rss http://www.sofistic.net/en/rss en Mounting VirtualBox images (Dynamic VDI) on GNU/Linux http://www.sofistic.net/en/mounting_virtualbox_images_dynamic_vdi_gnulinux <p>Sometimes it can be necessary mount a <b>VirtualBox image</b>, <b>VDI type</b> with <b>dynamically expanding storage</b>, on a <b>GNU/Linux system</b>. A use case, it could be that we have to modify some system file on a MS Windows system (<b>NTFS</b> file system format) and we cannot do it on a booted system.</p> <p><a href="http://www.sofistic.net/en/mounting_virtualbox_images_dynamic_vdi_gnulinux">read more</a></p> Tue, 20 Apr 2010 01:21:11 +0200 jack 51 at http://www.sofistic.net Túneles IPSEC de máquinas con GNU/Linux contra Cisco http://www.sofistic.net/en/content/t%C3%BAneles_ipsec_de_m%C3%A1quinas_con_gnulinux_contra_cisco <p>Desde hace poco hemos tenido que levantar túneles IPSEC contra Cisco ASA y routers similares para conectar dos IP's privadas de distinto subrango de red.</p> <p><a href="http://www.sofistic.net/en/content/t%C3%BAneles_ipsec_de_m%C3%A1quinas_con_gnulinux_contra_cisco">read more</a></p> Thu, 08 Jan 2009 14:58:48 +0100 jack 38 at http://www.sofistic.net Roundcube PHP Arbitrary Code Injection http://www.sofistic.net/en/advisories/0801 <p>Public Release Date of POC: 2008-12-22<br /> Author: Jacobo Avariento Gimeno (Sofistic)<br /> CVE id: CVE-2008-5619<br /> Bugtraq id: 32799<br /> Severity: Critical<br /> Vulnerability reported by: RealMurphy</p> <pre> Intro ---- Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com HTML to Plain Text Conversion" library to convert HTML text to plain text, this library uses the preg_replace PHP <p><a href="http://www.sofistic.net/en/advisories/0801">read more</a></p> Tue, 23 Dec 2008 01:54:07 +0100 jack 29 at http://www.sofistic.net Advisories http://www.sofistic.net/en/advisories <p>From IT Security R+D labs we have published the following advisories, reports and Proof of Concepts:</p> <ul> <li>2008-12-22: <a href="advisories/0801">Roundcube PHP arbitrary code injection</a> (POC) <li>2009-05-08: <a href="advisories/0901">Vpopmail/QmailAdmin User's Quota Multiple Integer Overflows</a> (Vulnerability) </ul> Advisories Tue, 23 Dec 2008 01:49:12 +0100 jack 28 at http://www.sofistic.net Monitorizando el correo enviado mediante PHP. http://www.sofistic.net/en/php_monitorizar_correo <p>Muchos <i>spammers</i> se aprovechan de formularios de envío de correo en la Web para enviar de forma indiscriminada correo. PHP no guarda registro de la actividad de su función <b>mail()</b> así que poco sabemos si un <i>spammer</i> está usando alguna web alojada en nuestro servidor web para enviar <i>spam</i>.</p> <p><a href="http://www.sofistic.net/en/php_monitorizar_correo">read more</a></p> Wed, 03 Dec 2008 01:05:36 +0100 jack 18 at http://www.sofistic.net [Seguridad] Randomizando la ejecución de código http://www.sofistic.net/en/randomizando_la_ejecucion_de_codigo <p>Hasta hace un par de años cuando se compilaba un programa se establecía en que direcciones de memoria quedaba mapeado para futuras ejecuciones.</p> <p><a href="http://www.sofistic.net/en/randomizando_la_ejecucion_de_codigo">read more</a></p> Thu, 30 Oct 2008 02:15:41 +0100 jack 17 at http://www.sofistic.net