Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Opera plugs security holes; adds ALSR, DEP support
- Opera plugs security holes; adds ALSR, DEP supportASLR is only available on VistaASLR is only available on Vista
- Tags: ALSR, ASLR, data execution prevention, Opera Software ASA, security, security hole
- Discussion threads 2009-03-03
- Opera plugs security holes; adds ASLR, DEP support
- Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks. The Opera 9.64 upgrade also adds support for DEP Data Execution Prevention and ASLR (Address Space...
- Tags: Data Execution Prevention, Opera Software ASA, Ryan Naraine, Security, Viruses And Worms
- Blog posts 2009-03-03
- PIMOne 5.5 (Windows)
- PIMOne is easy-to-use personal-information-management PIM software. Bringing convenience to your work and life, PIMOne is an indispensable assistant that can help you manage your contacts, plans, tasks, passwords, memos, and notes.Version 5.3 adds support for Vista DEPData Execution Prevention.
- Tags: Microsoft Windows, Data Execution Prevention, PIMOne Computing, PIMOne
- Software downloads 2009-01-24
- IE zero-day attack surface expands
- IE zero-day attack surface expandsre: IE zero-day attack surface expandsWhat a pathetic situation.This goes across two versions of IE, and Microsoft hasn't issued an emergency patch for it?Thanks for the advice to go to Firefox or Opera...if you're smart you'll never go back to IE again.Typical Microsoft.RE: IE zero-day attack...
- Tags: Web browsers, IE zero-day attack surface, IE Zero-Day, attack surface, Microsoft Internet Explorer
- Discussion threads 2008-12-12
- Windows broken ... I'm surprised it took this long
- So, in a stroke, two security researchers Mark Dowd of IBM and Alexander Sotirov or VMware at Black Hat have set browser security back 10 years and rendered Vista's security have been rendered useless. by Adrian Kingsley-Hughes
- Tags: Paper, Microsoft Windows Vista, Microsoft Corp., Web Browser, Data Execution Prevention, Microsoft Windows, Microsoft Windows Vista (Longhorn), Operating Systems, Security, Software, Adrian Kingsley-Hughes
- Blog posts 2008-08-09
- 2008 Pwnie Award nominees announced
- 2008 Pwnie Award nominees announcedNot bad butI have to give Lamest Vendor Response to Apple for the Safari carpet bomb flaw.Ok, Nate, so here's a solution to your QuickTime problemDon't run your browser with administrative credentials... yeah, yeah you're going to counter with something that is probably mostly FUD based....
- Tags: Digital music, SECURITY, Operating systems, Nate, Pwnie Award
- Discussion threads 2008-07-21
- Microsoft shares more IE8 security details
- Microsoft shares more IE8 security detailsDEP is a great ideaDEP is a great idea, as it prevents a large number of buffer overflow attacks - which happen to be the most common type of non-email attack, and a reason why we keep having to update all of the time.DEP isn't...
- Tags: security, Microsoft Corp., data execution prevention
- Discussion threads 2008-05-08
- Apple bolsters QuickTime defenses... or do they?
- A couple of great articles came out recently, one from Ryan Naraine and one from our very own Larry Dignan, about some of the defenses that Apple is trying to build into QuickTime to defend Vista users. As we've talked about here before, with Vista, it's all...
- Tags: Apple QuickTime, Blog, Microsoft Windows Vista, Apple Inc., Data Execution Prevention, ASLR, David Maynor, Microsoft Windows Vista (Longhorn), Blogging, Digital Music, Digital Media, Operating Systems, Microsoft Windows, Software, Internet, Personal Technology, Consumer Electronics, Nathan McFeters
- Blog posts 2008-04-08
- Interview with the Vista Pwn2Own contest winners
- Interview with the Vista Pwn2Own contest winnersSo NO, we did not duplicate it on any other platform.What Nate states is this is a compiler issue with a polymorphism/name mangling bug. Therefore, it is not a Adobe coding issue. So my questions still remain:1) Have you duplicated this on...
- Tags: Microsoft Windows Vista (Longhorn), data execution prevention, Vista Pwn2Own, Nate, flaw, Microsoft Windows Vista
- Discussion threads 2008-04-02
- Interview with the Vista Pwn2Own contest winners
- Update 04/03/2008: I've updated the article as apparently the link to k2's blog was broken. Also, it's important to note that Derek Callaway was a part of this research and exploitation as well, and I neglected to mention that. So obviously our coverage of the Pwn2Own contest has...
- Tags: Adobe Systems Inc., Vulnerability, JavaScript, Microsoft Windows Vista, Exploit, Data Execution Prevention, Flaw, Nate, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters
- Blog posts 2008-04-02
- More details on the Pwn2Own Flash flaw that won the Vista machine
- More details on the Pwn2Own Flash flaw that won the Vista machineOr should we blame MicrosoftFor their inability to push DEP sooner and get more of a response out developers sooner and breaking applications that have been coded wrongly for years.That would be the ABMer's excuse anyway.NBMer would say that...
