data execution prevention Resources

Sponsored White Papers, Webcasts, and Downloads

ZDNet Resources

2008 Pwnie Award nominees announced: 2008 Pwnie Award nominees announcedNot bad butI have to give Lamest Vendor Response to Apple for the Safari carpet bomb flaw.Ok, Nate, so here's a solution to your QuickTime problemDon't run your browser with administrative credentials... yeah, yeah you're going to counter with something that is probably mostly FUD based....; Tags: Digital music, SECURITY, Operating systems, Nate, Pwnie Award; Discussion threads 2008-07-21
Microsoft shares more IE8 security details: Microsoft shares more IE8 security detailsDEP is a great ideaDEP is a great idea, as it prevents a large number of buffer overflow attacks - which happen to be the most common type of non-email attack, and a reason why we keep having to update all of the time.DEP isn't...; Tags: security, Microsoft Corp., data execution prevention; Discussion threads 2008-05-08
Apple bolsters QuickTime defenses... or do they?: A couple of great articles came out recently, one from Ryan Naraine and one from our very own Larry Dignan, about some of the defenses that Apple is trying to build into QuickTime to defend Vista users. As we've talked about here before, with Vista, it's all...; Tags: Apple QuickTime, Blog, Microsoft Windows Vista, Apple Inc., Data Execution Prevention, ASLR, David Maynor, Microsoft Windows Vista (Longhorn), Blogging, Digital Music, Digital Media, Operating Systems, Microsoft Windows, Software, Internet, Personal Technology, Consumer Electronics, Nathan McFeters; Blog posts 2008-04-08
Interview with the Vista Pwn2Own contest winners: Interview with the Vista Pwn2Own contest winnersSo NO, we did not duplicate it on any other platform.What Nate states is this is a compiler issue with a polymorphism/name mangling bug. Therefore, it is not a Adobe coding issue. So my questions still remain:1) Have you duplicated this on...; Tags: Microsoft Windows Vista (Longhorn), data execution prevention, Vista Pwn2Own, Nate, flaw, Microsoft Windows Vista; Discussion threads 2008-04-02
Interview with the Vista Pwn2Own contest winners: Update 04/03/2008: I've updated the article as apparently the link to k2's blog was broken. Also, it's important to note that Derek Callaway was a part of this research and exploitation as well, and I neglected to mention that. So obviously our coverage of the Pwn2Own contest has...; Tags: Adobe Systems Inc., Vulnerability, JavaScript, Microsoft Windows Vista, Exploit, Data Execution Prevention, Flaw, Nate, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters; Blog posts 2008-04-02

