buffer-overflow Resources on ZDNet

Sponsored White Papers, Webcasts, and Downloads

ZDNet Resources

Novell GroupWise 'mailto' URI handler buffer overflow vulnerability: Researcher Juan Pablo Lopez Yacubian has reported another URI abuse exploit. From Security Focus: Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute...; Tags: Novell Inc., Researcher, Vulnerability, Buffer-overflow, Novell GroupWise, E-mail Servers, E-mail Clients, Groupware, Viruses And Worms, Security, Enterprise Software, Software, Nathan McFeters; Blog posts 2008-04-29
Black Hat Europe, Day 2: The day that wasn't and Black Hat Europe, Day 3: Begin the presentations: If you haven't seen it yet, you can check out Day 1 of my coverage of Black Hat Europe 2008 here. So, for those of you looking forward to a Black Hat Day 2 update with some more from the training sessions... I'm afraid it didn't happen. I had...; Tags: Black Hat, Antivirus, Buffer-overflow, Attack, Breese, Security, Viruses And Worms, Nathan McFeters; Blog posts 2008-03-29
Cisco patches multiple vulnerabilities in IP phones: Cisco on Wednesday delivered patches to plug multiple overflow and denial of service vulnerabilities. In an advisory Cisco said multiple IP phone devices running the Skinny Client Control Protocol SCCP firmware were impacted. The vulnerabilities range from arbitrary code executions on a phone to forced phone reboots....; Tags: Phone, IP Phone, Vulnerability, Patch Management, IP, Cisco Systems Inc., Firmware, Buffer-overflow, Security, Larry Dignan; Blog posts 2008-02-14
After the hello, goodbye and thanks: After the hello, goodbye and thanksBest of Luck!ntA modified traditional Irish blessingMay the information superhighway rise up to meet youMay the ACL be always at your backThe powerboost shine warm upon your wiresThe load balancers fall soft upon your last mileAnd until we ping againMay QoS hold your packets in...; Tags: SECURITY, Ryan, buffer-overflow; Discussion threads 2007-12-14
Apple nukes QuickTime for Java, plugs more code execution holes: Less than a week after its QuickTime media player made the top-ten list of most vulnerable Windows applications, Apple shipped QuickTime 7.3 to patch a total of at least seven vulnerabilities that could lead to code execution attacks. The update, available for both Mac and Windows (XP...; Tags: Attacker, Apple QuickTime, Java, Movie, Apple Inc., Buffer-overflow, Application Termination, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2007-11-05

