[FD] Windows 8 Touch Injection API doesn't handle memory pressure

Perhaps this is an unfair oversimplification, but a humorous (to me) summary of the SDL might be "security is solved because old code is irrelevant and new code is perfect". For this reason, I can't help finding it amusing that both old and new Microsoft code keeps failing so spectacularly. I ment

Re: [FD] [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability

Hi Brandon, to exploit the vulnerability you need an account with the ability to access to the dashboard (which can be granted e.g. with the "publish entries and comments" or even with the "manage their own entries and comments" permission), plus the ability to manage media items, that means you m

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

Can someone reference something more than a report on Windows Vista? UAC combined with standard user privilege combines the integrity system applied via UAC and standard reduced security permissions. UAC when the user has an Administrator token is a different beast and there are some known bypa

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

On Wed, May 21, 2014 at 10:39 AM, Tavis Ormandy wrote: [...] > This is a very minor bug, should they stop engineers working on high > severity issues and assign them to this? There's no security impact, > and an Administrator would have to deliberately break the system. If I > was in charge, I'd t

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

On 2014-05-21 16:26, Stefan Kanthak wrote: 3. You think Windows' "user account control" is a security boundary. UAC is but NOT a security boundary: Microsoft tries to sell "defense in depth" to their customers since they started thei