Lost+Found: Random numbers, URL expander and WebDAV
Too short for news, too good to lose; lost+found is a round up of useful security information. Today, random numbers, URL expander and WebDAV
Steampunk-inspired mechanical random number generator: May thy dice chip and shatter
Microsoft's explanation as to which IIS configuration settings allowed exploitation via the WebDAV vulnerability was pretty unclear. Steve Friedl from Unixwiz.net has attempted to bring light where there was darkness: Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability
Making long of short: A Firefox plug-in that shows the true target of shortened URLs in the preview. LongURLPlease
An unpatched vulnerability crashes Adobe Reader 9.1.1 and Acrobat 9.1.1. The cause is recursive JavaScript function calls, which clog up the stack (stack exhaustion). PDF DoS exploit on Milw0rm
Expect the unexpected – but then react accordingly (after Heraclitus). Even when all hypothetical threats (to a system) are known, there's still the problem of deciding which to take seriously and to take concrete precautions against: Emerging Threats and Security Planning - How Should We Decide What Hypothetical Threats to Worry About?
(crve)