Apple plugs gaping iTunes hole, doesn't tell everyone: Apple today shipped an iTunes software refresh to add support for all its shiny new toys but, unless you're following security announcements closely, you'd never know that iTunes 7.4 contains a fix for a pretty nasty code execution vulnerability. Here's what Mac users see: ...; Tags: Security, Apple Macintosh, Apple Inc., Buffer-overflow, Apple iTunes, Ryan Naraine; Blog posts 2007-09-06
Defend against format string attacks: Printf functions and the bugs due to the misuse of them have been around for years, but in 2000, the security world became aware of a new type of security vulnerability in software that became known as format string bugs, a completely new method for exploiting programming bugs...; Tags: Bug, Buffer-overflow, Attack, Chapter Coverage, Security, Development Tools, Viruses And Worms, Software Development, Software/Web Development; Book chapters 2007-07-06
Hacker demos how to defeat Citibank's virtual keyboard: Hacker demos how to defeat Citibank's virtual keyboardIs it software?It can be hacked.Wouldn't you noticeWouldn't you begin to wonder why your hard drive kept getting eating up with screen print size images every time you clicked a mouse? However, I think the research is right, once your system is owned,...; Tags: Keyboards, Viruses and worms, buffer-overflow, virtual keyboard, keyboard, password, attacker, Citigroup Inc., security; Discussion threads 2007-05-11
null: nullI see ...you have read Schneiers work ... everyone should.(And why not also Kevin Mitnik :) :) )It is the well known Fort Knox paradigm ...Everyone knows where the Gold is ...Wouldn't it be Wiser to simply hide the Gold in smaller and spread vaults?Simple answer: No.At that same exchange...; Tags: Viruses and worms, buffer-overflow, exploit, security, Nothing; Discussion threads 2007-05-04
Apple patches QuickTime bug exposed in MOAB: Security Update 2007-001 was just released and is available via Apples Software Update application. Apples first security update of 2007 is recommended for all users and improves the security of QuickTime. The update fixes the buffer overflow issue in QuickTimes RTSP URL handling. From the Apple security Web site: ...; Tags: Software, buffer-overflow, RTSP URL; Blog posts 2007-01-23
How to defend against VML zero-day IE exploit: How to defend against VML zero-day IE exploitthats all but the last paragraghbut no surprise thereMost people would prefer to hear a song......rather than a fanatical death-chant.I just verified it, hardware enforced DEP does workntWell throw the neutral comment out the window NTNTHmmmWhat would i recommend:Product A: with a vulnerability...; Tags: Web browsers, Patches, SECURITY, Mozilla Firefox, buffer-overflow, Web browser, exploit, patch management, Opera Software, VMware Inc.; Discussion threads 2006-09-20
Ichitaro patch (exe): The Ichitaro patch is designed to fix vulnerabilities in Ichitaro 9.x through 13.x and Ichitaro 2004 through 2006. The flaw, which is being exploited by malicious attackers, could result in a buffer overflow and the remote execution of code.; Tags: Buffer-overflow, Security, Viruses And Worms; Software downloads 2006-08-22
An Analysis of Microsoft Windows Vista's ASLR: Since the release of the Beta 2 version of Windows Vista, Microsoft has added ASLR Address Space Layout Randomization to protect it from buffer overflows. ASLR is not new and has been available for a long time on other operating systems, but the advantage of Vista's ASLR is that it...; Tags: Microsoft Windows Vista, Microsoft Corp., Buffer-overflow, Analysis, ASLR, Microsoft Windows Vista (Longhorn), Microsoft Windows, Viruses And Worms, Security, Operating Systems, Software; White papers 2006-05-10
RPM Remote Print Manager Select (exe): A comprehensive TCP/IP LPD Print Server for all Windows platforms. RPM expands printing capabilities by giving users more control, formatting options, & file management advantages over network server printing. Features include: SCS to ASCII translation & EBCDIC to ASCII translation, Remove PCL codes & convert LF to CRLF, ASA carriage...; Tags: ASCII, Translation, Buffer-overflow, Printing, Brooks Internet Software, RPM, Document Management, Security, Enterprise Software, Software, Finance, Managerial Accounting; Software downloads 2006-02-17
White Paper - Modern Network Security: The Migration to Deep Packet Inspection: The past few years has seen a radical evolution in the nature and requirements of network security. There are many factors contributing to these changes, the most important of which is the shift in focus from so-called 'network-level' threats, such as connection-oriented intrusions and Denial of Service DoS attacks, to...; Tags: eSoft, Network, Migration, Buffer-overflow, Attack, Security, Viruses And Worms, Phishing, Network Security, Networking, Spam And Phishing; White papers 2006-02-08
DefencePlus (exe): DefencePlus enables you to protect your system from hackers who use buffer overflow security flaws in Windows OS and applications to infiltrate and take control of your computer. With DefencePlus, you will no longer fear that some unscrupulous parasite will gain access to your documents, e-mails, passwords, and credit card...; Tags: Credit Card, Buffer-overflow, DefencePlus, Microsoft Windows, Sales Channel, Viruses And Worms, Security, Financial Services, Operating Systems, Software, Sales; Software downloads 2005-09-30
MSDN Webcast: Security Best Practices: Finding and Fixing Buffer Overflows (Level 200): Buffer overflows are never a good sign. This webcast describes what they are, and shows how to identify the big dangers associated with buffer overflows, as well as how to fix them.; Tags: Microsoft Developer Network, Webcast, Buffer-overflow, Viruses And Worms, Security; Webcasts 2005-09-28
Adobe warns of Reader, Acrobat bug: Adobe warns of Reader, Acrobat bugLet's seeThis vulnerability is the same if you have Windows, OSX, or Linux. If the marketshare argument is bunk, we should see an identical number of attacks against Windows, OSX, and Linux in the weeks to come. My guess? 0 attempts against OSX and Linux...; Tags: SECURITY, Operating systems, UNIX, buffer-overflow, Acrobat bug, Adobe Systems Inc., Linux, Adobe Acrobat, attack; Discussion threads 2005-08-17
A Novel Fuzzy Logic Controller (FLC) for Shortening the TCP Channel Roundtrip Time by Eliminating User Buffer Overflow Adaptively: The proposed Fuzzy Logic Controller FLC is a novel approach for dynamic buffer tuning at the user/server level. It eliminates buffer overflow by ensuring that the buffer length always cover the queue length adaptively. The FLC and the AQM Active Queue Management mechanisms at the router/system level together form a...; Tags: Australian Computer Society, TCP, Buffer-overflow, Fuzzy Logic Controller, Tcp/Ip, Networking, Viruses And Worms, Security; White papers 2005-07-15
Buffer Overflow Exploits: The Why and How: Buffer overflow exploits are pervasive, powerful, and easy to use. They are the tool of choice to today's attacker, and must be prevented. Keeping systems up-to-date with the most current security patches and using McAfee Entercept will protect servers against these powerful threats. Buffer overflow exploits can be prevented. If...; Tags: Buffer-overflow, Viruses And Worms, Security; White papers 2005-04-01