Xanda's Blog !~!

IronFox

Jun
15

IronFox is firefox in a sandbox, or more correctly, an application shell script wrapper that starts firefox in a sandbox. The policy is bundled within the app, should there be any desire to inspect the policy before use.

The goal of the policy is to let the user browse the web without interfering, but still protect the users privacy and system integrity from vulnerabilities that may exist in firefox or its plugins. The only restrictions that Ironfox gives the user is that downloads and uploads may only recide in the users download directory, and that ironfox itself can not launch any other applications.

Read more HERE

PHP Security Poster

Nov
29

SektionEins has finished the english translation of the PHP Security Poster and sends it now to interested PHP programmers for free. You only have to fill out the order form. The poster is of DIN A0 size and details the most important aspects of configuring PHP securely and writing secure PHP code..

The poster contains the following topics:

  • Vulnerabilities & Concepts
  • Security Related PHP Funktionen
  • Secure Programming
  • Hardening the PHP Configuration
  • Server Protection with Suhosin

The order form for the poster is available here.

Happy Kernel Code Execution Via Internet Explorer

Nov
11

Happy Kernel Code Execution Via Internet Explorer 😛

Read more:

Prevention/Solution..

Update ur Windows.. How? Errr… Here

Microsoft Announcing the Release of the Enhanced Mitigation Evaluation Toolkit (EMET)

Oct
28

Even as you read this, people around the world are hunting for vulnerabilities in software applications.  Odds are some of them will be successful.  Depending on their motives and what they find, your software and systems may be put at risk.  So how do you protect your software from unknown vulnerabilities that may or may not exist?  One option is to use security mitigations.

Microsoft offers a number of different mitigation technologies that are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software.  Take a look at Michael Howard’s article “Protecting Your Code with Visual C++ Defenses” (http://msdn.microsoft.com/en-us/magazine/cc337897.aspx) for a brief overview of some of these technologies.

Supported mitigations include:

  • SEHOP
  • Dynamic DEP
  • NULL page allocation
  • Heap spray allocation

[Read more: HERE]

Damn Vulnerable Linux (DVL)

Mar
10

Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD purposefully stuffed with broken, ill-configured, outdated and exploitable software, began life as a training system used during the author’s university lectures.

Its primary goal is to design a Linux system that is as vulnerable as possible — in order to teach and demonstrate a variety of security topics, including reverse code engineering, buffer overflows, shell code development, web exploitation, and SQL injection.

It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.

So if you are looking for a new playground, DVL is a good choice for you.