Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Betr.: Exploiting C# Issues

from [Barrie Dempster] Network Security [Permanent Link]
Subject: Re: Betr.: Exploiting C# Issues
Date: Sat, 05 Feb 2005 21:15:19 +0000 
On Fri, 2005-02-04 at 09:44 +0100, Philip Wagenaar wrote:

Hi Daniel,

As you know C#,VB.NET and Cobolt.NET etc etc all compile into the Common 
Runtime Language.

I am not aware of any big weaknesses in the CLR, but I would search for 
papers on the CLR instead of a specific .Net Language.


Daniel,

I'd like to see any papers that you come up with on the CLR, please post
anything interesting you find to the list and/or to me privately, I
haven't seen anything on that front myself and would be interested in
it.

As for the .NET framework itself the only problems in it as far as MS
are concerned are:
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
and
http://www.microsoft.com/technet/security/Bulletin/MS02-026.mspx

There is also one upcoming in the next monthly advisory bundle
http://www.microsoft.com/technet/security/bulletin/summary.mspx#EOAA

(The link to the February list is on that page but I didn't want to link
directly to it, to ensure the link was still useful when this email is
archived, as the advance notice page changes monthly and there won't be
a permanent link until the advisories are released :-)


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

blog: http://zeedo.blogspot.com
site: http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Wireless Pentest Question, Arvind Sood
Next by Date:  router stress testing tools, bill williams
Previous by Thread:  Betr.: Exploiting C# Issues, Philip Wagenaar
Next by Thread:  RE: Betr.: Exploiting C# Issues, Aleksander P. Czarnowski
Indexes:  [Date] [Thread] [Top] [All Lists]