Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Betr.: Exploiting C# Issues

from [Philip Wagenaar] Network Security [Permanent Link]
Subject: Re: Betr.: Exploiting C# Issues
Date: Mon, 07 Feb 2005 09:57:09 +0100 
Microsoft will be releasing patches again this tuesday, as it does every first 
tuesday of the month.

One of the updates will fix a security related bug in the Microsoft .Net 
framework.

http://www.eweek.com/article2/0,1759,1759880,00.asp 

So I guess Microsoft will answer your question tomorrow ;-)

Met vriendelijke groet,

(Philip) Wagenaar
Assistent ICT Projecten & Advies

AccoN Accountants & Adviseurs
ICT Projecten & Advies
Postbus 5090
6802 EB Arnhem
The Netherlands

tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar@accon.nl
http://www.accon.nl



Barrie Dempster <barrie@reboot-robot.net> 05-02-05 22:15 >>>

On Fri, 2005-02-04 at 09:44 +0100, Philip Wagenaar wrote:

Hi Daniel,

As you know C#,VB.NET and Cobolt.NET etc etc all compile into the Common 
Runtime Language.

I am not aware of any big weaknesses in the CLR, but I would search for 
papers on the CLR instead of a specific .Net Language.


Daniel,

I'd like to see any papers that you come up with on the CLR, please post
anything interesting you find to the list and/or to me privately, I
haven't seen anything on that front myself and would be interested in
it.

As for the .NET framework itself the only problems in it as far as MS
are concerned are:
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx 
and
http://www.microsoft.com/technet/security/Bulletin/MS02-026.mspx 

There is also one upcoming in the next monthly advisory bundle
http://www.microsoft.com/technet/security/bulletin/summary.mspx#EOAA 

(The link to the February list is on that page but I didn't want to link
directly to it, to ensure the link was still useful when this email is
archived, as the advance notice page changes monthly and there won't be
a permanent link until the advisories are released :-)


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

blog: http://zeedo.blogspot.com 
site: http://www.bsrf.org.uk 

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]



##################################################################

Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank. 

==================================================================

The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you. 

##################################################################

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
#####################################################################################
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Wireless Pentest Question, Harshul Nayak
Next by Date:  Re: Betr.: Exploiting C# Issues, Barrie Dempster
Previous by Thread:  RE: Betr.: Exploiting C# Issues, Aleksander P. Czarnowski
Next by Thread:  Re: Betr.: Exploiting C# Issues, Barrie Dempster
Indexes:  [Date] [Thread] [Top] [All Lists]