billy rios

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Black Hat Las Vegas Day 1

Well, this is well late, but here's my recap of Black Hat Day 1. Sorry for the delay, but I've been terribly busy finishing up preparations for my Day 2 talk. The first talk I went to see, "Pointers and Handles, A Story of Unchecked Assumptions...

Tags: Billy Rios, Black Hat, Cyberthreats, Nathan McFeters, Phishing, Security, Spam, Spam And Phishing, Viruses And Worms

Blog posts 2008-08-08

Researcher keeps 'carpet bomb' attack alive, despite patch

Security research Billy Rios posted an article today about the Apple Safari "Carpet Bomb" attack, discussing a new issue that, despite the patch which prevented a "blended" remote command execution attack when Safari was used in conjunction with IE on a Windows system, keeps the "Carpet Bomb" attack alive and well. ...

Tags: Software, Apple Safari, Apple Inc., Ecosystem, Attack, Billy Rios, Security, Nathan McFeters

Blog posts 2008-06-21

Taking ownership (pwnership) of content: Cross-site Scripting Google

My good friend Billy Rios pictured to the right published another interesting exploit recently.  It's a cross-site scripting exposure in spreadsheets.google.com, which is interesting because it's exploited by using the content-type returned by spreadsheets.google.com and a caching flaw on the part of Google.  Here's some details from Billy's blog: I was...

Tags: Security, Google Inc., HTML, XSS, Domain, Billy Rios, Rios, Nathan McFeters

Blog posts 2008-04-16

Taking ownership of content

Billy Rios covered a very interesting flaw in Google's code.google.com site on his blog today.  The issue involves taking ownership of content of a third party by an application and relates to research that Rios and I originally presented at DEFCON 15 last year. Before...

Tags: Domain, Applet, JVM, Billy Rios, Class File, CODE, Java, Programming Languages, Software Development, Software/Web Development, Nathan McFeters

Blog posts 2008-04-04

Black Hat Europe 2008

Nate McFeters' pictures of Black Hat Europe 2008 in Amsterdam. by Nathan McFeters

Tags: Black Hat, Nate McFeters, Nathan McFeters, news, Black Hat Europe 2008, Amsterdam, tech action, hackers, Dafydd, Marcus, Rob Carter, Billy Rios, Nitesh

Image galleries 2008-03-26

More Firefox URI handling security hiccups

Mozilla has not quite fixed the security hiccups with URI protocol handling in Firefox. According to Billy Rios and Nate McFeters, the two security researchers behind the exposure of protocol abuse in popular Web browsers, Firefox is still vulnerable to a remote command injection flaw that...

Tags: Security, Mozilla Firefox, Mozilla Corp., Ryan Naraine

Blog posts 2007-09-04

Additional Resources

Apple plugs gaping holes in Java for Mac

Apple today released Java for Mac OS X 10.5 Update 2 with patches for a total of 25 documented security flaws that could expose Mac users to malicious code execution attacks. Two of the 25 flaws are specific to Apple and could be exploited to launch...

Tags: Apple Macintosh, Apple Inc., Programming Languages, Apple Mac OS X, Java, Desktops, Software Development, Software/Web Development, Operating Systems, Software, Apple Mac OS, Hardware, Ryan Naraine

Blog posts 2008-09-24

Black Hat Las Vegas Day 2

Again, sorry for the late updates.  Vegas is the kind of place that demands a lot of a person.  Too many parties make it difficult to find time to blog on the conference.  Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but...

Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters

Blog posts 2008-08-09

Black Hat Las Vegas Day 1

Black Hat Las Vegas Day 1Way to go Nate, Billy, and Rob.Congrats on the Pwnie, I read about it at Dark reading, but haven't actually read your current blog yet.That bit with Kaminsky was...odd. Booing? Really?edit: Now that I've read your blog, I've got to say that I really like...

Tags: Blogging, Black Hat

Discussion threads 2008-08-08

Black Hat Sneak Preview

Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined...

