First, this blurb from the IP header RFC:

Header Checksum: 16 bits

A checksum on the header only. Since some header fields change

(e.g., time to live), this is recomputed and verified at each point

that the internet header is processed.

Now, check the fixed (as in, my recod

[ more ]  [ reply ]

pros and cons of the two ?
i think the comparison should be like "how much more does wOpenBSD lacks
compared to PAX ?"

he might try to mean whatever but there is one thing obvious which is best
known as "rip-off"

i think you should read this instead:
http://archives.neohapsis.com/archives/open

[ more ]  [ reply ]

An older version of AntiGen software package for exchange allows any file

with the name of test.zip and test.exe to pass through the filter list

even if you are filtering *.exe and *.zip. I believe that anything

called "test.*" would be permitted through the filter. I have not

confirmed t

[ more ]  [ reply ]

K-Otik is a new french mailing list for the discussion of Security and

vulnerabilities for the french IT Community.

The list provides all world wild Sec advisories in french, and the most

updated Exploits database in the world.

You can subscribe to the list at :

http://www.k-otik.com/

[ more ]  [ reply ]

Nicholas Weaver wrote:

>The most likely bypass will be when a program also has a "print a
>pointer" bug/feature.
>
That's true, but unintended "print a pointer" bugs become much more
scarce when composed with FormatGuard <http://immunix.org/formatguard.html>.

Crispin

--
Crispin Cowan, Ph.D.

[ more ]  [ reply ]

Crispin Cowan <crispin (at) immunix (dot) com [email concealed]> wrote:

> Array bounds checking offers greater protection than any of these
> protections (StackGuard, ProPolice, PointGuard, W^X, PAX/ASLR, etc.) The
> problem is that the very fastest array bounds protection for C (Bounded
> Pointers) imposes a 5X slowdown on p

[ more ]  [ reply ]

The discussion about the various techniques for buffer overflow
prevention is very interesting, but if the target is to prevent the
security threats caused by buffer overflows, then one should look for
an operating system base solution, since it is an OS issue to enforce
the security. Solutions bas

[ more ]  [ reply ]

Just flipped on CNN, watching the masses snake through the streets of
Manhattan as correspondents state that this could be an affect of the
blaster worm.

Interesting but I don't see how an worm of this magnitude (smaller than that
of Slammer/Sapphire and others) could influence DCS and SCADA system

[ more ]  [ reply ]

Another bizarre vulnerability, for your amusement...

Several unix systems systems provide a secure entropy source maintained by
collecting certain information that is supposed to be practically
unpredictable (such as interrupt timings, keyboard scancodes or device
request times), then running it t

[ more ]  [ reply ]

no, he ment W^X ("W xor X") but I'm not about to go into a comparison of the two or their pros and cons.

second bullet of http://www.openbsd.org/33.html#new will explain W^X but http://archives.neohapsis.com/archives/openbsd/2003-04/1678.html will make you chuckle

-----Original Message-----
Fr

[ more ]  [ reply ]

Theo de Raadt wrote:
>>Solaris 2.6 and above also support a kernel variable which can be set
>>via /etc/system called "noexec_user_stack", which can make the stack for
>>userland processes non-executable by default. Note that this behavior
>>is the default for 64-bit binaries in Solaris 7, 8, an

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : Checkpoint/Restart Vulnerability
Number : 20030802-01-P
Date : August 14, 2003
Reference : CVE CAN-2003-067

[ more ]  [ reply ]