Re: White paper: Exploiting the Win32 API.
From: Simos Xenitellis (simos74@GMX.NET)Date: 08/08/02
- Previous message: Deus, Attonbitus: "Re: Win32 vulnerability? Or application vulnerability?"
- Maybe in reply to: Chris Paget: "White paper: Exploiting the Win32 API."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 Aug 2002 21:46:10 +0100 From: Simos Xenitellis <simos74@GMX.NET> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Dear Russ,
The issue of vulnerabilities in event-driven systems has been mentioned
last month (7th July 2002) in the vuln-dev mailling list at
http://online.securityfocus.com/archive/82/280912/2002-07-04/2002-07-10/0 In that e-mail, the page http://www.isg.rhul.ac.uk/~simos/event_demo/
demonstrated the issue of event-driven vulnerabilities.
As part of my studies (http://www.isg.rhul.ac.uk/~simos/) I examined
security issues in event-driven systems and the results have been
published in two (academic) papers in May and July, found at
1. http://www.isg.rhul.ac.uk/~simos/pub/SecurityVulnerabilitiesInEvent-drivenSystems.pdf
2. http://www.isg.rhul.ac.uk/~simos/pub/ANewAvenueOfAttack-revised.pdf
I am not quite sure if Chris Paget had seen the demonstration
page mentioned above. If he had consulted that page while writing his
tutorial, then he should had made a reference. It would look strange if
he didn't, since searching on Google for "event-driven vulnerabilities"
reveals the demonstration page above.
Thanks for your time,
Simos Xenitellis
- Previous message: Deus, Attonbitus: "Re: Win32 vulnerability? Or application vulnerability?"
- Maybe in reply to: Chris Paget: "White paper: Exploiting the Win32 API."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
