Sponsored White Papers, Webcasts, and Downloads
Additional Resources
- News to know: Cyber attacks; Google; Windows security; Gmail outage
- Notable headlines: Larry Dignan: Georgia turns to Google's Blogger amid Russia onslaught Dancho Danchev: Coordinated Russia vs Georgia cyber attack in progress ZDNet UK: Georgia accuses Russia of co-ordinated cyberattack Video: Defcon: Where feds and hackers rub elbows News.com: Defcon ends...
- Tags: Apple iPhone, Google Inc., Google Gmail, Larry Dignan, Russia, Windows Security, Cyberattack, Outage, Georgia, E-mail Providers, Cloud Computing, Microsoft Windows, Hacking, Security, Viruses And Worms, Internet, Operating Systems, Software
- Blog posts 2008-08-12
- Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out
- Earlier today I published a lengthy blog post questioning some of the sensationalist conclusions raised in press coverage of a paper presented by Alexander Sotirov and Mark Dowd at last week’s Black Hat Conference in Las Vegas. This afternoon, I received an e-mail from Sotirov, who says he was "horrified...
- Tags: Technique, Black Hat, Microsoft Windows XP, Vulnerability, Microsoft Windows Vista, Microsoft Corp., Web Browser, Exploitation, Microsoft Windows Vista (Longhorn), Web Browsers, Security, Operating Systems, Microsoft Windows, Software, Internet, Ed Bott
- Blog posts 2008-08-11
- Windows security rendered useless? Uh, not exactly
- Oh dear. The Chicken Little contingent is out in full force. Break out your Kevlar helmets, everyone, because the sky is falling on Windows! At last week’s Black Hat conference in Las Vegas, researchers Alexander Sotirov and Mark Dowd presented a paper that outlined some new attack vectors they had...
- Tags: Black Hat, Attacker, Windows Security, Vulnerability, Microsoft Windows Vista, Defense, Memory Protection, Vulnerability Disclosure, Microsoft Windows, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Software, Ed Bott
- Blog posts 2008-08-11
- Windows broken ... I'm surprised it took this long
- Windows broken ... I'm surprised it took this longBest security is to take computers off the NetFor my computers at home, there is now only one that has firewalled access to the Internet. My kids' computers DO NOT. My media server DOES NOT. The PC with my finance stuff and...
- Tags: Microsoft Windows Vista (Longhorn), Operating systems, Web browsers, Microsoft Windows Vista, Microsoft Windows, UAC, administrative right
- Discussion threads 2008-08-09
- Windows broken ... I'm surprised it took this long
- So, in a stroke, two security researchers Mark Dowd of IBM and Alexander Sotirov or VMware at Black Hat have set browser security back 10 years and rendered Vista's security have been rendered useless. by Adrian Kingsley-Hughes
- Tags: Paper, Microsoft Windows Vista, Microsoft Corp., Web Browser, Data Execution Prevention, Microsoft Windows, Microsoft Windows Vista (Longhorn), Operating Systems, Security, Software, Adrian Kingsley-Hughes
- Blog posts 2008-08-09
- 2008 Pwnie Awards
- Don't forget to go and vote on the Pwnie Awards, which will happen at Black Hat Vegas again this year. I don't want to campaign for votes, but I wouldn't be pissed if some of my loyal readers out there voted for me, Billy Rios, Rob Carter, and John Heasman and...
- Tags: Category, Nomination, Security, Nathan McFeters
- Blog posts 2008-06-19
- Black Hat '08 preview webcast on its way
- Ladies and gents, For those who hadn't heard, I will be presenting at Black Hat Vegas '08 this year with Rob Carter, John Heasman, and Billy Rios. Our presentation is called "The Internet is Broken: Beyond document.cookie - Extreme Client Side Attacks", which may sound like a...
- Tags: Black Hat, Webcast, Nathan McFeters
- Blog posts 2008-06-15
- Flash attack may as well have been zero-day
- Guest Editorial by Dino Dai Zovi It has almost been a week since the Adobe Flash zero-day attack false alarm.  Since then, a number of people have called Symantec out as being irresponsible for crying wolf and announcing the raising the ThreatCon without fully researching the vulnerability (Full...
