Anomaly in computer security and programming
POPULARITY
This week on the PHP Podcast, Eric and John discuss Laravel Enums, Serialization, json_decode, Bye Bye to Skype, and more. Links from the show: Buffer Overflow in Laravel: Causes, Prevention & Fixes – DEV Community The death of Skype: when it closes and what you need to do Avoid This Laravel Enum Trap: Learn How […] The post The PHP Podcast: 2025.03.13 Unadvisable Unserializing appeared first on PHP Architect.
Im Kontext der US-Präsidentschaftswahlen gibt es immer wieder Kritik am Einsatz elektronischer Wahlmaschinen bzw. an ihrer Sicherheit. Zwar handelt es sich an vielen Stellen um reine Spekulation, doch nicht umsonst beschäftigen sich zahlreiche Wissenschaftler*innen und IT-Sicherheitsexpert*innen eingehend damit, Sicherheitslücken in solchen Wahlsystemen ausfindig zu machen. In der 26. Folge von Informatik für die moderne Hausfrau beschäftigen wir uns mit einer Möglichkeit, wie (Wahl-)Systeme beeinflusst werden können, nämlich durch das gezielte Herbeiführen eines sogenannten Buffer Overflow. Wir schauen uns an, was das überhaupt ist und wie das funktioniert, und erfahren dabei ein bisschen mehr über die Funktionsweise von Speicher. Den Bericht über Sicherheitslücken von Wahlmaschinen, den ich erwähnt habe, findet ihr hier: https://verifiedvoting.org/wp-content/uploads/2021/11/14-AcademicFinalEVERESTReport.pdf Mehr über das Forschungsprojekt der Masterstudierenden von der Carnegie Mellon University zur Sicherheit von Wahlen in Pennsylvania erfahrt ihr hier: https://www.heinz.cmu.edu/media/2018/October/students-target-weaknesses-election-security https://www.heinz.cmu.edu/heinz-shared/_files/heinz-college-election-security-paper-final-5.10.2018.pdf Informationen über und Berichte aus dem Voting Village findet ihr auf dieser Seite: https://www.votingvillage.org/ Alle Informationen zum Podcast findet ihr auf der zugehörigen Webseite https://www.informatik-hausfrau.de. Zur Kontaktaufnahme schreibt mir gerne eine Mail an mail@informatik-hausfrau.de oder meldet euch über Social Media. Auf Twitter, Instagram und Bluesky ist der Podcast unter dem Handle @informatikfrau (bzw. @informatikfrau.bsky.social) zu finden. Wenn euch dieser Podcast gefällt, abonniert ihn doch bitte und hinterlasst eine positive Bewertung oder eine kurze Rezension, um ihm zu mehr Sichtbarkeit zu verhelfen. Rezensionen könnt ihr zum Beispiel bei Apple Podcasts schreiben oder auf panoptikum.social. Falls ihr die Produktion des Podcasts finanziell unterstützen möchtet, habt ihr die Möglichkeit, dies über die Plattform Steady zu tun. Weitere Informationen dazu sind hier zu finden: https://steadyhq.com/de/informatikfrau Falls ihr mir auf anderem Wege etwas 'in den Hut werfen' möchtet, ist dies (auch ohne Registrierung) über die Plattform Ko-fi möglich: https://ko-fi.com/leaschoenberger Dieser Podcast wird gefördert durch das Kulturbüro der Stadt Dortmund.
Step into the digital fortress with our latest podcast episode on the FortiOS SSLVPN buffer overflow vulnerability. Our cybersecurity experts break down the complexities of this critical threat and guide you through robust protection strategies. This episode is a must-listen for anyone looking to safeguard their digital landscape against sophisticated cyber threats. Tune in to fortify your knowledge and ensure your organization's resilience in the face of potential cyber attacks. Interested in the full technical info of the discussed threats? For more detailed information or to access the infographic, please visit https://threat-talks.com/fortios-sslvpn-buffer-overflow/
Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw232
Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw232
A high-profile Linux kernel network flaw, we put JFS on a death watch, and break down the controversial Firefox update this week.
A high-profile Linux kernel network flaw, we put JFS on a death watch, and break down the controversial Firefox update this week.
Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://anchor.fm/chillchillsecurity/support
The Linux kernel has some exciting updates this week, including a significant Asahi milestone and some good news for Android. Then we take openSUSE's new web-based installer for a spin.
The Linux kernel has some exciting updates this week, including a significant Asahi milestone and some good news for Android. Then we take openSUSE's new web-based installer for a spin.
Josh and Kurt talk about the recent OpenSSL nothingburger. OpenSSL got everyone whipped into a frenzy over a critical vulnerability, then changed the severity to high. The correct solution to this whole problem is to stop using a TLS library written in C, we need to be using memory safe languages. Don't migrate from OpenSSL 1 to 3, migrate from OpenSSL 1 to Rustls. Show Notes OpenSSL Blog Post OpenSSL pre-announcement Mark Cox Tweet 3.0 only affected GossiTheDog NDA Tweet Claims of a name and logo Rustls Image Credit
What you need to know about that new OpenSSL vulnerability, the big bcachefs update we've been waiting for, and why the community is creating a Gitea fork.
What you need to know about that new OpenSSL vulnerability, the big bcachefs update we've been waiting for, and why the community is creating a Gitea fork.
A few issues this week, including an overflow in SHA-3, yet another io_uring bug, and multiple (questionably exploitable) corruptions in Edge. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/162.html [00:00:00] Introduction [00:00:23] Spot the Vuln - Tricky Notes [00:04:04] Memory corruption vulnerabilities in Edge [00:15:19] SHA-3 Buffer Overflow [00:23:53] A Journey To The Dawn [CVE-2022-1786] [00:36:57] Exploiting Xbox Game Frogger Beyond to Execute Arbitrary Unsigned Code The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
This week Jeff is accompanied by Rett (he's awesome) and they are discussing everything happening in the world of tech, computers, gaming, craft beer and cocktails.
In this episode, I will be covering topics from Domain 2 of CompTIA Security+ Sy 601. Topics covered in the episode are, Physical Security Data Sanitization Secure Code Design, and DevSecOps Application Attacks like SQL Injection, Buffer Overflow, Cross-Site Scripting, etc. Input Validation and Code Reviews.
I hosted a podcast called Buffer Overflow for about 4 years and 200 episodes. The company I worked for took down the podcast and all of its episodes. Should I host them on my own? Would anyone listen? I want to hear from YOU!
This episode invites Larry Cashdollar to talk about the types of weaknesses in the many CVEs he has found and how the frequency of these weaknesses have changed. We focus on weakness that are not just buffer overflows. CWE List of weaknesses Larry Cashdollar, CVE Numbering Authority Akamai
In today's podcast we cover four crucial cyber and technology topics, including: 1. TikTock influencers targeted in account theft scheme 2. Netgear routers require update to mitigate flaw 3. U.S. repaying part of shutdown crypto scam after assets seized 4. Darkweb indications that Chinese and Russian hackers are collaborating more closely I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Ned Bellavance (@Ned1313) sits down with us for an discussion about Terraform, the latest from Hashiconf, tips and tricks for using Terraform for automating your infrastructure, and more. Ned is a Hashicorp Ambassador, a Microsoft MVP, and a Pluralsight author. He currently hosts and cohosts podasts such as Day Two Cloud, Buffer Overflow, and The Daily Check in. He also hosts a YouTube video every Tuesday called Terraform Tuesdays, where he talks about Terraform in detail, performs demos of the tool, and provides a repository to all of the code used in his demonstrations. Resources: https://nedinthecloud.com/podcasts/ https://nedinthecloud.com https://www.youtube.com/c/NedintheCloud https://t.co/RbSOSD2uVf?amp=1 https://github.com/ned1313/terraform-tuesdays https://app.pluralsight.com/profile/author/edward-bellavance
Today was my last episode of Buffer Overflow, and it was an emotional adieu. I'll miss the BO crew and all the ridiculousness we got up to. But it was time to move on. I wish the crew all the best for the future of the podcast, whatever new form it may take. Buffer Overflow: https://anexinet.com/resources/podcasts/buffer-overflow/ ----------------------------------------------------------------------------------------------------- Patreon: https://www.patreon.com/nedinthecloud Website: https://nedinthecloud.com Pluralsight: https://app.pluralsight.com/profile/author/edward-bellavance GitHub: https://github.com/ned1313
