I was reading up this cool exploit (PDF) in flash found out by the great Mark Dowd. Seriously, it is crazy shit! The exploit. Then I read up the way Mark discovered and it is even crazier.
A choice quote :
Has Mark Dowd simply outclassed us? Should we pack it up and quit?
Yes. But don’t [...]
Archive for the ‘security’ Category
crazy shit
July 14, 2008
Security as an add-on
January 31, 2008
Came across this choice quote today from Tyler Klose :
Software products that encourage treating security as an “add-on” typically try to characterize security as something that is extraneous to application “business logic”. Such characterizations are misguided. The main point of a web service is to provide controlled access to a service. In a web service, [...]
