Trond Giske kjøpte Cermaq aksjer for 1,6 milliarder kroner som statsråd i fjor. Gevinsten ble 600 millioner. Departementet handlet aksjene med ønske om kortsiktig profitt, og lyktes. Handelen viser at staten kan tjene på ikke å selge til første og beste kjøper. Cermaq-aksjene gav en avkastning...
PSA: don't run 'strings' on untrusted files (CVE-2014-8485)
Many shell users, and certainly most of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable characters...
Two more browser memory disclosure bugs (CVE-2014-1580 and #19611cz)
To add several more trophies to afl's pile of image parsing memory disclosure vulnerabilities: MSFA 2014-78 (CVE-2014-1580) fixes another case of uninitialized memory disclosure in Firefox - this time, when rendering truncated GIF images on <canvas>. The bug was reported on September 5 and fixed...
Fuzzing random programs without execve()
The most common way to fuzz data parsing libraries is to find a simple binary that exercises the interesting functionality, and then simply keep executing it over and over again - of course, with slightly different, randomly mutated inputs in each run. In such a setup, testing for evident memory corruption...
How to call java rest web service in soapUI
The following code is an explanation of how you can call a rest web service in java. Below you can find the actual java code and soapUI configuration. We enumerate 3 type of methods namely: POST, PUT and DELETE.How to call rest web service using soapUIpublic class Person { private int id; private String...
JavaEE Architect - Edward P. Legaspi
If your planning to outsource enterprise level software development, put up an IT company here in the Philippines or simply looking for good developers, feel free to contact me.You can find more information about me (including my linkedin account) in the link below:http://about.me/czetsuyaI'm also embedding...
Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78)
The patch that implements a prefix-based way to mitigate vulnerabilities in bash function exports has been out since last week and has been already picked up by most Linux vendors (plus by Apple). So, here's a quick overview of the key developments along the way, including two really interesting things:...