operations persist after an execve, allowing arbitrary overwrites in the memory of the new process. Combined with the permission to execute suid binaries, this can yield elevated privileges. Currently VFS_AIO is not enabled in the default FreeBSD kernel configuration, however comments in ``LINT'' suggest security issues have been known about privately for some time:

nocomment

→READ MORE