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malspam Pushes Trickbot gtag rob13 https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/ AppleJeus https://us-cert.cisa.gov/ncas/alerts/aa21-048a Python 3 Buffer Overflow https://bugs.python.org/issue42938 Apple Platform Security Guide https://support.apple.com/guide/security/welcome/web
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malspam Pushes Trickbot gtag rob13 https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/ AppleJeus https://us-cert.cisa.gov/ncas/alerts/aa21-048a Python 3 Buffer Overflow https://bugs.python.org/issue42938 Apple Platform Security Guide https://support.apple.com/guide/security/welcome/web
Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss why you should patch your SonicWall firewall now due to a VPN bug, why the international "Five Eyes" organization would like to have an encryption backdoor, how a software engineer caught a bot posting to Reddit and how Facebook deemed an onion too sexy for its ad platform. Get IT tips here: > www.OptricsInsider.com Timecodes: 0:00 - Intro 0:17 - Today's 3 topics 0:51 - Topic 1: SonicWall VPN Bug (Patch Now) 2:37 - Topic 2: Five Eyes Asking for an Encryption Backdoor 5:10 - Topic 3: Bot Caught Posting to Reddit 8:43 - Bonus: An Onion Too Sexy for Facebook 11:25 - Closing remarks Learn more about SonicWall's VPN bug here: > CVE-2020-5135 - Buffer Overflow in SonicWall VPNs - Patch Now > SonicWall Security Advisor Vulnerability List Learn more about Five Eyes nations (plus Japan and India) wanting an encryption backdoor here: > Five Eyes nations plus Japan, India call for Big Tech to bake backdoors into everything Learn more about the software engineering discovering the bot posting on Reddit here: > Software Engineer Catches Intelligent Bot Posting on Reddit Learn more about the onion "too sexy" for Facebook here: > Why some onions were too sexy for Facebook #OptricsInsider #ITSecurityTips #cybersecurity #technews #infosec --- Send in a voice message: https://anchor.fm/optrics-insider/message
This week we talk a bit about some Black Friday deals before jumping into another SD-WAN pwn, some jailbreaks, and research into automatic exploit generation. [00:00:40] Black Friday is coming... VMWare - Usually ~35% off Shodan - $5 lifetime, last year they ran the deal before and after Black Friday so pay attention. Pluralsight - 40% off INE - 40% off (access to all eLearnSecurity courses) Cybrary.it - $600 off PentesterLab - Last year was 13.37% off NoStarchPress - Last year was 42% off O'Reilly Online Learning - $199/year (normally $500/yr) Pentester Academy - 70% off (covid "perma-deal") [00:10:03] Oracle Security Alert - CVE-2020-14750 https://twitter.com/chybeta/status/1323220987442208769 [00:13:34] FileZilla "Scale Factor" field is vulnerable of Buffer Overflow [00:21:33] Playstation Access Token Stealing https://hackerone.com/reports/826394 [00:27:54] SD-PWN Part 2 - Citrix SD-WAN Center - Another Network Takeover [00:37:19] Exploiting dynamic rendering engines to take control of web apps [00:42:34] Privileged Container Escape - Control Groups release_agent [00:47:23] Modern attacks on the Chrome browser [00:58:57] Jailbreaks Never Die - Exploiting iOS 13.7 [01:08:27] Kernel Exploitation with a File System Fuzzer [01:13:57] Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters https://little-canada.org/pdf/web/viewer.html?file=heelan_phd_thesis.pdf Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])
Probably more anniversary talk here than in the actual anniversary episode, but that’s just the kind of quality you’ve come to expect. We got your back. Our theme music is "Back to the Grind" by Billie Stevens. Podcast logo by Lazy N. New FULL episodes every Wednesday at 1am Pacific, so you can start your hump day right. You can find J and Lazy N Ramble On...at Anchor.fm and Spotify, or subscribe wherever you currently subscribe to podcasts, including Apple Podcasts, Google Podcasts, Stitcher, &tc. Follow us on Instagram, Twitter, and Facebook, leave us a voice message, or email us at jandlazyn@gmail.com. And we have merch at TeePublic. Buy a shirt! Find Jeff on Instagram. If you're lucky... Find Nic (and his blackkittybros) on Facebook, Instagram, and Twitter. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app · Charity Promotion: Democracy Works: This advertisement is part of a charitable initiative in partnership with Democracy Works. howto.vote
