exploit Resources on ZDNet

ZDNet Dictionary Definition

Exploit: In computer security, an unethical or illegal attack that takes advantage of some vulnerability. See zero-day exploit and PoC exploit.; Full Exploit Definition >>

ZDNet Resources

Interview with the Vista Pwn2Own contest winners: Update 04/03/2008: I've updated the article as apparently the link to k2's blog was broken. Also, it's important to note that Derek Callaway was a part of this research and exploitation as well, and I neglected to mention that. So obviously our coverage of the Pwn2Own contest has...; Tags: Adobe Systems Inc., Vulnerability, JavaScript, Microsoft Windows Vista, Exploit, Data Execution Prevention, Flaw, Nate, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters; Blog posts 2008-04-02
MacBook Air falls in two minutes at PWN 2 OWN: MacBook Air falls in two minutes at PWN 2 OWNthe detailshere is more info:http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-pictureRE: MacBook Air falls in two minutes at PWN 2 OWNThat's a little sad since Mac's claim to fame is a low vulnerability to such things. Pretty soon they'll have to play ball with antivirus software...; Tags: Notebooks, PWN 2 OWN, MacBook Air, Apple MacBook, exploit, Zero Day Initiative; Discussion threads 2008-03-27
Researcher: Critical vulnerability found in VMware's desktop apps: Core Security Technologies said Monday that it has discovered vulnerability in VMware's desktop virtualization software that allows an attacker to gain complete control a system and launch executable files on the host operating system. The discovery is notable given that virtualization security is largely uncharted territory. However,...; Tags: Desktop, Vulnerability, Discovery, VMware Inc., Exploit, Core Security Technologies, Security, Larry Dignan; Blog posts 2008-02-25
Vista SP1 will contain undocumented fixes: Vista SP1 will contain undocumented fixesThe WOW really starts now.How can you take a perfect product and make it even better, leave it in the hands of Microsoft, the world leader is absolute security. I asked my Rep to comment on [I]Microsoft identifies the root cause of each security...; Tags: Microsoft Windows Vista (Longhorn), OPEN SOURCE, Microsoft Corp., vulnerability, Microsoft Windows Vista, exploit, API, software, service pack, security, Microsoft Windows Vista SP1; Discussion threads 2008-02-05
Immunity launches exploit for 'unlikely' Windows worm hole: Immunity launches exploit for 'unlikely' Windows worm holeRE: Immunity launches exploit for 'unlikely' Windows worm holeWow! Windows has an exploit? One that is exploitable? Really??? No way! Not the "great Microshaft" that we have all come to know and hate! Come on Microsoft! ...; Tags: SECURITY, Nothing, Windows worm hole, worm hole, Microsoft Windows, exploit; Discussion threads 2008-01-29

