March, 2012

article thumbnail

Some random observations on Linux ASLR

Scary Beasts Security

I've had cause to be staring at memory maps recently across a variety of systems. No surprise then that some suboptimal or at least interesting ASLR quirks have come to light. 1) Partial failure of ASLR on 32-bit Fedora My Fedora is a couple of releases behind, so no idea if it's been fixed. It seems that the desire to pack all the shared libraries into virtual address 0x00nnnnnn has a catastrophic failure mode when there are too many libraries: something always ends up at 0x00110000.

51
article thumbnail

Anti-Spam Law: See updated CASL v. CAN-SPAM summary

Privacy and Cybersecurity Law

Are you one of those who have been monitoring the progress of Canada’s Anti-Spam Law (CASL)? If so, you may also […].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

vsftpd-3.0.0-pre1 and seccomp filter

Scary Beasts Security

For the brave, there now exists a pre-release version of vsftpd-3.0.0: [link] [link] The most significant change is an initial implementation of a secondary sandbox based on seccomp filter , as recently merged to Ubuntu 12.04. This secondary sandbox is pretty powerful, but I'll go into more details in a subsequent post. For now, suffice to say I'm interested in testing of this new build, e.g.

50
article thumbnail

On the failings of Pwn2Own 2012

Scary Beasts Security

This year's Pwn2Own and Pwnium contests were interesting for many reasons. If you look at the results closely, there are many interesting observations and conclusions to be made. $60k is more than enough to encourage disclosure of full exploits As evidenced by the Pwnium results , $60k is certainly enough to motivate researchers into disclosing full exploits, including sandbox escapes or bypasses.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

CRTC Finalizes Anti-Spam Regulations – A Bit More Flexibility for Businesses

Privacy and Cybersecurity Law

The Canadian Radio-television and Telecommunications Commission (CRTC) has made and registered its Electronic Commerce Protection Regulations for the Anti-Spam Act (CASL). […].