From this year Black Hat conference in LA, we've got a couple of interesting stuff....
First, was this talk that got canceled by federal court, but who's slides are online, it's called: - Anatomy of a Subway Hack - http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf Secondly, someone just reset windows browsers security by 10 years of history: - Bypassing Browser Memory Protections - http://taossa.com/archive/bh08sotirovdowd.pdf "The internal state of the browser is determined to a large extent by the untrusted and potentially malicious data it processes. The complexity of HTML combined with the power of JavaScript and VBscript, DOM scripting, .NET, Java and Flash give the attacker an unprecedented degree of control over the browser process and its memory layout. " That subway hack shows us that security looks good on paper, but it's easily compromised on field, and that windows browser security problem shows us who's advocate that the world should only need a browser, so that applications would be only web based, well, should be kicked in the balls every time it opens his mouth. Don't get me wrong, I like web apps (not), I feel that the world should rely on a couple of them, while on a intranet use basis, but what I really don't fully understand is people who advocate that mobile web apps are the future, while we're assisting over and over again huge security problems with browsers, where those mobile are no exception, they do have limitations and in time will have equally security problems. //VD _______________________________________________ tce mailing list tce@lists.paradigma.pt http://lists.paradigma.pt/mailman/listinfo/tce