comments (not for humans)
I just read Ronald van den Heetkamp's post about hackers using SQL-injection spread malware. The hackers are basically using SQL-injection to inject code that, when opened in a browser, will exploit a security hole in the latest version of flash.[...]
Some of you may have read my earlier post Making a WSS4J client talk to a WSE 3.0 secured web service with x509 certificates. In the original post I used the interop certificates that are issued with WSS4J. In this post I'll explain how you can create your own certificates.
[...]
I've just added a new feature to .NetSpec's exporter .NetSpecExporter. It can now parse TestResults files from Visual Studio or MsBuild/TFS Team build, and show them in a compressed readable format.
[...]
I wrote a post about an RFI attack some days ago. The post is available here. The RFI script attempted to open backdoors by decoding and compiling base64 encoded c-code. The code was also available in perl versions. The script also allowed arbitrary upload and download of files, database dumps and much much more.[...]
CNN has an interesting story about some reasearchers that found they could destroy a power generator by hacking into it from the internet. The attack was staged, but this leaves some scary thoughts in my head in a "fire sale" (ref. Die Hard 4.0/Live free or Die Hard) sort of way.
[...]
HackCon #3 is over, and I think HackCon has improved a lot since #1, with so many interesting and inspiring presentations and speakers.
[...]
I've added a couple of new features to .NetSpec.
[...]
So I just added a new open source project to boss.bekk.no. It's called .NetSpec and the goal is the provide a RSpec like syntax for writing tests/specifying behaviour, but still allow the tests to run through Visual Studio's test view and the TFS team build.
[...]
Some of you may have seen my old posting where I presented some configuration for accessing a WSS4J secured Axis service from .NET using WSE3.0. I have gotten a lot of questions about how to make this work the other way around. This post contains a working configuration for a WSS4J secured client talking to a WSE3.0 secured web service using x509 certificates.
[...]
A colleague of mine, Thomas Johan Eggum, finished his masters thesis on security pitfalls in ajax/web 2.0 applications this June. It's only available in norwegian, and you can download it here: Sikkerhetsfallgruver og forholdsregler i Web 2.0 med AJAX. Enjoy[...]