AppSec Blog: Daily Archives: Mar 02, 2010

Top 25 Series - Rank 3 - Classic Buffer Overflow

Classic buffer overflow (CWE-120) is a huge problem in programming, we have all seen the damage that can be done by buffer overflow. There were numerous worms that leveraged this vulnerability in the early 2000's. Starting from the Morris worm early on, extending to the Code Red and SQL Slammer, they are all proof that … Continue reading Top 25 Series - Rank 3 - Classic Buffer Overflow


Following a Trail of Breadcrumbs - A Design Flaw in Yahoo! Mail

It's my pleasure to post this guest blog from my colleague and fellow security professional, Khash Kiani, about an interesting design flaw in Yahoo! Mail. Intent The ultimate goal of this exercise was to reveal a few fundamental design flaws with the authentication mechanism of Yahoo! Mail, more specifically its password reset scheme. The exercise … Continue reading Following a Trail of Breadcrumbs - A Design Flaw in Yahoo! Mail