Skip to content

Grey Panthers Savannah

About
Blog
Interesting
Projects & Ideas

The progress of MOPB

The Month of PHP bugs is progressing nicely and the counter is up to nine (at this rate – supposing that we have a linear progression – we will have almost 70 vulnerabilities!). The new ones repeat the same patterns as the previous ones: they can be mitigated in environments where a single user controls…

March 4, 2007
What the market will bear

Very frequently I see the idea that capitalism (or market economy) will somehow ensure that the end-users get the best possible products with the lowest prices. Yet many times common wisdom contradicts this. How is it possible? (Disclaimer: I’m no economist, these are just some personal ideas and observations). Personally I think that there are…

March 4, 2007
Month of PHP bugs started

The Month of PHP bugs started off today with not one, but three bugs. Two of them can be protected against by using Suhosin (you might accuse the guy of some grey area marketing – but you can’t since his product is both free and open source) and the third by upgrading to PHP5 (because…

March 1, 2007
PHP security, an oxymoron?

I’m in the finishing phase in the development of a medium sized web application and would like to share some of my findings. The system is developed in PHP for two reasons: The LAMP platform is a well accepted one and finding hosting companies supplying it or convincing the IT administrator to deploy it internally…

February 28, 2007
Disclosure policy = dead horse?

Over at the nCircle blog Ryan Poppa concludes that debating disclosure policy is beating a dead horse because after many years of debate there is still no industry standard. The only positive things in his opinion is that the continuing debate introduces people who might not have heard all the arguments in this matter to…

February 28, 2007
Removing Snap

Snap.com previews seem to be very fashionable these days (if you don’t know what I’m talking about, its those previews of the sites which appear when you place your mouse cursor over a link), but it is very annoying (almost as annoying as those ads which appear when you hover over certain words in the…

February 24, 2007
Managed security

It is funny (or sad, depending on how you look at it) when you realize that all modern OSs have the ability to run with a very high safety level (where 99.99% of the security issues don’t affect them), yet malware is so widespread. Some people who get blamed for this are: Microsoft for making…

February 24, 2007
Full disclosure – repaired

That was quick. Thanks to my emails the blog posting which posted detailed information about how to root a given ISPs routers via an erroneous default configuration got sanitized. Just to be clear: I’m not against full disclosure. I’m pretty much in favor of it – if used for doing good. Because this sounds to…

February 23, 2007
Full disclosure gone bad

I’m for full disclosure when (a) it makes the vendor put out a patch sooner than later or (b) it contains enough information so that the people affected can mitigate the risk and it is posted at places where these people are probable to read it. But this recent post on security team screams of…

February 23, 2007
The Acunetix saga

As they say: better late then never. Here are my comments on the whole Acunetix saga. First of all, you should read the great posting at Computer Defense about the matter. It contains links to all the important events in this area, including the original press release, the reaction on Network World and others. So…

February 23, 2007

←Previous Page

1 … 89 90 91 92 93 … 110

©2026 Grey Panther, powered by WordPress
Content licensed under a Creative Commons Attribution 4.0 International License, except where indicated otherwise.