More details on the Pwn2Own Flash flaw that won the Vista machine: More details on the Pwn2Own Flash flaw that won the Vista machineOr should we blame MicrosoftFor their inability to push DEP sooner and get more of a response out developers sooner and breaking applications that have been coded wrongly for years.That would be the ABMer's excuse anyway.NBMer would say that...; Tags: Microsoft Windows Vista (Longhorn), Programming languages, Operating systems, UNIX, SECURITY, Pwn2Own Flash, Pwn2Own Flash flaw, Microsoft Windows Vista, data execution prevention, Vista Machine, Java, flaw, Nate, Adobe Systems Inc., Microsoft Corp., Linux; Discussion threads 2008-03-31
More details on the Pwn2Own Flash flaw that won the Vista machine: So, I've been pretty surprised by the response to the discussion of the Flash flaw that allowed the Vista machine to be compromised in the Pwn2Own contest. I'm working on getting an interview with Alexander Sotirov and Shane Macaulay (see image, courtesy of ZDI's official site) to discuss the issue, but...; Tags: Java, Microsoft Windows Vista, Data Execution Prevention, Flaw, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Nathan McFeters; Blog posts 2008-03-31
Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features: Consider this, Microsoft spends huge amounts of dollars and manpower creating protections for the Vista operating system, yet we still have old school vulnerabilities. Why? The answer is simple really, third-party created code is not stepping up and taking advantage of these powerful protection mechanisms. I'm not...; Tags: Security, Microsoft Windows Vista, Data Execution Prevention, Exploitation, Address Space Layout Randomization, Nathan McFeters; Blog posts 2008-03-02
Latest QuickTime bug leaves XP, Vista vulnerable: Latest QuickTime bug leaves XP, Vista vulnerableRE: Latest QuickTime bug leaves XP, Vista vulnerableWhat doesn't open Windows to attack? ... the off button?The problem is...The problem is that Apple's OS, because of its pitiful marketshare, is not really battle-tested to the extent that an OS is that has...; Tags: Digital music, Digital media, Apple QuickTime, QuickTime Bug, Microsoft Windows XP, workstation, data execution prevention, Microsoft Windows Vista; Discussion threads 2007-11-26
DiaryOne (exe): DiaryOne is a creative multimedia diary keeper software for storing your private information securely. DiaryOne can store not only texts but also multimedia information including sounds, pictures, etc. It also provides various skins and stationeries for your diaries. You can select a diary skin as you like. Even, you can...; Tags: Multimedia, Diary, Data Execution Prevention, DiaryOne; Software downloads 2007-07-30
PIMOne (exe): PIMOne is easy-to-use personal-information-management PIM software. Bringing convenience to your work and life, PIMOne is an indispensable assistant that can help you manage your contacts, plans, tasks, passwords, memos, and notes.Version 5.3 adds support for Vista DEPData Execution Prevention.; Tags: Data Execution Prevention, PIMOne Computing; Software downloads 2007-07-30
MS Patch Tuesday: Vista dinged again: MS Patch Tuesday: Vista dinged againGuess Bill G was wrong"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."Guess every 2...; Tags: Microsoft Windows Vista (Longhorn), Patches, Microsoft Windows Vista, MICROSOFT SUCKS, Microsoft Corp., data execution prevention, vulnerability, Microsoft Windows, security; Discussion threads 2007-04-10
New Word 2007 flaws, exploits released: New Word 2007 flaws, exploits releaseddoes DEP prevent the exploit?Data execution prevention DEP has been around for a few years now. It has the ability to prevent most buffer overrun attacks, so it's certainly fair to start reporting which exploits are stopped by DEP and which ones aren't.Although MS still...; Tags: Linux, SECURITY, Operating systems, UNIX, Microsoft Word 2007, Microsoft Word, Microsoft Corp., data execution prevention, exploit, flaw, hacker; Discussion threads 2007-04-10
Cursor flaw gives Vista security a black eye: Cursor flaw gives Vista security a black eyeBecause when they don't the ABMers whine"MSFT had the choice between compatibility and reliability and, as they've done every other time in their history of developing operating systems, they chose the former"How many whiny posts have we seen from people about Vista not...; Tags: Microsoft Windows Vista (Longhorn), Microsoft Windows Vista, data execution prevention, Microsoft Corp., flaw, security; Discussion threads 2007-04-04
Why is Microsoft hell-bent on ruining their reputation?: Microsoft had multiple chances to release a patch for the ANI Animated Cursor Exploit in the months of January, February, and March but failed to release any patches for the vulnerability that was originally disclosed privately to Microsoft on December 20 2006. Now were getting an emergency patch today...; Tags: Vista, Security, News, Microsoft, Hardware, Desktop, Browsers; Blog posts 2007-04-03
DEP - A missed opportunity to protect millions of Windows users: DEP - A missed opportunity to protect millions of Windows usersHow do you completelydisable it?How do you tell the difference between...... a benign DEP exception from a badly-written program, and someone exploiting a dangerous buffer-overflow bug which can completely compromise your system?I enabled full DEP on both of my sisters'...; Tags: Microsoft Windows, print manager, exe, data execution prevention, printer; Discussion threads 2006-09-21
DEP - A missed opportunity to protect millions of Windows users: Imagine coming across someone who had both an antivirus package and firewall software installed on their PC and yet both were switched off. You'd think that they were pretty dumb, way too brave or a little bit crazy (or they are antivirus researchers!). But the fact is that...; Tags: data execution prevention; Blog posts 2006-09-21
Hardware DEP saves day again on VML IE exploit: After some testing on the VML zero-day exploit for Internet Explorer, I have managed to verify that hardware-enforced DEP will prevent the exploit from launching. IE will simply generate a DEP error asking you if you want to make a DEP exception for Internet Explorer (which you should say...; Tags: data execution prevention; Blog posts 2006-09-20
Microsoft DEP kills Microsoft LiveMeeting: Microsoft DEP kills Microsoft LiveMeetingGood to hear who reads your blog.Atleast you know Microsoft has their eyes on you and will try and fix your problems. Although the DEP bit is a bit of a problem. As you said before, hardware DEP is the way to go.hmmchances are...; Tags: Skype Technologies S.A., data execution prevention, Microsoft Corp., Microsoft Office Live Meeting; Discussion threads 2006-05-11
Microsoft DEP kills Microsoft LiveMeeting: When I posted "Why can't MS LiveMeeting stay alive?" this morning, I got an email from a Microsoft spokesperson 5 hours later and a technical support call soon followed. As it turns out, Microsoft Windows XP SP2 DEP protection kills Microsoft LiveMeeting 2003 and 2005. The solution was...; Tags: data execution prevention; Blog posts 2006-05-11