References And Further Reading

Previous page
Table of content
Next page

Reference

Link

Security Advisories and Bulletins

 

Microsoft Update

http://www.microsoft.com/athome/security/protect/windowsxp/updates.aspx

eWeek's "Browser Security" topic page

http://www.eweek.com/category2/0,1874,1744082,00.asp

IE Bulletins

http://www.microsoft.com/technet/security/current.aspx

Firefox Bulletins IE IFRAME vulnerability

http://www.mozilla.org/security/announce/MS04-040

"Reviewing Code for Integer Manipulation Vulnerabilities"

http://msdn.microsoft.com/library/en-us/dncode/html/secure04102003.asp

MS04-028 Buffer Overrun in JPEG (GDI+)

http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx

"libPNG 1.2.5 stack-based buffer overflow and other code concerns" by Chris Evans

http://scary.beasts.org/security/CESA-2004-001.txt

MS04-025, includes vulnerabilities in BMP and GIF image handlers

http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx

MS06-001, WMF vulnerability

http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

Firefox IDN URL Domain Name Buffer Overflow

https ://addons.mozilla.org/messages/307259.html

MS04-013 MHTML/CHM patch

http://www.microsoft.com/technet/security/Bulletin/MS04-013.mspx

US-CERT Alert on HTML Help ActiveX Control Cross-Domain Vulnerability

http://www.us-cert.gov/cas/techalerts/TA05-012B.html

Mozilla User Interface Spoofing Vulnerability (XUL)

http://secunia.com/advisories/12188/

Browser Exploits

 

"Web browsersa mini-farce" by Michal Zalewski

http://www.securityfocus.com/archive/1/378632/2004-10-15/2004-10-21/0

Browser Security Check

http://bcheck.scanit.be/bcheck/

Sun Java Plugin arbitrary package access vulnerability

http://jouko.iki.fi/adv/javaplugin.html

Java Web Start argument injection vulnerability

http://jouko.iki.fi/adv/ws.html

IE createTextRange exploit by Darkeagle

http://www.milw0rm.com/exploits/1606

Berend-Jan Wever's IE IRAME exploit code

http://www.edup.tudelft.nl/~bjwever/exploits/InternetExploiter.zip,

Firefox Multiple Vulnerabilities, February 2006

http://secunia.com/advisories/18700/

Firefox QueryInterface Code Execution

http://metasploit.com/archive/framework/msg00857.html

WMF exploit (MetaSploit)

http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile

Microsoft JPEG/GDI+ exploits

http://securityfocus.com/bid/11173/exploit/

libPNG exploits

http://www.securityfocus.com/bid/10857/exploit/

IE MHTML/CHM vulnerability

http://www.securityfocus.com/archive/1/354447

Thor Larholm's description of http-equiv's LMZ bypass using drag-n-drop

http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0754.html

"Google Desktop Exposed: Exploiting an IEVulnerability to Phish User Information"

http://www.hacker.co.il/security/ie/css_import.html

Georgi Guninski's showHelp CHM file exploit

http://www.guninski.com/chm3.html

IE improper URI canonicalization

http://securityfocus.com/bid/9182/

FFsniFF, a Firefox extension that steals HTML form submissions

http://azurit.gigahosting.cz/ffsniff/

Technical explanation of the MySpace worm by Samy

http://namb.la/popular/tech.html

Countermeasures

 

Software Restriction Policies (SRP)

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

Bypassing SRP

http://www.sysinternals.com/blog/2005/12/circumventing- group -policy-as-limited.html

How to strengthen the security settings for the Local Machine Zone in Internet Explorer

http://support.microsoft.com/?kbid=833633

UrlActions

http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/reference/constants/urlaction.asp.

Internet Explorer Administration Kit (IEAK)

http://www.microsoft.com/ windows /ieak/techinfo/default.mspx)

Enhanced Security Configuration (ESC) for IE

http://www.microsoft.com/windowsserver2003/developers/iesecconfig.mspx

Trickery: Phishing, Adware, and Spyware

 

Anti-Phishing Working Group

http://anti-phishing.org/

JunkBusters

http://www.junkbusters.com

SpywareInfo

http://www.spywareinfo.com

Spyware Guide

http://www.spywareguide.com

Computer Associates (CA) Spyware Information Center

http://www. pestpatrol .com/pestinfo

Free Spyware Scan

http://pestpatrol.com/

"How Windows Defender identifies spyware"

http://www.microsoft.com/athome/security/spyware/software/msft/analysis.mspx

Autostart Extensibility Points (ASEPs)

http://www.pestpatrol.com/PestInfo/AutoStartingPests.asp

Browser Helper Objects (BHOs)

http://msdn.microsoft.com/library/en-us/dnwebgen/html/bho.asp

Browser Helper Objects (BHOs), shorter summary

http://www.spywareinfo.com/articles/bho/

Spybot Search & Destroy

http://www.safer-networking.org

Ad-Aware

http://www.lavasoft.de

Windows Defender

http://www.microsoft.com/athome/security/spyware/software/default.mspx

Windows Defender compared with other Microsoft anti-spyware and anti-virus technologies

http://www.microsoft.com/athome/security/spyware/software/about/productcomparisons.mspx

Online Fraud Resources

 

AWPG "Consumer Advice: How to Avoid Phishing Scams"

http://anti-phishing.org/consumer_recs.html

Internet Crime Complaint Center (rub by the FBI and NW3C)

http://www.ic3.gov/

Privacy Rights Clearing House "Identity Theft Resources"

http://www.privacyrights.org/identity.htm

US Federal Trade Commission (FTC) Identity Theft Site

http://www.consumer.gov/idtheft/

General References

 

Java Security FAQ

http://java.sun.com/sfaq/index.html

Java specifications

http://java.sun.com

IE's Internet Security Manager Object

http://msdn.microsoft.com/workshop/security/szone/reference/objects/internetsecuritymanager.asp

Compressed HTML Help (CHM)

http://en.wikipedia.org/wiki/Microsoft_Compressed_HTML_Help

"Cross-Site Cooking" by Michal Zalewski

http://www.securityfocus.com/archive/107/423375/30/0/threaded

"JavaScript: How Did We Get Here?" by Steve Champeon

http://www.oreillynet.com/pub/a/javascript/2001/04/06/js_history.html

showHelp Method

http://msdn.microsoft.com/workshop/author/dhtml/reference/ methods /showhelp.asp

Component Security for Mozilla

http://www.mozilla.org/projects/security/ components /design.html

How to read e-mail messages in plain text using Microsoft products

http://www.microsoft.com/athome/security/online/browsing_safety.mspx#3

How to use IE Security Zones

http://support.microsoft.com/?kbid=174360

Kill-bit'ing ActiveX controls

http://support.microsoft.com/?kbid=240797


Previous page
Table of content
Next page
Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127
Authors: Joel Scambray, Vincent Liu, Caleb Sima
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Mapping Hacks: Tips & Tools for Electronic Cartography
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
FileMaker 8 Functions and Scripts Desk Reference
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy