eEye staffers Marc Maiffret and Riley Hassell, were again busy on finding the bugs, so a new advisory hit the “streets” today. This time, there is a remote …

This contribution provides an overview of some of the security aspects of DSL-based corporate networks. With the expansion of the Internet and the increasing use of Internet …

SQL Server uses an undocumented function, pwdencrypt() to produce a hash of the user’s password, which is stored in the sysxlogins table of the master database. This is …

Some members of the open-source and free software community argue that their code is more secure, because vulnerabilities are easier for users to find and fix. Meanwhile the …

The paper is intended to be read by the portion of the security community responsible for creating protective mechanisms to guard against “shellcode” type security …

The events of recent years and especially of recent months have greatly increased awareness of information and infrastructure security, whether they are media reports of the …

This paper addresses the subject of SQL Injection in a Microsoft SQL Server/IIS/Active Server Pages environment, but most of the techniques discussed have equivalents in other …

This technical brief will overview the inherent flaws that plague the internet today, making it vulnerable to corporate espionage, money laundering, grand larceny, trading …

This paper discusses the feasibility of violating the access control, authentication and audit mechanisms of a running process in the Windows server operating systems. …

Security problems in software are of course an extremely bad thing, regardless of the business model under which the software was written. I want to consider why anybody …