exploit code and uncategorized Resources

Sponsored White Papers, Webcasts, and Downloads

ZDNet Resources

Patch Tuesday: 7 bulletins, 18 flaws, all critical: Its an all-critical Patch Tuesday.Microsoft has just released seven advisories -- all rated critical -- with patches for at least 18 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser.Five of the 18 vulnerabilities affect Windows Vista.The batch of updates includes...; Tags: Apple, Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Open source, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Uncategorized, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks; Blog posts 2007-05-08
Botnet herders pounce on Windows DNS RPC flaw: Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets.The latest twist in the ongoing attacks comes less than a week after Microsofts pre-patch advisory provided clues for hackers to write and release detailed exploit code.Anti-virus researchers have...; Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Uncategorized, Symantec, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers, Botnets; Blog posts 2007-04-17
Oracle Patch Day: 37 flaws fixed: Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products.The April 2007 CPU addresses a wide range of vulnerabilities affecting the following product lines:* Oracle Database (14 flaws, including one with a CVSS base score of...; Tags: Vulnerability research, Pen testing, Uncategorized, Responsible disclosure, Patch Watch, Oracle, Metasploit, Hackers, Exploit code, Data theft; Blog posts 2007-04-17
How to turn off RPC management of DNS on a large scale: In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if youre in charge of a large-scale Windows...; Tags: Zero-day attacks, Uncategorized, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers; Blog posts 2007-04-13
Microsoft: Beware of .HLP files: Microsoft is urging Windows users to be very careful when opening ".hlp" attachments.The warning follows the release of exploit code for possible new zero-day bug in the Microsoft Help subsystem, which is used to display files with the ".hlp" extension. The proof-of-concept code, posted at Milw0rm.com, provides instructions on how...; Tags: Zero-day attacks, Viruses and Worms, Spam and Phishing, Rootkits, Pen testing, Patch Watch, Microsoft, Hackers, Exploit code, Data theft, Vulnerability research, Uncategorized, Spyware and Adware, Responsible disclosure, Browsers; Blog posts 2007-04-11

Microsoft knew of Windows .ANI flaw since December 2006: A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.According to Alexander Sotirov, chief reverse engineer at Determina, his research team discovered and reported the flaw to...; Tags: Zero-day attacks, Windows Vista, Vulnerability research, Uncategorized, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets; Blog posts 2007-03-30
Black Hat RFID hacking demo threatened: Another Black Hat conference, another vulnerability disclosure debate.IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal stumbling block after secure card maker HID Corp. raised objections in a letter that claims possible patent infringement.InfoWorld's Paul Roberts is reporting that HID sent...; Tags: Wi-Fi security, Pen testing, Black Hat, Exploit code, Responsible disclosure, Punditocracy, Cisco, Vulnerability research, Oracle, Hackers, Zero-day attacks, Uncategorized; Blog posts 2007-02-27
Symantec: Vista's UAC prompts can't always be trusted: Microsofts implementation of the UAC user account control mechanism in Windows Vista continues to take a beating from security researchers. Less than a week after Polish hacker Joanna Rutkowska raised an alert for design -- and implementation -- bugs in the default no-admin component, a member of Symantecs Advanced...; Tags: Black Hat, Data theft, Exploit code, Hackers, Microsoft, Pen testing, Punditocracy, Responsible disclosure, Uncategorized, Vulnerability research, Windows Vista; Blog posts 2007-02-20
Sun rushes out patch for Solaris Telnet exploit: Sun Microsystems has rushed out patches to fix a code execution hole in the Solaris 10/11 telnet daemon (in.telnetd). The companys fix comes just days after a hacker known as "Kingcope" went public with details of the vulnerability, which allows a remote attacker to bypass the Sun Solaris telnet...; Tags: Exploit code, Hackers, Patch Watch, Pen testing, Responsible disclosure, Uncategorized, Viruses and Worms, Vulnerability research; Blog posts 2007-02-13
MS Patch Tuesday: 12 bulletins, 6 critical, 20 vulnerabilities: Microsoft's Patch Tuesday train rumbled into security central with a full load today: 12 bulletins with patches for at least 20 vulnerabilities in a wide range of widely used software products.Six of the 12 bulletins are rated "critical," Redmond's highest severity rating.As expected, there are fixes for gaping holes...; Tags: Botnets, Browsers, Data theft, Exploit code, Hackers, Microsoft, Patch Watch, Uncategorized, Viruses and Worms, Vulnerability research, Zero-day attacks; Blog posts 2007-02-13

