This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Sat.May 21, 2011 - Fri.May 27, 2011

article thumbnail

libxml vulnerability and interesting integer issues

Scary Beasts Security

MAY 27, 2011

A while ago, I was playing with grammar-based XPath fuzzing and I found and fixed an interesting libxml bug. The commit, for the curious, is here: [link] The trigger for this bug was the XPath expression: //@*/preceding::node()/ancestor::node()/ancestor::foo['foo'] which for some reason I haven't yet analyzed leads to a pathologically large collection of nodes within libxml.

50
50
article thumbnail

Bug bounties vs. black (& grey) markets

Scary Beasts Security

MAY 25, 2011

I'm just back from the fun that was HiTB Amsterdam 2011. (Plug: you should check out one of the HiTB series if you haven't yet; Dhillon and crew invariably put a good, intimate conf together). I sat on the day 2 keynote panel on "The economics of vulnerabilities". As usual, talking about this topic was great fun and the audience asked some great questions.

Marketing 50
Marketing Software Government Malware 50
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 29,000+ Insiders by signing up for our newsletter

About
About
Editions
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024