»I ran across a denial of service condition in OS X Leopard's CoreGraphics framework (under the ApplicationServices framework) which was reachable remotely via Safari and Firefox …»
»Late 2008, I reported CVE-2009-2468 to Apple when I reported oCERT-2009-001/CVE-2009-1194 to Mozilla. …»
»In April, I ran across a nice bug in iTunes URL parsing which is accessible automatically from Safari. …»
»Recently, the xine-team requested that someone from oCERT review a few patches to xine. I performed that review and a light security code review of other sections. The details of oCERT-2008-008 follow . . . …»
»On Monday, I presented Flayer: Exposing Application Internals at the First USENIX Workshop on Offensive Technologies (WOOT'07). …»
»I've been looking for a useful tool to aid note taking, but that I could also keep on a USB stick safely. …»
»Ruby/ActiveLdap is a project I started when I first found Ruby. I'd been tortured by poor LDAP tool suites and LDAP's increasing ubiquity. RAL provides …»
»Multiple vulnerabilities have been discovered in cscope that allow for the execution of arbitrary code. …»
»Multiple vulnerabilities have been discovered in the GNU debugger that allow for the execution of arbitrary code. …»
»I used to spend a lot of time writing helpful tools for myself in Ruby. I haven't done much in a while. I've dumped the old skeletons of work …»