- Tags: Microsoft Windows Vista (Longhorn), Programming languages, Operating systems, UNIX, SECURITY, Pwn2Own Flash, Pwn2Own Flash flaw, Microsoft Windows Vista, data execution prevention, Vista Machine, Java, flaw, Nate, Adobe Systems Inc., Microsoft Corp., Linux
- Discussion threads 2008-03-31
- More details on the Pwn2Own Flash flaw that won the Vista machine
- So, I've been pretty surprised by the response to the discussion of the Flash flaw that allowed the Vista machine to be compromised in the Pwn2Own contest. I'm working on getting an interview with Alexander Sotirov and Shane Macaulay (see image, courtesy of ZDI's official site) to discuss the issue, but...
- Tags: Java, Microsoft Windows Vista, Data Execution Prevention, Flaw, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Nathan McFeters
- Blog posts 2008-03-31
- Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features
- Consider this, Microsoft spends huge amounts of dollars and manpower creating protections for the Vista operating system, yet we still have old school vulnerabilities. Why? The answer is simple really, third-party created code is not stepping up and taking advantage of these powerful protection mechanisms. I'm not...
- Tags: Security, Microsoft Windows Vista, Data Execution Prevention, Exploitation, Address Space Layout Randomization, Nathan McFeters
- Blog posts 2008-03-02
- Latest QuickTime bug leaves XP, Vista vulnerable
- Latest QuickTime bug leaves XP, Vista vulnerableRE: Latest QuickTime bug leaves XP, Vista vulnerableWhat doesn't open Windows to attack? ... the off button?The problem is...The problem is that Apple's OS, because of its pitiful marketshare, is not really battle-tested to the extent that an OS is that has...
- Tags: Digital music, Digital media, Apple QuickTime, QuickTime Bug, Microsoft Windows XP, workstation, data execution prevention, Microsoft Windows Vista
- Discussion threads 2007-11-26
- MS Patch Tuesday: Vista dinged again
- MS Patch Tuesday: Vista dinged againGuess Bill G was wrong"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."Guess every 2...
- Tags: Microsoft Windows Vista (Longhorn), Patches, Microsoft Windows Vista, MICROSOFT SUCKS, Microsoft Corp., data execution prevention, vulnerability, Microsoft Windows, security
- Discussion threads 2007-04-10
- New Word 2007 flaws, exploits released
- New Word 2007 flaws, exploits releaseddoes DEP prevent the exploit?Data execution prevention DEP has been around for a few years now. It has the ability to prevent most buffer overrun attacks, so it's certainly fair to start reporting which exploits are stopped by DEP and which ones aren't.Although MS still...
- Tags: Linux, SECURITY, Operating systems, UNIX, Microsoft Word 2007, Microsoft Word, Microsoft Corp., data execution prevention, exploit, flaw, hacker
- Discussion threads 2007-04-10
- Cursor flaw gives Vista security a black eye
- Cursor flaw gives Vista security a black eyeBecause when they don't the ABMers whine"MSFT had the choice between compatibility and reliability and, as they've done every other time in their history of developing operating systems, they chose the former"How many whiny posts have we seen from people about Vista not...
- Tags: Microsoft Windows Vista (Longhorn), Microsoft Windows Vista, data execution prevention, Microsoft Corp., flaw, security
- Discussion threads 2007-04-04
- Why is Microsoft hell-bent on ruining their reputation?
- Microsoft had multiple chances to release a patch for the ANI Animated Cursor Exploit in the months of January, February, and March but failed to release any patches for the vulnerability that was originally disclosed privately to Microsoft on December 20 2006. Now were getting an emergency patch today...
- Tags: Vista, Security, News, Microsoft, Hardware, Desktop, Browsers
- Blog posts 2007-04-03
- DEP - A missed opportunity to protect millions of Windows users
- DEP - A missed opportunity to protect millions of Windows usersHow do you completelydisable it?How do you tell the difference between...... a benign DEP exception from a badly-written program, and someone exploiting a dangerous buffer-overflow bug which can completely compromise your system?I enabled full DEP on both of my sisters'...
- Tags: Microsoft Windows, print manager, exe, data execution prevention, printer
- Discussion threads 2006-09-21
- DEP - A missed opportunity to protect millions of Windows users
- Imagine coming across someone who had both an antivirus package and firewall software installed on their PC and yet both were switched off. You'd think that they were pretty dumb, way too brave or a little bit crazy (or they are antivirus researchers!). But the fact is that...
- Tags: data execution prevention
- Blog posts 2006-09-21
White Papers and Webcasts