Terraform 0.13 features: • For_each and count for modules • Depends_on for modules • Automatic install of 3rd party providers • Custom validation rules for module variables Terraform Cert Guide: https://leanpub.com/terraform-certified/ Buffer Overflow: https://www.anexinet.com/resources/podcasts/buffer-overflow/
My three pillars 1. Embrace discomfort 2. Fail often 3. Be nice Where you can get more Ned (if that's what you want) Podcasts Daily Check-In - https://anchor.fm/ned-bellavance Day Two Cloud - https://daytwocloud.io/ Buffer Overflow - https://www.anexinet.com/resources/podcasts/buffer-overflow/ Tech Analysis on GigaOm - https://gigaom.com/analyst/bellavance-ned/ Pluralsight courses - https://app.pluralsight.com/profile/author/edward-bellavance Book on Leanpub - https://leanpub.com/terraform-certified/
Zoom vuln worth $500k? Probably not... What is worth $500k? Binary Ninja's new decompiler...okay probably not but it is exciting.We've also got some stupid issues and some interesting LPEs this episode. [00:00:29] Cognizant suffers Maze Ransomware cyber attack [00:14:08] Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 [00:27:46] How I Reverse Engineered the LastPass CLI Tool [00:35:59] State of the Ninja: Episode 13 [01:02:18] Riot offering up to $100k n Bug Bounty [01:05:31] Research Grants to support Google VRP Bug Hunters during COVID-19 [01:09:08] Denial of service to WP-JSON API by cache poisoning [01:11:43] CSRF to RCE bug chain in Prestashop [01:21:16] Unintended disclosure of OTP [01:24:20] JSON Web Token Validation Bypass in Auth0 Authentication API [01:27:06] git: Newline injection in credential helper [01:31:20] How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability [01:36:34] Pwning vCenter with CVE-2020-3952 [01:45:19] Oracle Solaris 11.x/10 whodo/w Buffer Overflow [01:51:22] Linux Kernel EoP via Improper eBPF Program Verification [CVE-2020-8835] [01:57:39] Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4f42c24e02ce82392d8f8fe215570568380c8ab [02:07:20] Ricerca Security: "SMBGhost pre-auth RCE https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/ [02:14:01] IJON: Exploring Deep State Spaces via Fuzzing [02:23:26] Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction [02:27:45] GitHub - wcventure/FuzzingPaper
Show Notes Buffer Overflow: Top Trends and Predictions for 2018 Episode 40 Private Cloud, Cybercrime, Kubernetes, and more! Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect […] The post Buffer Overflow 40: Top Trends and Predictions for 2018 [REPOST] appeared first on Anexinet.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105 https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc WebAssembly Brings Buffer Overflows to Browsers https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly Increased Ethereum Miner Attacks https://isc.sans.edu/port.html?port=8545 https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter Android Click Fraud Apps are Emulating iPhones for Higher Revenue https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105 https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc WebAssembly Brings Buffer Overflows to Browsers https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly Increased Ethereum Miner Attacks https://isc.sans.edu/port.html?port=8545 https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter Android Click Fraud Apps are Emulating iPhones for Higher Revenue https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
Take down a Linux or FreeBSD box with just 2kpps of traffic, own Homebrew in 30 minutes, and infiltrate an entire network via the Inkjet printers. It’s a busy TechSNAP week.
In this episode of Ask SME Anything: 1. What is the difference between Threat, Vulnerability, and Risk? 3:25 2. What exactly is XSS and how does it work? 8:15 3. Could you explain Buffer Overflow attacks... like I'm 5? 19:29 4. How can I be more secure when browsing the internet? 29:52 5. Which Antivirus software should I use? 36:17
Wir sprechen aus gegebenem Anlass über buffer overflows Shownotes shw podcast namespace morris wurm man gets buffer overflow heap based overflow Harvard Architektur stack canaries nob sled ASLR Bounds Checking
Show Notes Buffer Overflow: Terrible Lizard Concepts Episode 46 AT&T dNOS, Chrome hates HTTP, and Daylight Savings Time’s clock has run out Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 […] The post Buffer Overflow 46: Terrible Lizard Concepts appeared first on Anexinet.
