Error: Twitter did not respond. Please wait a few minutes and refresh this page.
Category Archives: Security
It is a while ago, when I last posted to this blog. Lately I’m focusing my interest more on mathematics (statistical inference, machine learning) and software engineering (functional reactive programming), than on software security. (Maybe I will post in those … Continue reading
This post is about the analysis of CVE-2013-0809, a java security bug I’ve found. As it is common for java bugs, the most relevant information can be found in RedHat’s CVE database and in RedHat’s bugzilla. In this case it … Continue reading
It this post I’m going to analyse the details of CVE-2012-0711 (IBM’s security bulettin), an integer signedness bug, I’ve found in IBM DB2 Express-C a while ago. The description of the bug: “Integer signedness error in the db2dasrrm process in … Continue reading
I’ve decided to share the details of the first 0-day I’ve found. There are a lot of Java vulnerabilities nowadays, mainly originating from bytecode verifier bugs or desing flaws in the JDK, which can be exploited usign pure java code … Continue reading
In this post I try to analyse/reverse engineer ZDI-11-036, a buffer overflow, in the IBM DB2 administration service. We can check the advisory at ZDI for information about the vulnerability: The flaw exists within the db2dasrrm component which listens by … Continue reading
Yesterday Oracle has released a Critical Patch Update for Java SE. It fixes a few bugs that lead to code execution. I’ve heard rumours about exploit wednesday, which happens after patch tuesday, when hackers start to diff the fixpacks, to … Continue reading