01 March 2013, 15:14
Lost+Found: Skype, XSS, and a Java exploit examined
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar this week. Today: Skype as a hacker's accomplice, measures to combat XSS, Keccak for C++, an analysis of a Java attack, a new security distribution, and the RSA Conference.
- Address Space Layout Randomisation (ASLR) is a good security feature – provided people actually use it. The Skype developers haven't done so, or at least not consistently. As a result, a Skype library could potentially become a means to an end for attackers...
- Security firm Coverity thinks that there's no need for cross-site scripting (XSS) holes to exist and explains how to prevent them.
- Version 5.6.2 of the Crypto++ crypto library for C++ supports Keccak – also known as SHA3.
- The Security Obscurity blog has cast a look behind the scenes of the Java exploit that is contained in the Cool Exploit Pack.
- The RŌNIN security distribution brings with it a variety of useful tools that should delight pen testers and forensic investigators. It is based on the Lubuntu 12.10 derivative of Ubuntu (Ubuntu with LXDE instead of Unity).
- You missed the RSA Conference? Here are the video recordings.
(sno)
Print Version | Send by email
| Permalink: http://h-online.com/-1814972
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