Show Notes Buffer Overflow: This is OuroBros Episode 45 RedHat buys CoreOS, Dell is doing something, and Your Cell Phone is (not) Giving You Cancer Hosts Ned Bellavance, Director of […] The post Buffer Overflow 45: This is OuroBros appeared first on Anexinet.
Show Notes Buffer Overflow: You’re not Wrong Donny… Episode 44 Topic Tech Too Tech, Big Data Breaches, and Boring Flamethrowers Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris […] The post Buffer Overflow 44: You’re not Wrong Donny… appeared first on Anexinet.
Show Notes Buffer Overflow: Quantmentum Episode 43 Autonomous Vehicles, PowerShell Core, and Satya Nadella CPU Follies Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for Infrastructure […] The post Buffer Overflow 43: Quantmentum appeared first on Anexinet.
Show Notes Buffer Overflow: So Long and Thanks for All the CES Episode 42 CES 2018 Roundup, Spectre and Meltdown updates, and a Kodak moment for ICOs Hosts Ned Bellavance, […] The post Buffer Overflow 42: So Long and Thanks for All the CES appeared first on Anexinet.
Show Notes Buffer Overflow: Melter and Specdown Episode 41 Meltdown and Spectre, Repatriation of Profits, and Doom-doom doomey-doom-doom Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect […] The post Buffer Overflow 41: Melter and Specdown appeared first on Anexinet.
Show Notes Buffer Overflow: Top Trends and Predictions for 2018 Episode 40 Private Cloud, Cybercrime, Kubernetes, and more! Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect […] The post Buffer Overflow 40: Top Trends and Predictions for 2018 appeared first on Anexinet.
Show Notes Buffer Overflow: Top Trends 2017 Revisited Episode 39 Machine Learning, Hyperconverged, Quantum Programming, and more! Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for […] The post Buffer Overflow 39: Top Trends 2017 Revisited appeared first on Anexinet.
Show Notes Buffer Overflow: This is not my Beautiful Death Machine Episode 38 Bitcoin Bubbles, KubeCon 2017, and ML Jumping the Shark Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 […] The post Buffer Overflow 38: This is not my Beautiful Death Machine appeared first on Anexinet.
Show Notes Buffer Overflow: In Soviet Russia, VM Stuns You Episode 37 AWS re:Invent, VMware’s Amazing Q3, and OWASPs WASR List Hosts Ned Bellavance, Director of Cloud Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 […] The post Buffer Overflow 37: In Soviet Russia, VM Stuns You appeared first on Anexinet.
Show Notes Buffer Overflow: A Blursing (Ewww) Episode 36 VMware on Azure, Munich loses OSS Mojo, and the possible Xen Server and AWS Schism Hosts Ned Bellavance, Director of Cloud […] The post Buffer Overflow 36: A Blursing (Ewww) appeared first on Anexinet.
Show Notes Buffer Overflow: As it was, Ever shall it be Episode 35 Linus Torvalds Skoldings, FCC Fun Facts, and Facebook Never Deletes Anything Hosts Ned Bellavance, Director of Cloud […] The post Buffer Overflow 35: As it was, Ever shall it be appeared first on Anexinet.
Show Notes Buffer Overflow: Leave it alone Derrick Episode 34 Project Cerberus, Firefox Quantum, and Centriq so Chic! Hosts Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, […] The post Buffer Overflow 34: Leave it alone Derrick appeared first on Anexinet.
Show Notes Buffer Overflow: I Ordered that Lobster for YOU Miranda Episode 33 Vietnam bans Bitcoin, Equifax is all good, and Cockatoo Craziness Hosts Ned Bellavance, Director of Cloud Solutions […] The post Buffer Overflow 33: I Ordered that Lobster for YOU Miranda appeared first on Anexinet.
