Our blog
SSL/TLS Re-negotiation vulnerability (CVE-2009-3555) allows a man-in-the-middle to insert plain text in the beginning of an encrypted stream. It used to be possible to check if the server supports re-negotiation using OpenSSL s_client (see here). However, recent versions of OpenSSL disable…
June 20, 2011 | by alla
Consider the following piece of code:
$sql = "SELECT something FROM some_table WHERE id=? ORDER BY $column_name";
The WHERE clause is parametrized, but the ORDER BY isn't. This happens often enough. Assuming that $column_name comes from user input, this code is vulnerable to SQL injection.
The way…
May 10, 2011 | by alla
Libvirt is a toolkit to manage virtual infrastructures. It is supposed to support VMWare ESXi hypervisor, but the package in Ubuntu 10 repository is compiled without necessary drivers (as of time of writing). One can find libvirt compilation instructions here, but they are not Ubuntu-specific nor…
March 30, 2011 | by abb
Consider a simple economic model. There are N companies that make doodahs. I am going to make two assumptions about the doodah market.
1. The market for doodahs is very competitive, so the profit margins are thin - a doodah maker that has a higher cost of production quickly goes out of business.…
March 21, 2011 | by alla
We have started a FAQ page for MagicTree. If you have a questions that should be added, please comment.
We have also posted MagicTree build 1487 for download. It contains various bug fixes, in particular in XML parsing, and minor UI improvements.
March 17, 2011 | by alla
Note: this post is unfinished - two videos are missingCorrection: Dradis can do reports in Word format
Several people have noted that MagicTree is similar to Dradis. In this post I will try to make a point by point comparison, outlining out both similarities and differences. Obviously, I have a…
February 19, 2011 | by alla
This video was going to be the first in a series of three. However I got stuck with the second one, so instead of waiting for the inspiration to hit me, I thought I'll publish this one anyway. Enjoy.
February 14, 2011 | by alla
I am releasing jnetbridge, which will be responsible for receiving and sending network packets in Marvin 0.92 (the current version, 0.91, still uses jpcap). It is based on JNetPcap (JNI adapter to libpcap/winpcap + protocol analyzer in Java). JNetBridge is a small piece of code on top of the…
February 5, 2011 | by abb
Recently I have upgraded to Dell Latitude E6510 with 4 cores / 8 threads processor, plenty of RAM, and a fast hard disk. Nevertheless, the interactive performance of Ubuntu becomes sloppy beyond any measure when a virtual machine or two start trashing the disks.
There seems to be known performance…
February 3, 2011 | by abb
Suppose we have a web site that stores data files in a web accessible directory /data/ which is not indexable. And suppose the files are named /data/something_<timestamp>.txt. And we want to find as many data files present in this directory as possible. Further let's assume that the timestamp…
February 2, 2011 | by alla
Contacts
+32 (0) 2 215 53 58
Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.