February 2010 Archives

Unless you're living under a rock, you should have heard of the Common Weakness Enumeration (CWE)/SANS top 25 list. The second annual list was released some time ago and is always worth a read. The guys over at the application security street fighter blog is honouring this years list with a run down of the vulnerabilities and applicable solutions. As usual it's a no nonsense approach to describing the problem and solutions without going too far in depth. I would recommend this blog to any developer, so go have a read...right now :) Number #1 is cross site scripting (XSS),



I've been doing some blog maintenance, updating old posts, spam prevention changes and publishing more pages. If anyone got their RSS feed spammed, I'm sorry.
That's all.

Tool review: Fuzzman

Fuzzman is a simple perl script from cipher.org.uk (the guys that brought you bugle). It is a simple perl script that inspects the man page for a command and enumerates through the combinations of command line options. It then creates a shell script that will run the commands with fuzzing data, such as buffer overflow or format strings. You then run the shell script and look for a crash. It's a simple automated script, with some simple changes you could even make it part of your automated testing suite.

For more information on fuzzman, examples and download go to:

By generating the fuzzing script from man pages it can fuzz any binary that has a man page.

Many binaries are missing or have inconsistent man pages.

Github just made my day

As much as I needed to read some source code revision history, this made me smile.

All I can say is failicorn > failwhale!

Worlds greatest shave

I'm taking part in the Leukaemia Foundation's World's Greatest Shave 2010. Please sponsor me! The funds we raise will help the Leukaemia Foundation to provide practical care and support to patients and families living with leukaemias, lymphomas, myeloma and related blood disorders.

No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.