Show Notes Buffer Overflow: It’s a Bonanzos! Episode 32 NASDAQ surge with Tech Earnings, Pixel 2 problems, Trackless trains, and Captcha Crippled Hosts Ned Bellavance, Enterprise Architect for Infrastructure Solutions […] The post Buffer Overflow 32: It’s a Bonanzos! appeared first on Anexinet.
Show Notes Buffer Overflow: Dyson Fear Episode 31 Data in Space, Electronics Innovation, and the Lightning Round Hosts Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect […] The post Buffer Overflow 31: Dyson Fear appeared first on Anexinet.
Show Notes Buffer Overflow: “Kyle Isn’t Here Anymore” Episode 30 Topic Waymo a-Gogo, Project Gluon, and WPA2 is Broken Hosts Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris […] The post Buffer Overflow 30: Kyle Isn’t Here Anymore appeared first on Anexinet.
Show Notes Buffer Overflow: No Ties. We Wear Bolo. Episode 29: 10/12/17 Kaspersky Aspersions, Aristotle Cancelled, and the lightning round Hosts Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 […] The post Buffer Overflow 29: No Ties. We Wear Bolo appeared first on Anexinet.
Show Notes Buffer Overflow: Grand Unified Theory of Conan Episode 28: 10/09/17 Elon Musking to Mars, Amazon Baby Oopsie Hosts Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris […] The post Buffer Overflow 28: Grand Unified Theory of Conan appeared first on Anexinet.
Show Notes Buffer Overflow: Microsoft is the New Bacon Episode 27: 9/28/17 Apple and Google GAC, Microsoft Ignite Flares Up, and the Lighting Round Hosts Ned Bellavance, Enterprise Architect for […] The post Buffer Overflow 27: Microsoft is the New Bacon appeared first on Anexinet.
Show Notes Buffer Overflow: Twilight Sparkle FTW Episode 26: 9/21/17 Equifax (the saga continues), Apple Awesomeness, Pinterest Pins GPUs Hosts Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris […] The post Buffer Overflow 26: Twilight Sparkle FTW appeared first on Anexinet.
Show Notes Buffer Overflow: A Terrible Day for Naming Episode 25: 9/14/17 Winds of Change, Equifax equiFAIL, Pinterest point of interest Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 […] The post Buffer Overflow 25: A Terrible Day for Naming appeared first on Anexinet.
Show Notes Buffer Overflow: Sitting in my VMChair Episode 24 VMworld 2017, Open Source Voting, and the lightning round. Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris […] The post Buffer Overflow 24: Sitting in my VMChair appeared first on Anexinet.
Show Notes Buffer Overflow: Off-brand Chum Situation Episode 23 Droning on with MIT, Elon Musk Mind Control, and Password Mea Culpa Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 […] The post Buffer Overflow 23: Off-brand Chum Situation appeared first on Anexinet.
Show Notes Buffer Overflow: And in the Darkness Bind Them Episode 22 Intel Rules, Hardware-based Malware, Mini-U, and the Lighting Round Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 […] The post Buffer Overflow 22: And in the Darkness Bind Them appeared first on Anexinet.
Show Notes Buffer Overflow: “I wore those glasses for you, Derrick” Episode 21: Android Malware, Beware! K8S, AWS, and CNCF, and the Lightning Round Everything to the Edge, Bitcoin Bifurcation, […] The post Buffer Overflow 21: “I wore those glasses for you, Derrick” appeared first on Anexinet.
Show Notes Buffer Overflow: Say No to Avocado Episode 20: 8/10/17 Everything to the Edge, Bitcoin Bifurcation, and the Lighting Round Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 […] The post Buffer Overflow 20: Say No to Avocado appeared first on Anexinet.
Show Notes [BONUS] Buffer Overflow: Overflow Episode 19B: 8/7/2017 Bonus content from DefCon 25 Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for Infrastructure Solutions […] The post [BONUS] Buffer Overflow 19B: Overflow appeared first on Anexinet.
Show Notes Buffer Overflow: That Seems… Bad Episode 19: 8/3/17 Podcast Updates, AI with Zuck and Musk, Defcon25, and the Lighting Round Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions […] The post Buffer Overflow 19: That Seems… Bad appeared first on Anexinet.
