New User, Welcome!     Login

Microsoft Silverlight

Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

XiaShing@gmail.com wrote:
> It's been confirmed that this is not problem in IE. Sorry I didn't mention that. Microsoft uses Silverlight:
> 
> GET /index.php?page=Poem/Poem.php HTTP/1.1
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/x-silverlight, */*

...and how did you confirm that? By seeing Silverlight in the accepted

CanSecWest 2008 PWN2OWN - Mar 26-28

The fully patched client-side applications that qualify for a prize includes:

.     Adobe PDF
.     Adobe Flash
.     Microsoft Silverlight
.     Microsoft Internet Explorer
.     Microsoft Outlook/Outlook Express
.     Firefox
.     Safari
.     iChat

CanSecWest 2008 PWN2OWN - Mar 26-28

The fully patched client-side applications that qualify for a prize includes:

.     Adobe PDF
.     Adobe Flash
.     Microsoft Silverlight
.     Microsoft Internet Explorer
.     Microsoft Outlook/Outlook Express
.     Firefox
.     Safari
.     iChat

Security improvements of Microsoft Silverlight Build 3.0.50106.0?

Does anyone on the list know what are the latest security improvements of Microsoft Silverlight Build  3.0.50106.00, released on 19th January?

References:
http://support.microsoft.com/kb/979202

http://download.microsoft.com/download/F/D/8/FD8F5947-78FF-40A5-9A34-5E35243C12E4/50106/Microsoft%20Silverlight%20Release%20History.htm#SL_3_50106
(downloadable .htm file)

Juha-Matti

[tool release] Watcher v1.0.0 - passive Web-app security testing and compliance auditing

is also there.

This tool provides pen-testers hot-spot detection for vulnerabilities,
developers quick sanity checks, and auditors PCI compliance auditing.  It
looks for issues related to mashups, user-controlled payloads, cookies,
comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information
disclosure, Unicode, and more.

Major Features:
1. Silent and passive detection of security, privacy, and PCI compliance
issues in HTTP, HTML, Javascript, and CSS

Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06

It's been confirmed that this is not problem in IE. Sorry I didn't mention that. Microsoft uses Silverlight:

GET /index.php?page=Poem/Poem.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/x-silverlight, */*
Accept-Language: en-au
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
Host: www.footprints-inthe-sand.com
Connection: Keep-Alive


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!