Immunity launches exploit for 'unlikely' Windows worm hole: A workable exploit attack for a TCP/IP vulnerability in Microsoft's Windows has been launched into the wild courtesy of security firm Immunity. On Jan. 17, it became clear that you shouldn't dawdle on deploying Microsoft's MS08-001 patch. That patch, issued Jan. 8, fixed a Transmission Control Protocol/Internet...; Tags: Vulnerability, Security Company, Microsoft Corp., Exploit, Tcp/Ip, Microsoft Windows, Security, Networking, Operating Systems, Software, Larry Dignan; Blog posts 2008-01-29
MetaSploit launches version 3.1, improves Windows GUI, supports iPhone: The Metasploit Project released version 3.1 of its exploit development and attack framework. Key additions include a better Windows interface and support for the iPhone. Metasploit, the brainchild of H D Moore, is an open source tool that outlines attack vectors. In a blog post announcing the...; Tags: Apple iPhone, GUI, Exploit, Microsoft Windows, Hacking, Operating Systems, Software, Security, Larry Dignan; Blog posts 2008-01-28
Security breakdown? Nah, just marketing hype: Sean Hargrave over at the Guardian seems concerned about security research firms paying hackers for exploits before they are even reported to the responsible vendor. My reaction to this issue has been: "So what, big deal". Various vendors have made defending against so-called...; Tags: Concept, Marketing, Vendor, Exploit, Security, Richard Stiennon; Blog posts 2008-01-17
Come and get it: $20K bounty on Microsoft vulnerabilities: An outfit called Digital Armaments has announced a $20,000 bounty for hackers that cook up and exploitable vulnerability or working exploit for Windows applications. The contest's deadline is Feb. 29. Aside from the creepiness of the whole effort, Ryan Naraine points out that there's...; Tags: Vulnerability, Bounty, Microsoft Corp., Outfit, Hacker, Exploit, Digital Armaments, Hacking, Security, Larry Dignan; Blog posts 2008-01-15
What will the hackers be targeting in 2008?: What will the hackers be targeting in 2008?VistaNTProbably notIf cells were easy targets we would have had the Moto-virus. Razor was / is a popular phone with Bluetooth and web access points. The agruement that iPhone will be targeted more than others is plain silly. The numbers...; Tags: Hacking, SECURITY, hacker, Apple iPhone, exploit; Discussion threads 2007-12-12
QuickTime zero-day attacks intercepted: QuickTime zero-day attacks interceptedThis anti-Apple bias must stopThis story is false. It must be false because the Apple zealots have always told us that Apple is better than Microsoft because Apple patches [b]before[/b] there are exploits in the wild and here we have (yet another) case where ZDNet is reporting...; Tags: Cyberthreats, SECURITY, Viruses and worms, rootkit, Norton Co., Apple Inc., Symantec Corp., exploit, Apple QuickTime, virus, Microsoft Windows, zero-day bug; Discussion threads 2007-12-03
exploit posted for Viewpoint Media Player flaw: Exploit code for an unpatched vulnerability in the widely distributed Viewpoint Media Player has been posted on the Internet, putting millions of Internet Explorer users at risk of code execution attacks. The exploit, available at Milw0rm.com, takes advantage of a stack-based buffer overflow in the Viewpoint browser...; Tags: Player, Exploit, Viewpoint Corp., Media Player, Flaw, Media Players, Digital Music, Digital Media, Security, Consumer Electronics, Personal Technology, Ryan Naraine; Blog posts 2007-11-06
Symantec intercepts Microsoft Word exploit: Symantec intercepts Microsoft Word exploitAnd that's why undisclosed/secret patches are not kosherI have suggested many times before that, as is obviously apparent here, reverse engineering of the patch has occurred and this reverse engineering lead to an exploit. In this case, the change is known, the reason for the...; Tags: Word processors, Patches, Microsoft Office, Microsoft Corp., Microsoft Windows, Microsoft Word, Systems Affected, exploit, patch, Symantec Corp.; Discussion threads 2007-10-11
Symantec intercepts Microsoft Word exploit: Just 24 hours after Microsoft shipped a patch for a critical vulnerability affecting Microsoft Word, researchers at Symantec say they have intercepted a malicious Word .doc rigged with a backdoor Trojan. The malicious document exploits the workspace memory corruption remote code execution flaw patched in the MS07-060...; Tags: Symantec Corp., Trojan Horse, Microsoft Corp., Exploit, Microsoft Word, Word Processors, Spyware, Adware & Malware, Spyware, Security, Microsoft Office, Viruses And Worms, Office Suites, Software, Ryan Naraine; Blog posts 2007-10-11
LinkScanner Pro (exe): LinkScanner Pro provides automatic real-time analysis of network traffic and web site content to protect you from a wide range of online threats including malicious content, phishing, social engineering, and targeted software exploits (including zero-day attacks)- so there's no need to worry whether you have the latest patches installed. Your...; Tags: Paid Search, Exploit, LinkScanner Pro, Search, Phishing, Security, Spam And Phishing; Software downloads 2007-09-07
Gentoo pulls vulnerable server offline: Gentoo pulls vulnerable server offlineHow can this be? Isn't UNIX da bomb when it comes to security?Two exploited Linux systems within a weeks time? I thought UNIX was impervious to exploits. Surely you must be spreading FUD :-)Does this disprove the "many eyes" theory?and if not, does this show a...; Tags: Operating systems, OPEN SOURCE, operating system, Unix, Gentoo, Linux, exploit, server, vulnerable server; Discussion threads 2007-08-17
Code execution exploit dings iPhone: Code execution exploit dings iPhoneThat didn't take long...... and what a great exploit! One trip to a bad website and your data is owned by someone else. Now, whilst I'm not exactly known as an admirer of M$, it has to be said that this exploit makes some of their...; Tags: Hacking, Advertising & Promotion, SECURITY, Apple iPhone, exploit, mobile, hacker, Apple Inc.; Discussion threads 2007-07-23
Code execution exploit dings iPhone: Apple's iPhone has failed the security smell test.Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be used to take full control of an iPhone surfing to a rigged Web site.Dr Charlie Miller, a...; Tags: Wi-Fi security, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Passwords, Mozilla, Microsoft, Metasploit, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat, Apple; Blog posts 2007-07-23
MPack exploit kit creator speaks: SecurityFocus.com reporter Rob Lemos has a fascinating interview with one of the developers of MPack, the exploit kit used in thousands of drive-by malware attacks.In the interview, presented from multiple IRC conversations and edited/reordered for clarity, Lemos does a nice job of peeking behind the dark curtain of exploit writing...; Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat; Blog posts 2007-07-20
Second Life: avatar sued for copyright infringement: Second Life: avatar sued for copyright infringementOld exploits?There is (or at least was) a tool publicly out there that could copy the prim (shape) information of objects, and I know that there used to be a couple of exploits that would end up giving you the source code for a...; Tags: exploit, Second Life; Discussion threads 2007-07-04