Show Notes Buffer Overflow: Look it up! (Don’t look it up.) Episode 18: 7/19/2017 Windows Server Preview, OSX High Sierra to include APFS, Interop ITX State of the Cloud Report, […] The post Buffer Overflow 18: Look it up! (Don’t look it up.) appeared first on Anexinet.
AnexiPod: Episode 18: 7/5/2017 The Future of Backups with Chris Wahl Chris Wahl Twitter: https://twitter.com/ChrisWahl LinkedIn: https://www.linkedin.com/in/wahlchris/ Website: ://wahlnetwork.com/ Show Notes: Datanauts podcast GitLab disaster Buffer Overflow discussion Pets […] The post The Future of Backups with Chris Wahl appeared first on Anexinet.
Show Notes Buffer Overflow: Duomo? Arigato, Mr Roboto! Episode 17: 07/03/2017 Windows 10 Security Update Announcement, SystemD bug Hands out Root Privileges, Automated Brick-Laying Robots of the Fuuuuuuuuuuturrrrrre Hosts: Ned […] The post Buffer Overflow: Duomo? Arigato, Mr Roboto! appeared first on Anexinet.
Show Notes Buffer Overflow: The Lorenzo Lamas Curve Episode 16: 6/19/2017 Windows Server Cadence, Apple Employee Data Theft, Ms. Pacman Perfect Score, Chinese Quantum Entanglement Hosts: Ned Bellavance, Enterprise […] The post Buffer Overflow: The Lorenzo Lamas Curve appeared first on Anexinet.
Show Notes Buffer Overflow: On-Perm / On-Premises / On-Premise Episode 15: 6/5/2017 Brave Browser, Azure IoT Edge, RedHat OpenShift.io, and SoftBank VC Hosts: Ned Bellavance, Enterprise Architect for Infrastructure […] The post Buffer Overflow: On-Perm / On-Premises / On-Premise appeared first on Anexinet.
Show Notes Episode 14: 5/22/2017 WannaCry, Google IO, Microsoft Build, and IBM Cancels Work from Home Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, […] The post Buffer Overflow: Go Run Windows XP Unpatched on the Internet appeared first on Anexinet.
Show Notes Buffer Overflow: Your Grandma Can’t Do Private VLANs Episode 13: 5/8/2017 Norwegian Boats, Windows 10 S, Trojan on macOS, Intel AMT Owned, and new Lighting Round! Hosts: […] The post Buffer Overflow: Your Grandma Can’t Do Private VLANs appeared first on Anexinet.
Show Notes Buffer Overflow: Your Netflix Queue is on FLEEK Episode 12: 4/24/2017 Oracle Containers, Velodyne Lidar, Hyper-V Linux Containers, Google Quantum Compute, and Windows 10 Cloud Hosts Ned […] The post Buffer Overflow: Your Netflix Queue is on FLEEK appeared first on Anexinet.
Episode 11: 4/10/2017 Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner Carolyn Carganilla, Network Administrator https://www.linkedin.com/in/carolyncarganilla/ @lilrunner605 Topics: […] The post Buffer Overflow: Latke Tuesdays with Carolyn appeared first on Anexinet.
In this lecture, Professor Mickens discusses topics related to buffer overflow exploits, including baggy bounds handling, mitigation approaches, and return-oriented programming.
Buffer Overflow: The Rick Roll Act of 2017 Episode 10: 3/27/2017 Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner […] The post Buffer Overflow: The Rick Roll Act of 2017 appeared first on Anexinet.
Buffer Overflow: Let’s Call The Whole Thing an Irish Sandwich Episode 9: 3/13/2017 Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for […] The post Buffer Overflow: Let’s Call The Whole Thing an Irish Sandwich appeared first on Anexinet.
Buffer Overflow: Please God Purge It Quickly Episode 8 for 2/27/2017 Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner […] The post Buffer Overflow: Please God Purge It Quickly appeared first on Anexinet.
Episode 7: 2/13/2017 Hosts: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner Topics: Security Round-Up RSA Conference is this week […] The post Buffer Overflow: You Shut Your Filthy Linux Mouth appeared first on Anexinet.
