Archive for the ‘Security’ Category
Wednesday, December 31st, 2008
I just wanted to announce that next wednesday (7th of January 2009) at 19:30 there will be the third CGNSec meetup in Cologne/Germany.
The meeting takes place at Hallmackenreuther, Brüsseler Platz 9, 50674 Köln (Google Maps)
Everyone working in the field of information security is invited to attend. To find us, just ...
Posted in CGNSec, Security | No Comments »
Tuesday, December 30th, 2008
Two days ago I presented my session about bytecode encrypted PHP applications and how to find vulnerabilities in them at 25C3. I didn't upload the slides until now, because I got ill during the night after my talk and therefore spent most of yesterday in my hotelroom. But here are ...
Posted in PHP, Security | 3 Comments »
Sunday, December 7th, 2008
Two days ago I blogged about the release of PHP 5.2.7 and how it fixes several security bugs. Because some are mentioned and some are not mentioned in the Changelog, it is usally advised to upgrade to new PHP versions instead of using distribution packages with security backports. The problem ...
Posted in PHP, Security | 9 Comments »
Saturday, December 6th, 2008
SektionEins is an emerging IT security company with a clear focus on web application security. We're constantly looking to hire new and talented people for our team.
Required qualifications:
well-founded understanding of HTTP
good knowledge of state of the art web technology
experience with web application security audits
knowledge of PHP
experience with Ruby, Python, Perl, ...
Posted in PHP, Security | No Comments »
Friday, December 5th, 2008
165 days ago I was sitting at a customer's place and were auditing a large scale web application. The audit was mainly a blackbox penetration test to check if an attacker could attack the application with zero knowledge. However when we found something interesting we were also able to look ...
Posted in PHP, Security | 12 Comments »
Wednesday, November 5th, 2008
I just finished porting php2sql 0.1 to the new Binnavi 2.0 database format. php2sql is my still private way to import PHP bytecode into Binnavi for manual analysation and navigation.
Here are some screenshots how the PHP bytecode of FluxBB 1.2.20 looks like in Binnavi.
First screen shows the project overview window. ...
Posted in PHP, Security | 5 Comments »
Thursday, October 30th, 2008
I just wanted to announce that next wednesday (5th of November) at 19:30 there will be the second CGNSec meetup in Cologne/Germany.
The meeting takes place at Hallmackenreuther, Brüsseler Platz 9, 50674 Köln (Google Maps)
Everyone working in the field of information security is invited to attend. To find us, just ask ...
Posted in CGNSec, Security | No Comments »
Thursday, October 16th, 2008
There is a common misunderstanding about me in the circles of BSD users that I have encountered once again at yesterdays first CGNSec meeting.
There is a FreeBSD kernel developer Stefan Eßer (Esser) that is also from cologne and also works in the field of IT-Security. We are not the same ...
Posted in CGNSec, Security | No Comments »
Monday, October 13th, 2008
Next wednesday at 19:30 there will be the first CGNSec meetup in Cologne/Germany. CGNSec is inspired by the CitySec meetups that are popular in the United States and some other european and asian countries.
Everyone working in the field of information security is invited to come.
Because it is the first meeting ...
Posted in CGNSec, Security | No Comments »
Sunday, October 12th, 2008
Users of Suhosin-Patch will sooner or later see messages like "canary mismatch on efree() - heap overflow detected" in their error log. When this happens they are often confused and don't understand what it means.
The first questions they often ask themself are:
Did they trigger a bug in Suhosin?
Is something wrong ...
Posted in PHP, Security | 8 Comments »