Tags: Black Hat, Java Applet, Web Application, Web Browser, Applet, Attack, GIFAR, Java, Programming Languages, Security, Software Development, Software/Web Development, Nathan McFeters

Blog posts 2008-08-01

Airport security part 6: Skimming at airport kiosks

We've talked a lot about airport security here see other links at the bottom of this article, but one thing we haven't covered yet is airport kiosks.  Not that they haven't caught my attention, there's just so much wrong at the airport, it takes time to cover it all.  Richard...

Tags: Credit Card, Airport Security, Airport Kiosk, Stiennon, Sales Channel, Financial Services, Sales, Nathan McFeters

Blog posts 2008-07-28

Code Diffs for DNS Exploit Code

Diffs between revisions of the exploit code released by HDM and |)ruid. Generated by Billy Rios. by Nathan McFeters

Tags: Billy, code, diffs, DNS, Domain Names, Exploit, Exploit Code, HDM, Internet, McFeters, Nate, Nathan McFeters, Networking, Revision, Rios, screenshots, |)ruid

Image galleries 2008-07-23

|)ruid and HD Moore release part 2 of DNS exploit

[Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.] Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan...

Tags: DNS, Domain, Server, Entry, Exploit, NS, NS Record, Domain Names, Networking, Internet, Nathan McFeters

Blog posts 2008-07-23

A look at the recent Firefox 3 vulnerability

True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3.  As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed...

Tags: Mozilla Firefox 3.0, Mozilla Firefox, Apple Safari, Vulnerability, Protocol Handler, Firefox3, Security Decision, Web Browsers, Security, Internet, Nathan McFeters

Blog posts 2008-07-22

E-gold owners plead guilty to money laundering

Wow, big morning!  If anyone has seen Nitesh Dhanjani and Billy Rios's talk on phishing and identity theft, which was presented at the last couple Black Hat conferences, and will be on display again at Black Hat Vegas, you know that the identity theft market is a huge problem.  You...

Tags: Flooz, Currency Service, Identity Theft, Phishing, Security, Spam And Phishing, Nathan McFeters

Blog posts 2008-07-22

2008 Pwnie Award nominees announced

Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on.  From the site: The final list of nominees for the nine Pwnie Award categories is ...

Tags: Attack, Flaw, Lifelock, Nathan McFeters, Nominee, Security, Vulnerability, XSS, XSS Flaw

Blog posts 2008-07-21

Romanian authorities arrest cybercrime suspects

Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once. Just a day after reading...

Tags: Arrest, eBay Inc., Romania, Romanian, Phishing, Identity Theft, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters

Blog posts 2008-07-17

Protocol handlers cause Mozilla Firefox 3 remote command execution vulnerabilities

Update 07/16/2008: Apparently I neglected to mention that this has been patched already.  Reading over it again and a heads up from a reader pointed out the error to me.  As always, great job by Window Snyder and the Mozilla Security Team for getting this patched quickly. ...

Tags: Mozilla Firefox 3.0, Mozilla Firefox, URI, Vulnerability, Mozilla Corp., Attack, Web Browsers, Security, Internet, Nathan McFeters

Blog posts 2008-07-16

Finding the name behind the GMail address

Ah, this is a fun little trick.  I'm not sure if it represents a vulnerability, but certainly I expect Google will try to get rid of this feature.  The SecuriTeam blog has reported that it is possible to expose the full name of the user who registered a GMail account.  ...

Tags: Google Inc., Google Gmail, SecuriTeam Blog, Phishing, E-mail Providers, Cyberthreats, Cloud Computing, Spam, Viruses And Worms, Security, Spam And Phishing, Internet, Nathan McFeters

Blog posts 2008-07-15

Sun releases JRE Version 6 Update 7, 90% of desktops currently at risk*

* The 90% of desktops currently at risk comes from numbers presented at the Java One Keynote in 2008.  If you aren't patched, get the Java control panel up and get updated, or go to Sun's site to download the update, cause this one's big. Yesterday Sun...

Tags: Desktop, Sun Microsystems Inc., JRE, Programming Languages, Java, Software Development, Software/Web Development, Nathan McFeters

Blog posts 2008-07-11