Buffer Overflow: Alta Vista it on Your Newton Episode 6: 1/30/2017 Host: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Guests: Chris Hayner, Architect for Infrastructure Solutions […] The post Buffer Overflow: Alta Vista it on Your Newton appeared first on Anexinet.
Buffer Overflow: Predictions for 2017 Episode 5: 1/16/2017 Host: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Guests: Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner Topics: Machine […] The post Buffer Overflow: Predictions for 2017 appeared first on Anexinet.
Show Notes: Episode 4 12/22/2016 Host: Ned Bellavance, Enterprise Architect for Infrastructure Solutions @Ned1313 Guests: Chris Hayner, Architect for Infrastructure Solutions Craig Collier, Director for Analytics @CollierCraig Dan Kelley, Director […] The post Buffer Overflow: Holly Jolly Password Changing Christmas appeared first on Anexinet.
Episode 3: 12/8/2016 Host: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Guests: Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner Craig Collier, Director for Analytics https://www.linkedin.com/in/craig-collier-52a0009 […] The post Buffer Overflow: Yo Dawg I herd you like Snowmobiles appeared first on Anexinet.
Buffer Overflow: Cats and Dogs Living Together Episode 2 for 11/23/2016 Host: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Guests: Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner […] The post Buffer Overflow: Episode 2 – Cats and Dogs Living Together appeared first on Anexinet.
Episode 1: Buffer Overflow: Get off my lawn! Host: Ned Bellavance, Enterprise Architect for Infrastructure Solutions https://www.linkedin.com/in/ned-bellavance-ba68a52 @Ned1313 Guests: Chris Hayner, Architect for Infrastructure Solutions https://www.linkedin.com/in/chrismhayner Craig Collier, […] The post Buffer Overflow: Episode 1 – Get Off My Lawn appeared first on Anexinet.
Neste episódio falamos sobre um tipo de vulnerabilidade bastante explorada por atacantes, mas frequentemente mal compreendida, abordando os aspectos informáticos e jurídicos. Resumo de notícias em 32:50. Tema principal em 46:50. Shownotes Resumo de NotíciasContinue reading
This week in Security: September 22, 2015 Content We discuss the 150 successful Department of Energy Cyber Attacks between 2010 and 2014, Excellus Blue Cross and Blue Shield data breach ...
In this talk, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new" expression in C++. "Placement new" facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortunately, buffer overflows due to "placement new" have neither been studied in the literature nor been incorporated in any tool designed to detect and/or address buffer overflows. We would describe how the "placement new" expression in C++ can be used to carry out buffer overflow attacks -- on the stack as well as heap/data/bss. We show that overflowing objects and arrays can also be used to carry out virtual table pointer subterfuge, as well as function and variable pointer subterfuge. Moreover, we show how "placement new" can be used to leak sensitive information, and how denial of service attacks can be carried out via memory leakage. About the speaker: Ashish Kundu is a Research Staff Member IBM T J Watson Research Center. He works in the area of security and privacy with current focus on cloud security, and a long term vision of "end-to-end holistic security woven into the systems". Dr. Kundu was awarded the CERIAS Diamond Award in 2011. In 2010, he graduated from Purdue with Ph.D.. His doctoral thesis addressed the problem of "How to Authenticate Trees and Graphs Without Leaking". Ashish has received Best Student Paper at the IEEE Enterprise Computing conference in 2006, and three Best Research Poster awards at CERIAS symposia during 2006-2008. He has been an (co-)inventor in about twenty patents. He has also been awarded with the IBM Bravo award as well as three IBM Plateau awards for his contributions. This talk is based on the paper co-authored with his advisor Elisa Bertino and presented at ICDCS 2011.
In this talk, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new" expression in C++. "Placement new" facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortunately, buffer overflows due to "placement new" have neither been studied in the literature nor been incorporated in any tool designed to detect and/or address buffer overflows. We would describe how the "placement new" expression in C++ can be used to carry out buffer overflow attacks -- on the stack as well as heap/data/bss. We show that overflowing objects and arrays can also be used to carry out virtual table pointer subterfuge, as well as function and variable pointer subterfuge. Moreover, we show how "placement new" can be used to leak sensitive information, and how denial of service attacks can be carried out via memory leakage.