- Tags: Vulnerability, Attack, Flash, Security, Ryan Naraine
- Blog posts 2008-06-03
- Interview with the Vista Pwn2Own contest winners
- Update 04/03/2008: I've updated the article as apparently the link to k2's blog was broken. Also, it's important to note that Derek Callaway was a part of this research and exploitation as well, and I neglected to mention that. So obviously our coverage of the Pwn2Own contest has...
- Tags: Adobe Systems Inc., Vulnerability, JavaScript, Microsoft Windows Vista, Exploit, Data Execution Prevention, Flaw, Nate, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters
- Blog posts 2008-04-02
- More details on the Pwn2Own Flash flaw that won the Vista machine
- So, I've been pretty surprised by the response to the discussion of the Flash flaw that allowed the Vista machine to be compromised in the Pwn2Own contest. I'm working on getting an interview with Alexander Sotirov and Shane Macaulay (see image, courtesy of ZDI's official site) to discuss the issue, but...
- Tags: Java, Microsoft Windows Vista, Data Execution Prevention, Flaw, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Nathan McFeters
- Blog posts 2008-03-31
- Vista falls in Pwn2Own contests final day to a flaw in Adobe Flash
- Update 3/29/2008: Just to clarify in case it wasn't clear, this is a flaw in an Adobe product, Adobe Flash, and not in a Microsoft product or in the Windows Vista operating system. This is important to note, as it's not quite as glamorous as the flaw that took down...
- Tags: Adobe Systems Inc., Microsoft Windows Vista, Flaw, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Nathan McFeters
- Blog posts 2008-03-29
- OpenBSD team mocked at first ever 'Pwnie' awards
- LAS VEGAS -- The OpenBSD team has won an award for the most spectacular "mishandling" of a critical security vulnerability.Here's why:The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a "reliability fix" for it. A week later Core Security had developed proof of concept code...
- Tags: Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple
- Blog posts 2007-08-02
- Mozilla to ship Firefox 'workaround' for .ANI exploit
- Mozilla is considering a "workaround" to block the attack vector that puts Firefox users at risk of attacks exploiting the Windows animated cursor (.ani) vulnerability.Because Firefox uses the Windows API function that triggers the vulnerable code, the .ani vulnerability can be exploited through Firefox. (See this Flash demo by...
- Tags: Zero-day attacks, Windows Vista, Viruses and Worms, Spam and Phishing, Pen testing, Microsoft, Mozilla, Hackers, Google, Firefox, Data theft, Browsers, Vulnerability research, Spyware and Adware, Responsible disclosure, Patch Watch, Open source, Exploit code, Botnets
- Blog posts 2007-04-04
- Microsoft releases emergency patch for seven Windows vulnerabilities
- Microsoft has issued an "emergency" patch to fix a Critical remote code execution vulnerability in Windows cursor handling code plus six other vulnerabilities. The bugs affect every version of Windows since Windows 2000, including the latest version of Microsoft Vista. Mac, Linux, and Solaris users are immune. The update contains...
- Tags: Microsoft, Linux, General
- Blog posts 2007-04-03
- Firefox ANI exploit on the way - no protected mode
- Determina is previewing a version of the ANI exploit that will hijack Mozilla Firefox 2 as well as Internet Explorer 7 running on Vista with default DEP settings mostly turned off. DEP could have stopped this exploit from running but its turned off for most applications in Windows by...
- Tags: Vista, Security, Browsers
- Blog posts 2007-04-03
- Microsoft knew of Windows .ANI flaw since December 2006
- A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.According to Alexander Sotirov, chief reverse engineer at Determina, his research team discovered and reported the flaw to...
- Tags: Zero-day attacks, Windows Vista, Vulnerability research, Uncategorized, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-03-30
- Dangerous flaws crop up in Vista
- Getting all excited to deploy Vista in your agency? You might want to think again. The New York Times reports that researchers and hackers are finding serious problems with "the last Windows." Among the flaws: one described by Russian programmers that allows hackers to increase a user’s...
- Tags: Microsoft Windows Vista (Longhorn), Web browsers, SECURITY, Determina Inc., flaw, Microsoft Windows Vista, Web browser
- Blog posts 2006-12-25
- << Previous
- page 1 of 1
- Next >>
Enterprise Applications
-
Check out some of the easiest and most powerful ways to boost productivity
while saving money on your application infrastructure. See ZDNet's
comprehensive
Enterprise Application
resource center, now!
- New Online Dashboard
-
-
Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems.
Oracle Topline
-
White Papers and Webcasts
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
