Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- sort by:
- Relevance
- Date
- Popularity
- Black Hat Las Vegas Day 1
- Well, this is well late, but here's my recap of Black Hat Day 1. Sorry for the delay, but I've been terribly busy finishing up preparations for my Day 2 talk. The first talk I went to see, "Pointers and Handles, A Story of Unchecked Assumptions...
- Blog posts 2008-08-08
- Researcher keeps 'carpet bomb' attack alive, despite patch
- Security research Billy Rios posted an article today about the Apple Safari "Carpet Bomb" attack, discussing a new issue that, despite the patch which prevented a "blended" remote command execution attack when Safari was used in conjunction with IE on a Windows system, keeps the "Carpet Bomb" attack alive and well. ...
- Blog posts 2008-06-21
- Taking ownership (pwnership) of content: Cross-site Scripting Google
- My good friend Billy Rios pictured to the right published another interesting exploit recently. It's a cross-site scripting exposure in spreadsheets.google.com, which is interesting because it's exploited by using the content-type returned by spreadsheets.google.com and a caching flaw on the part of Google. Here's some details from Billy's blog: I was...
- Blog posts 2008-04-16
- Taking ownership of content
- Billy Rios covered a very interesting flaw in Google's code.google.com site on his blog today. The issue involves taking ownership of content of a third party by an application and relates to research that Rios and I originally presented at DEFCON 15 last year. Before...
- Blog posts 2008-04-04
- Black Hat Europe 2008
- Nate McFeters' pictures of Black Hat Europe 2008 in Amsterdam. by Nathan McFeters
- Image galleries 2008-03-26
- More Firefox URI handling security hiccups
- Mozilla has not quite fixed the security hiccups with URI protocol handling in Firefox. According to Billy Rios and Nate McFeters, the two security researchers behind the exposure of protocol abuse in popular Web browsers, Firefox is still vulnerable to a remote command injection flaw that...
- Blog posts 2007-09-04
Additional Resources
- Apple plugs gaping holes in Java for Mac
- Apple today released Java for Mac OS X 10.5 Update 2 with patches for a total of 25 documented security flaws that could expose Mac users to malicious code execution attacks. Two of the 25 flaws are specific to Apple and could be exploited to launch...
- Blog posts 2008-09-24
- Black Hat Las Vegas Day 2
- Again, sorry for the late updates. Vegas is the kind of place that demands a lot of a person. Too many parties make it difficult to find time to blog on the conference. Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but...
- Blog posts 2008-08-09
- Black Hat Las Vegas Day 1
- Black Hat Las Vegas Day 1Way to go Nate, Billy, and Rob.Congrats on the Pwnie, I read about it at Dark reading, but haven't actually read your current blog yet.That bit with Kaminsky was...odd. Booing? Really?edit: Now that I've read your blog, I've got to say that I really like...
- Discussion threads 2008-08-08
- Black Hat Sneak Preview
- Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined...
- Blog posts 2008-08-01
- Airport security part 6: Skimming at airport kiosks
- We've talked a lot about airport security here see other links at the bottom of this article, but one thing we haven't covered yet is airport kiosks. Not that they haven't caught my attention, there's just so much wrong at the airport, it takes time to cover it all. Richard...
- Blog posts 2008-07-28
- Code Diffs for DNS Exploit Code
- Diffs between revisions of the exploit code released by HDM and |)ruid. Generated by Billy Rios. by Nathan McFeters
- Image galleries 2008-07-23
- |)ruid and HD Moore release part 2 of DNS exploit
- [Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.] Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan...
- Blog posts 2008-07-23
- A look at the recent Firefox 3 vulnerability
- True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed...
- Blog posts 2008-07-22
- E-gold owners plead guilty to money laundering
- Wow, big morning! If anyone has seen Nitesh Dhanjani and Billy Rios's talk on phishing and identity theft, which was presented at the last couple Black Hat conferences, and will be on display again at Black Hat Vegas, you know that the identity theft market is a huge problem. You...
- Blog posts 2008-07-22
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Blog posts 2008-07-21
- Romanian authorities arrest cybercrime suspects
- Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once. Just a day after reading...
- Blog posts 2008-07-17
- Protocol handlers cause Mozilla Firefox 3 remote command execution vulnerabilities
- Update 07/16/2008: Apparently I neglected to mention that this has been patched already. Reading over it again and a heads up from a reader pointed out the error to me. As always, great job by Window Snyder and the Mozilla Security Team for getting this patched quickly. ...
- Blog posts 2008-07-16
- Finding the name behind the GMail address
- Ah, this is a fun little trick. I'm not sure if it represents a vulnerability, but certainly I expect Google will try to get rid of this feature. The SecuriTeam blog has reported that it is possible to expose the full name of the user who registered a GMail account.  ...
- Blog posts 2008-07-15
- Sun releases JRE Version 6 Update 7, 90% of desktops currently at risk*
- * The 90% of desktops currently at risk comes from numbers presented at the Java One Keynote in 2008. If you aren't patched, get the Java control panel up and get updated, or go to Sun's site to download the update, cause this one's big. Yesterday Sun...
- Blog posts 2008-07-11
- << Previous
- page 1 of 1
- Next >>
Content Types
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
- To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
-
Produced by
ZDNet and -
