ZDNet Resources
- Apple bolsters QuickTime defenses... or do they?
- A couple of great articles came out recently, one from Ryan Naraine and one from our very own Larry Dignan, about some of the defenses that Apple is trying to build into QuickTime to defend Vista users. As we've talked about here before, with Vista, it's all...
- Tags: Apple QuickTime, Blog, Microsoft Windows Vista, Apple Inc., Data Execution Prevention, ASLR, David Maynor, Microsoft Windows Vista (Longhorn), Blogging, Digital Music, Digital Media, Operating Systems, Microsoft Windows, Software, Internet, Personal Technology, Consumer Electronics, Nathan McFeters
- Blog posts 2008-04-08
- Memory randomization (ALSR) coming to Mac OS X Leopard
- Memory randomization (ALSR) coming to Mac OS X LeopardIntresting...Why is Apple implementing all of these security features? I thought that OS X has hack proof.It would be hard to sandbox SafariWeb browsers have all sorts of third party plugins that would break if sandboxed. IE7 on Vista is virtually...
- Tags: Operating systems, Planning, Apple Inc., Apple Mac OS X, ALSR, security, Apple Macintosh, Leopard, Apple Mac OS, Microsoft Windows Vista
- Discussion threads 2007-10-17
- Memory randomization (aslr) coming to Mac OS X Leopard
- Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to...
- Tags: Application, Apple Macintosh, Disk, Apple Inc., Microsoft Corp., ASLR, Leopard, Apple Mac OS X, Security, Apple Mac OS, Operating Systems, Software, Ryan Naraine
- Blog posts 2007-10-17
- Vista's aslr not so random, but does it matter?
- Vista's ASLR not so random, but does it matter?HeapAlloc vs. malloc?malloc is a function whose implementation is defined by whomever wrote the C Runtime Library. In the case of Visual Studio 2005, this function wraps the Windows HeapAlloc function whenever you are running on Windows 2000 or newer. ...
- Tags: Microsoft Windows, Microsoft Windows Vista (Longhorn), Operating systems, Windows HeapAlloc, malloc, ASLR, Microsoft Windows Vista
- Discussion threads 2007-02-28
- Vista's aslr not so random, but does it matter?
- Symantec is using the spotlight of the Black Hat DC 2007 conference to pick apart the security technologies built into Windows Vista.On the heels of its exposé of weaknesses in the UAC (user account control) mechanism, Symantec rolled out a Vista security portal with three new research papers discussing legacy...
- Tags: Pen testing, Black Hat Federal, Data theft, Black Hat, Viruses and Worms, Spyware and Adware, Exploit code, Spam and Phishing, Responsible disclosure, Rootkits, Vulnerability research, Microsoft, Windows Vista, Hackers
- Blog posts 2007-02-28
- An Analysis of Microsoft Windows Vista's aslr
- Since the release of the Beta 2 version of Windows Vista, Microsoft has added ASLR (Address Space Layout Randomization) to protect it from buffer overflows. ASLR is not new and has been available for a long time on other operating systems, but the advantage of Vista's ASLR is that it...
- Tags: Microsoft Windows Vista, Microsoft Corp., Buffer-overflow, Analysis, ASLR, Microsoft Windows Vista (Longhorn), Microsoft Windows, Viruses And Worms, Security, Operating Systems, Software
- White papers 2006-05-10
Additional Resources
- Can I interest you in a glass of Berry Blue Kool-Aid?: A recap of Microsoft Blue Hat v7
- Hey all, I was fortunate enough to be invited to attend Microsoft Blue Hat v 7 as I had some research that Microsoft was interested in bringing me in to talk about. Microsoft got to have co-worker and fellow researcher Rob Carter and I in to talk...
- Tags: Microsoft Corp., Blogging, Team Management, Internet, Management, Nathan McFeters
- Blog posts 2008-05-06
- Apple bolsters QuickTime defenses
- Apple is adding several anti-hacking features to QuickTime in an effort to build up the media player's defenses. Ryan Naraine reports that exploit prevention mechanisms have been added to QuickTime in its latest batch of patches. Ryan notes: According to a source familiar...
- Tags: Apple QuickTime, Apple Inc., Move, Digital Music, Digital Media, Personal Technology, Consumer Electronics, Larry Dignan
- Blog posts 2008-04-08
- Interview with the Vista Pwn2Own contest winners
- Interview with the Vista Pwn2Own contest winnersSo NO, we did not duplicate it on any other platform.What Nate states is this is a compiler issue with a polymorphism/name mangling bug. Therefore, it is not a Adobe coding issue. So my questions still remain:1) Have you duplicated this on...
- Tags: Microsoft Windows Vista (Longhorn), data execution prevention, Vista Pwn2Own, Nate, flaw, Microsoft Windows Vista
- Discussion threads 2008-04-02
- Interview with the Vista Pwn2Own contest winners
- Update 04/03/2008: I've updated the article as apparently the link to k2's blog was broken. Also, it's important to note that Derek Callaway was a part of this research and exploitation as well, and I neglected to mention that. So obviously our coverage of the Pwn2Own contest has...
