Lost+Found: Skype, XSS, and a Java exploit examined
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar this week. Today: Skype as a hacker's accomplice, measures to combat XSS, Keccak for C++, an analysis of a Java attack, a new security distribution, and the RSA Conference.
- Address Space Layout Randomisation (ASLR) is a good security feature – provided people actually use it. The Skype developers haven't done so, or at least not consistently. As a result, a Skype library could potentially become a means to an end for attackers...
- Security firm Coverity thinks that there's no need for cross-site scripting (XSS) holes to exist and explains how to prevent them.
- Version 5.6.2 of the Crypto++ crypto library for C++ supports Keccak – also known as SHA3.
- The Security Obscurity blog has cast a look behind the scenes of the Java exploit that is contained in the Cool Exploit Pack.
- The RŌNIN security distribution brings with it a variety of useful tools that should delight pen testers and forensic investigators. It is based on the Lubuntu 12.10 derivative of Ubuntu (Ubuntu with LXDE instead of Unity).
- You missed the RSA Conference? Here are the video recordings.