The Art of Software Security Assessment

Archive for June, 2008

MJPEG Vulnerability

mark June 13th, 2008

I had intended to post a blog entry here concerning the MJPEG disclosure in the recent MS drop. This is basically one of the bugs John and I were alluding to at CanSecWest earlier this year when discussing vulnerabilities in Windows media software. However, one of the joys of working for an employer with a blog is that I have to contribute to it as well as this one. So, rather than repeat the same post twice, I will redirect you to my post on ISSs blog: http://blogs.iss.net/. (It is currently the second post from the top.)

The Book

This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Tags
- Errata (5)
- Discussion (31)
- Auditing (9)
  - Windows (6)
  - Unix (3)
  - C/C++ (9)
  - SQL (2)
  - Web (5)
- Spot the Vuln (2)
Archives
- July 2009 (2)
- November 2008 (2)
- October 2008 (1)
- August 2008 (2)
- June 2008 (1)
- May 2008 (1)
- April 2008 (2)
- February 2008 (2)
- January 2008 (2)
- August 2007 (1)
- July 2007 (1)
- April 2007 (1)
- February 2007 (6)
- January 2007 (6)
- December 2006 (13)

Continued ramblings on software security and code auditing

Archive for June, 2008

MJPEG Vulnerability

The Book

Tags

Archives