Additional Resources

iPhone gas application roundup: On 18 June 2008 I published my iPhone app wishlist and I'm happy that most of my most requested applications have been released (Thank you Texas Hold'Em!). Two my most request applications dealt with fuel, specifically a fuel economy tracker and a cheap gas finder. Several iterations...; Tags: Apple iPhone, Vehicle, MPG, AccuFuel, Gas Finder, Roi/Tco, GPS, 3G, Handhelds, Finance, Managerial Accounting, Consumer Electronics, Personal Technology, Cellular Phones, Hardware, Jason D. O\'Grady; Blog posts 2008-07-25
Gaping holes in RealPlayer patched: Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks. The patch comes a few hours after Secunia released an advisory warning for one...; Tags: Vulnerability, RealNetworks Inc., RealNetworks RealPlayer, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2008-07-25
Microsoft joins 'patch DNS now' chant; Apple patch missing: On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...; Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine; Blog posts 2008-07-25
Heap-based buffer overflow reported in RealNetworks RealPlayer: Update 07/25/2008: Aaron Portnoy of TippingPoint's security research group was kind enough to point out that I'm actually not affected by this, since I've installed the newest version of RealPlayer. From Aaron's email: Notice the Secunia advisory states it affects RealPlayer 10.5... the latest is 11.x, which now uses...; Tags: Vulnerability, RealNetworks Inc., Buffer-overflow, RealNetworks RealPlayer, Secunia Research, Vendor, Digital Music, Digital Media, Personal Technology, Consumer Electronics, Nathan McFeters; Blog posts 2008-07-25
Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon: Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soonTTLSomething I wish I'd asked during the webcast and which I can't quite get my head around:It was said that setting a long TTL doesn't help because of the way delegation works - has to...; Tags: Domain names, DNS server, TTL, server, Kaminsky; Discussion threads 2008-07-24
Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon: I listened to the Black Hat webcast today to grab as much info as I could on this subject. The biggest thing that I heard from the whole talk is that the patch fixes things to a reasonable point, but that long-term, there will have to be more work...; Tags: CERT, DNS Server, Server, Kaminsky, Dan, Patches, Domain Names, Security, Internet, Nathan McFeters; Blog posts 2008-07-24
Government, markets and regulation: Government, markets and regulationJust Another Gov't Program Gone BadFannie Mae was created in the Depression to create liquidity in the mortgage market. Lequidity had been wiped out by the stock market collapse and bank runs.As with all government programs, it just grew and grew and never went away. ...; Tags: Mortgages, Vertical industries, Fannie Mae, Freddie Mac, mortgage, government; Discussion threads 2008-07-24
Another student hacks another police website: Another student hacks another police websiteRE: Another student hacks another police websitethey should probably code their site correctly with decent form validatation and revalidation, so that SQL injection attacks like this don't work. It's not that hard!; Tags: Web site development, Web technology, police website, Web site; Discussion threads 2008-07-24
Intel launches new chip for consumer electronics: In its latest bid to expand beyond PCs and servers into industrial and consumer electronics applications, Intel has announced a new family of embedded processors. These chips are not based on the Atom processor already used in netbooks and Mobile Internet Devices MIDs--those versions won't arrive until...; Tags: Consumer Electronics, Electronics, Intel Corp., Chip, Atom, SoCs, Semiconductors, Network Technology, Processors, Hardware, Networking, Components, John Morris; Blog posts 2008-07-24
Ingres gives Fortify security study a good fisking: Open source projects in Fortify's Open Review report fewer defects per thousand lines of code than proprietary products in the same review. by Dana Blankenhorn; Tags: Ingres, Databases, Security, Enterprise Software, Software, Data Management, Dana Blankenhorn; Blog posts 2008-07-24