- Tags: Adobe Systems Inc., Vulnerability, JavaScript, Microsoft Windows Vista, Exploit, Data Execution Prevention, Flaw, Nate, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters
- Blog posts 2008-04-02
- Vista falls in Pwn2Own contests final day to a flaw in Adobe Flash
- Update 3/29/2008: Just to clarify in case it wasn't clear, this is a flaw in an Adobe product, Adobe Flash, and not in a Microsoft product or in the Windows Vista operating system. This is important to note, as it's not quite as glamorous as the flaw that took down...
- Tags: Adobe Systems Inc., Microsoft Windows Vista, Flaw, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Nathan McFeters
- Blog posts 2008-03-29
- Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features
- Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features"Exploitation is Still Possible...""What’s really important to gather from all of this, is that while Windows has made major improvements to it’s security..."itsObsessive-compuslsive or not, it's "its".--GlennRE: Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security FeaturesVista...
- Tags: Operating systems, UNIX, Third-Party Vendor, Exploitation, Problem Here, Still Possible, Third-Parties Neglect, Implement Vista Security Features, Implement Vista, security, Microsoft Corp., exploitation
- Discussion threads 2008-03-03
- Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features
- Consider this, Microsoft spends huge amounts of dollars and manpower creating protections for the Vista operating system, yet we still have old school vulnerabilities. Why? The answer is simple really, third-party created code is not stepping up and taking advantage of these powerful protection mechanisms. I'm not...
- Tags: Security, Microsoft Windows Vista, Data Execution Prevention, Exploitation, Address Space Layout Randomization, Nathan McFeters
- Blog posts 2008-03-02
- Black Hat, Day 2: DTrace, (un)Smashing the Stack, Cisco IOS Forensics
- Day 2 is done and Black Hat is wrapped up. The second day of talks was power-packed with some really great presentations. Despite a wicked night of celebration after my successful talk, I still managed to turn up on time for the "DTRACE: The Reverse Engineer's...
- Tags: Black Hat, Cisco IOS, Researcher, Speaker, Cisco Systems Inc., DTrace, Day 2, FX, Nate McFeters
- Blog posts 2008-02-21
- Apple QuickTime under siege
- Apple QuickTime under siegeApple finally has enough market to become a targetFace it, Apple has not had to concern itself much with security due to the fact their market share was so low the hackers didn't bother with their products.I suppose there is a silver lining in the knowledge that...
- Tags: Digital music, Digital media, Apple QuickTime, Apple Inc., security
- Discussion threads 2007-11-30
- Latest QuickTime bug leaves XP, Vista vulnerable
- Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack. According to Secunia, the latest QuickTime bug "can be exploited by malicious people to compromise a user's system." A working exploit is public and the vulnerability has been...
- Tags: Apple QuickTime, Microsoft Windows XP, Vulnerability, Microsoft Windows Vista, Secunia, Ryan, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Larry Dignan
- Blog posts 2007-11-26
- Apple admits to 'misleading' Leopard firewall settings
- Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard. The acknowledgment from Cupertino comes less than a month after independent researchers threw cold water on Apple's claim that Leopard's firewall can block...
- Tags: Firewall, Apple Macintosh, Apple Inc., Application Firewall, Firewalls, Apple Mac OS X, Apple Mac OS, Network Security, Operating Systems, Security, Networking, Software, Ryan Naraine
- Blog posts 2007-11-15
- Explore Address Space Load Randomization and Windows Hardware Error Architecture in Windows Server 2008
- In this InformIT article, Scott Fulton discusses the concept of Address Space Load Randomization (ASLR) and how this works in Windows Server 2008. In addition, the article covers Windows Hardware Error Architecture (WHEA), a standard protocol whereby attached hardware registers problems with the operating system, sending an alert...
- Tags: Microsoft Windows Server, informIT, Microsoft Windows Server 2008, Microsoft Windows, Operating Systems, Servers, Software, Hardware
- Download resources 2007-11-02
- Researchers pooh-pooh Mac OS X Leopard security
- The first independent reviews of the security enhancements in Mac OS X Leopard are in -- and they're not entirely pleasant for the folks in Cupertino. First up is Heise Security's takedown of the new application-based firewall in Leopard, which Apple promises will specify the behavior of...
- Tags: Firewall, Apple Macintosh, Network, Leopard, Thomas Ptacek, Firewalls, Apple Mac OS X, Network Security, Apple Mac OS, Security, Operating Systems, Networking, Software, Ryan Naraine
- Blog posts 2007-10-30
- Microsoft mulling major changes to ward off .ANI-type flaws
- How did the super-critical animated cursor (.ani) vulnerability get past all the strict code review, fuzz testing and other defense-in-depth mitigations built into Windows Vista. Michael Howard (left) has the answer and hes sharing it with us in a candid explanation from Microsoft on the lessons learned from the...
- Tags: Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Metasploit, Microsoft, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks
- Blog posts 2007-04-27
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
In this Super Techies interview, larger-than-life techie Marc Canter talks with ZDNet's Editor in Chief Dan Farber about his career as a multimedia pioneer.
Test drive Sun products in your IT environment free for 60 days. Get up to 45% off list price when you purchase your trial system. Returns? No problem. We pay shipping both ways.
"Intel® Centrino® with vPro™ Technology and the new 45nm Intel® Core™ Duo processor delivers greater than 2x the performance over older generation Intel® Centrino® components when your system is multitasking.
