SecurityRatty: tag: exceptions

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...exceptions get logged [stage 4], which tests you re-run [stage 6] and even which parsers you might decide to go after next [stage 1], etc). Below is a brief listing of each stage and its associated tasks Stage 1: Prerequisites Identifying the targets (program interfaces to fuzz Prioritizing your efforts (test planning Setting Bug Bar Stage 2:...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

"Walking" with the SDL - Part 4

2008-07-25 20:49:00 by sdl in The Security Development Lifecycle

...exceptions to security bugs What does an FSR team do Re-review threat models to verify all mitigations identified in those exercises were fixed or went through an exception process Verify that all security issues uncovered during the development process were fixed or granted exceptions by the appropriate people. This is where you verify...

Tags: team, product team, requirements, define requirements, security requirements, security, final security report, threat models, re-review threat models

Facebook Malware Campaigns Rotating Tactics

2008-08-27 10:04:51 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exceptions. Like this flash file hosted at ImageShack and spammed across Facebook profiles, which at a particular moment in the past few days used to redirect to client-side exploits served on behalf of a shady affiliate network that's apparently geolocating the campaigns based on where the visitors are coming from img228.imageshack...

Tags: malware campaign, successful malware campaign, facebook, facebook malware campaign, campaigns, campaign, campaigns based, trust factor, trust

ASP.NET Health Monitoring doesn't log inner exception stack trace

2008-08-01 16:21:00 by keith-brown in Security Briefs

...exceptions. The stack trace looks the same because of the way the methods are invoked (via reflection) - you end up with a stack trace for a TargetInvocationException, which basically says, "I used reflection to invoke some method, and it threw an exception. See the inner exception for details ASP.NET's health monitoring system does list the...

Tags: exception stack trace, exception, stack trace, net, net web event, asp, exceptions, solution, cleaner solution

Email Hacking Going Commercial - Part Two

2008-08-08 14:31:54 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exceptions. We have had people request our service and once we recover the password, they reset the subject account then ask us for the original password so they can reset it back - the answer will be no. We have also had people ask if they could have the password since we've already recovered it and they cannot pay - the answer will be no....

Tags: crack password, crack, crack email password, email password, password, original password, current password, password retrieval, email

German Courts Rule on Spying in Cyberspace

2008-03-12 06:18:49 by schneier in Schneier on Security

...exceptions can be made if there is just cause. The judges did not feel that the blanket covert online searches that North Rhine-Westphalia's (NRW) provisions allowed fell under that category; rather, these searches were found to be a severe violation of privacy The court explained that strict legal provisions apply for covert online searches...

Tags: federal constitutional court, court, german, blanket covert online, covert online, privacy, pcs, pcs online, judges

PR Storm - Mass iFRAME Injectable Attacks

2008-03-17 17:54:21 by HASH0x8b5dc70 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exceptions are operating within the same netblock, and continue doing so. And the exceptions? It's all a matter of perspective, whether or not you believe having a RBN hosted domain within the actual iFRAME, or the result of the iFRAME redirection in terms of importance

Tags: massive iframe attack, iframe attack, attack, attack vector, attack tactics, domains, malicious domains, malicious, sites

Web Site Defacement Groups Going Phishing

2008-04-28 01:23:00 by HASH0x88f9370 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exceptions, those exceptions are figuring out how to vertically integrate and build the capability to participate in multiple malicious activities simultaneously

Tags: web site defacement, site, web site defacements, bamaangels, scale type, page, serve malware, underground market, malwaware authors

Better exception reporting in ASP.NET

2008-08-01 20:30:05 by keith-brown in Security Briefs

...exceptions, which can be problematic due to its heavy reliance on reflection. I spent the morning doing some further spelunking with reflector , and my first solution was to implement a custom WebEvent that overrides ToString() to format itself with all of the data I care about. I then overrode the Error event via global.asax and raised my...

Tags: error event, event, provider, default event, email provider calls, event log provider, provider include, custom email provider, output stack traces

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo