Exploitation Resources on ZDNet

ZDNet Resources

Hacking NASA: One small step for man, one giant leap for hackers?: The COREÂ Security Team released an advisory toÂ the Full-Disclosure mailing list todayÂ that documented a stack overflow in NASA's Common Data Format libs. Looking at this bug, the tech details aren't overwhelming, I think I'm mostly excited about it due to the high profile of hacking NASA libs.Â One...; Tags: NASA, Vulnerability, Hacker, Exploitation, Common Data Format 3.2.1, Security, Patches, Hacking, Nathan McFeters; Blog posts 2008-05-05
ActiveX woes bite CA BrightStor: Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system. A Secunia alert rates the vulnerability "highly critical." Here are the details: Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup,...; Tags: Vulnerability, Computer Associates International Inc., ActiveX, CA BrightStor, Exploitation, ActiveX/COM/COM+/DCOM, Storage Management, It Management, Security, Software Development, Software/Web Development, Storage, Hardware, It service Management, Larry Dignan; Blog posts 2008-03-17
Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features: Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features"Exploitation is Still Possible...""What’s really important to gather from all of this, is that while Windows has made major improvements to it’s security..."itsObsessive-compuslsive or not, it's "its".--GlennRE: Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security FeaturesVista...; Tags: Operating systems, UNIX, Third-Party Vendor, Exploitation, Problem Here, Still Possible, Third-Parties Neglect, Implement Vista Security Features, Implement Vista, security, Microsoft Corp., exploitation; Discussion threads 2008-03-03
Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features: Consider this, Microsoft spends huge amounts of dollars and manpower creating protections for the Vista operating system, yet we still have old school vulnerabilities. Why? The answer is simple really, third-party created code is not stepping up and taking advantage of these powerful protection mechanisms. I'm not...; Tags: Security, Microsoft Windows Vista, Data Execution Prevention, Exploitation, Address Space Layout Randomization, Nathan McFeters; Blog posts 2008-03-02
QuickTime zero-day attacks intercepted: Researchers at Symantec have intercepted two different in-the-wild malware attacks targeting an unpatched code execution vulnerability in Apple's QuickTime media player. Honeypots in Symantec's DeepSight Threat Management System captured the first known case of exploit exploitation of the flaw on December 1st, 2007.Â The company has since...; Tags: Apple QuickTime, Vulnerability, Malware, Zero-day Bug, Attack, Exploitation, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2007-12-03

IE users beware: RealPlayer zero-day flaw under attack: (See updates below with confirmation from RealNetworks and plans for an emergency RealPlayer patch) Hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks, which began...; Tags: Attacker, Victim, Microsoft Internet Explorer, RealNetworks RealPlayer, Attack, Flaw, Exploitation, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2007-10-19
Zero-day flaws surface in AOL, Yahoo IM products: Zero-day vulnerabilities in two popular instant messaging products could put millions of computer users at risk of malicious hacker attacks. Exploit code has been released for the more serious of the two flaws -- a gaping hole in Yahoo Messenger -- that could expose users to code...; Tags: Yahoo IM, AOL Instant Messenger, America Online Inc., IM, Yahoo! Inc., User, Secunia, Flaw, Exploitation, Instant Messaging, Security, Internet, Online Communications, Ryan Naraine; Blog posts 2007-09-19
ActiveX flaws haunt QuickBooks Online: The U.S. Computer Emergency Readiness Team (US-CERT) is warning about multiple code execution holes affecting users of Intuit QuickBooks Online Edition. The vulnerabilities, rated "highly critical" by Secunia, can be exploited by a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. ...; Tags: Intuit Inc., Intuit QuickBooks, ActiveX, Flaw, Exploitation, Ryan Naraine; Blog posts 2007-09-05
Trend Micro, Zone Labs, ClamAV join list of insecure security products: Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege...; Tags: Security, Check Point Software Technologies Ltd., Trend Micro Inc., Zone Labs Inc., Ryan Naraine; Blog posts 2007-08-22
Zero-day RPC flaw in Microsoft DNS: Zero-day RPC flaw in Microsoft DNSMissing some good details..Last time I checked there was a zero day section...guess you guys are competing or something. Regardless, thanks for the heads up, but you did not post any details besides what is vulnerable. [b]"A vulnerability has been reported in Microsoft Windows, which...; Tags: Domain names, Microsoft Windows, NETWORKING, SECURITY, exploitation, DNS, Microsoft Corp., Zero-day RPC, Microsoft DNS, flaw, vulnerability; Discussion threads 2007-04-13
Michael Dell pushes governments to invest in IT: Michael Dell pushes governments to invest in ITGovernments should investto: See that all of their people have food.See that all of their people have proper housing.See that their people have proper medical care.See that their people are free to worship or not worship as they please.See that ALL their people...; Tags: Vertical industries, Exploitation, Big Brother, government, Dell Computer Corp., IT IS, information technology; Discussion threads 2006-05-04
What's the next security threat?: What's the next security threat?The next security threat is:"WINDOZE"Oh, wait, WINDOZE has been a security threat for 20 years. OK, the next security threat is Vista - another MICROSUCKS abortion.The next security threat has a name and it isVista.... it's not out yet so we are still secure until it...; Tags: Web browsers, exploitation, security threat, Mozilla Firefox, security, JavaScript; Discussion threads 2006-04-17
Open-source companies see profit aplenty: Open-source companies see profit aplentySee....1.Make/develope/update free software.2.Sell support or a commercial license (depending on the vendor)3.Profit. The only thing that i would say they need to do is make sure their commercial license is extremely compeditive. or else... So long and thanks for all the code.Interesting article......doesn't say whether RedHat...; Tags: Tools & Techniques, GPL, software, exploitation, open source, Even Microsoft; Discussion threads 2004-05-19

Additional Resources

Stallman hopes to save children from proprietary software: Stallman hopes to save children from proprietary softwareA comment and a typo to correctFirst the typo:[i]Sugar, even on Windows, always *was* and always will be open source. [/i]At least I think that's what you meant to say.[i]But let’s not throw babies out with bathwaters. Just because Ferraris are fun cars...; Tags: Web browsers, open source, Stallman, Netscape Communications Corp., software, proprietary software; Discussion threads 2008-05-02
Indian techies snubbing US jobs to stay home: Indian techies snubbing US jobs to stay homeThat's What Locusts Do.They destroy one place and move on to the next one. Indians destroyed the job market in America and they are moving on to the next place to gut out and leave to die.RE: Indian techies snubbing US jobs...; Tags: Recruitment & Selection, family network, Indian techy, job; Discussion threads 2008-04-29
Upcoming panel on exploiting the social graph: At a conference I attended last month on social media law (I have some interesting notes I'll post soon), I was struck by how lawyers for social media giants such as Facebook, MySpace, Google, find speedy ways to accommodate powerful copyright holders on infringement issues. When it comes to...; Tags: Social Media, Denise Howell; Blog posts 2008-04-23
ToorCon Seattle 2008: Nuke plants, non-existent sub domain attacks, muffin diving, and Guitar Hero: *** Updated: ToorCon images uploaded.Â Click here!Â Alright, that title probably sounds pretty random... well, welcome to ToorCon!Â ToorCon has long been one of my favorite conferences for the easy atmosphere, laid-back presentations, and parties.Â This year's Seattle-based ToorCon was the best I've been to. ...; Tags: Researcher, XSS, Domain, Microsoft Corp., Conference, Attack, ToorCon Seattle 2008, John, Security, Nathan McFeters; Blog posts 2008-04-21
Thought leadership grows around advancing 'WOA plus SOA' as enterprise-cloud duo: Respected developer, adviser and thought leader Dion Hinchcliffe has posted a watershed blog that develops a compelling rationale for Web Oriented Architecture's (WOA's) advancing role in enterprises. The logic is not to supplant or dismiss Service Oriented Architecture (SOA), but rather to examine how WOA -- also...; Tags: Leadership, SOA, WOA, Dion, Service-Oriented Architecture (SOA), Web Services, Middleware, Enterprise Software, Software, Dana Gardner; Blog posts 2008-04-17
Mark Dowd's null pointer dereference exploit and advanced Flash ActionScript techiques proove definitively: Aliens Do Exist!: Alright, I'm just going to start out with a little background before I start, this particular research was so cool that I've been talking about it all day.Â Reading this whitepaper, written by Mark Dowd, was as exciting to me as watching highlights of Michael Jordan sinking that winning shot,...; Tags: Research, Adobe Systems Inc., Blog, Blogging, Team Management, Internet, Management, Nathan McFeters; Blog posts 2008-04-16
Adobe patches 7 issues, including Pwn2Own contest flaw and DNS rebinding issues: Adobe published an advisory covering issues, includingÂ a fix for theÂ Pwn2Own flaw that we previously discussed here.Â Adobe's details are published here.Â One of the issues that was patched was discovered by myself and fellow researcher (and co-worker at Ernst & Young's Advanced Security Center)Â Rob Carter, see the picture to the...; Tags: Adobe Systems Inc., DNS, Domain, Lookup, Microsoft Internet Explorer, Web Browser, Domain Name, Flaw, Rob, Flash, XmlHttp Request, Kicker, Domain Names, Web Browsers, Networking, Internet, Nathan McFeters; Blog posts 2008-04-09