exploitation

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Vendor claims ZDNet being "exploited" to send spam, forgets definition of exploit; Update: we were sending spam

Update: this post is factually incorrect.  ZDNet was sending out spam. A security vendor has claimed that ZDNet is being "exploited" by Google Docs in order to send spam. Let's pick apart this exploitation claim and try to figure out what the spammers are really doing....

Tags: Google Docs, Exploitation, Cyberthreats, Spam, Security, Spam And Phishing, Adam O'Donnell

Blog posts 2009-01-19

Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out

Earlier today I published a lengthy blog post questioning some of the sensationalist conclusions raised in press coverage of a paper presented by Alexander Sotirov and Mark Dowd at last week’s Black Hat Conference in Las Vegas. This afternoon, I received an e-mail from Sotirov, who says he was "horrified...

Tags: Technique, Black Hat, Microsoft Windows XP, Vulnerability, Microsoft Windows Vista, Microsoft Corp., Web Browser, Exploitation, Microsoft Windows Vista (Longhorn), Web Browsers, Security, Operating Systems, Microsoft Windows, Software, Internet, Ed Bott

Blog posts 2008-08-11

Windows security rendered useless? Uh, not exactly

Windows security rendered useless? Uh, not exactlyOh no!!Another Bott post!!!! I glad there is no more nonsense comparison between two different things.Um, Ed ...... I know you read the paper because I sent you the PDF, but it seems you failed to notice a few things.You accuse me of "alarming...

Tags: Web browsers, Defense-in-Depth, exploitation, Microsoft Windows, memory corruption vulnerability, Web browser, security

Discussion threads 2008-08-11

Samba dinged by 'highly critical' flaw

Researchers at Secunia have flagged a "highly critical" vulnerability in Samba, the widely deployed open-source software for networked file sharing and printing. According to an advisory from Secunia, the vulnerability affects Samba versions 3.0.28a and 3.0.29 and  can be exploited by malicious people to compromise a vulnerable...

Tags: Samba, Small And Medium Business, Flaw, Exploitation, Smb/Sme, Servers, Security, Hardware, Ryan Naraine

Blog posts 2008-05-28

Secunia finds 'highly critical' Foxit Reader Flaw

Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority. According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete...

Tags: Software, Desktop, Vulnerability, Secunia, Flaw, Exploitation, Tools & Techniques, Patches, Security, Management, Ryan Naraine

Blog posts 2008-05-20

Details, details, details... more on the Microsoft flaws from today

Thought I'd explore some of these bugs a bit more... first, Tipping Point released one of the vulnerabilities that Larry reported earlier, listed as a stack overflow issue in Microsoft Office Jet Database Engine.  The stack overflow isn't what's interesting, what's interesting is the attack vector itself.  To be fair to...

Tags: Vulnerability, Microsoft Corp., Database Engine, iDefense, Flaw, Exploitation, Microsoft Word, Word Processors, CSS, Microsoft Office, Security, Databases, Office Suites, Software, Scripting Languages, Software/Web Development, Web Development, Enterprise Software, Data Management, Nathan McFeters

Blog posts 2008-05-13

Hacking NASA: One small step for man, one giant leap for hackers?

The CORE Security Team released an advisory to the Full-Disclosure mailing list today that documented a stack overflow in NASA's Common Data Format libs. Looking at this bug, the tech details aren't overwhelming, I think I'm mostly excited about it due to the high profile of hacking NASA libs.  One...

Tags: NASA, Vulnerability, Hacker, Exploitation, Common Data Format 3.2.1, Security, Patches, Hacking, Nathan McFeters

Blog posts 2008-05-05

ActiveX woes bite CA BrightStor

Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system. A Secunia alert rates the vulnerability "highly critical." Here are the details: Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup,...

Tags: Vulnerability, Computer Associates International Inc., ActiveX, CA BrightStor, Exploitation, ActiveX/COM/COM+/DCOM, Storage Management, It Management, Security, Software Development, Software/Web Development, Storage, Hardware, It service Management, Larry Dignan

Blog posts 2008-03-17

Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features

Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features"Exploitation is Still Possible...""What's really important to gather from all of this, is that while Windows has made major improvements to it's security..."itsObsessive-compuslsive or not, it's "its".--GlennRE: Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security FeaturesVista...

Tags: Operating systems, UNIX, Third-Party Vendor, Exploitation, Problem Here, Still Possible, Third-Parties Neglect, Implement Vista Security Features, Implement Vista, security, Microsoft Corp., exploitation

Discussion threads 2008-03-03

Exploitation is Still Possible as Third-Parties Neglect to Implement Vista Security Features

Consider this, Microsoft spends huge amounts of dollars and manpower creating protections for the Vista operating system, yet we still have old school vulnerabilities. Why? The answer is simple really, third-party created code is not stepping up and taking advantage of these powerful protection mechanisms. I'm not...

Tags: Security, Microsoft Windows Vista, Data Execution Prevention, Exploitation, Address Space Layout Randomization, Nathan McFeters

Blog posts 2008-03-02

QuickTime zero-day attacks intercepted

Researchers at Symantec have intercepted two different in-the-wild malware attacks targeting an unpatched code execution vulnerability in Apple's QuickTime media player. Honeypots in Symantec's DeepSight Threat Management System captured the first known case of exploit exploitation of the flaw on December 1st, 2007.  The company has since...

Tags: Apple QuickTime, Vulnerability, Malware, Zero-day Bug, Attack, Exploitation, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine

Blog posts 2007-12-03

IE users beware: RealPlayer zero-day flaw under attack

See updates below with confirmation from RealNetworks and plans for an emergency RealPlayer patch Hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks, which began...

Tags: Attacker, Victim, Microsoft Internet Explorer, RealNetworks RealPlayer, Attack, Flaw, Exploitation, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine

Blog posts 2007-10-19

Zero-day flaws surface in AOL, Yahoo IM products

Zero-day vulnerabilities in two popular instant messaging products could put millions of computer users at risk of malicious hacker attacks. Exploit code has been released for the more serious of the two flaws -- a gaping hole in Yahoo Messenger -- that could expose users to code...

Tags: Yahoo IM, AOL Instant Messenger, America Online Inc., IM, Yahoo! Inc., User, Secunia, Flaw, Exploitation, Instant Messaging, Security, Internet, Online Communications, Ryan Naraine

Blog posts 2007-09-19

ActiveX flaws haunt QuickBooks Online

The U.S. Computer Emergency Readiness Team (US-CERT) is warning about multiple code execution holes affecting users of Intuit QuickBooks Online Edition. The vulnerabilities, rated "highly critical" by Secunia, can be exploited by a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. ...

Tags: Intuit Inc., Intuit QuickBooks, ActiveX, Flaw, Exploitation, Ryan Naraine

Blog posts 2007-09-05

Trend Micro, Zone Labs, ClamAV join list of insecure security products

Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege...

Tags: Security, Check Point Software Technologies Ltd., Trend Micro Inc., Zone Labs Inc., Ryan Naraine

Blog posts 2007-08-22

Zero-day RPC flaw in Microsoft DNS

Zero-day RPC flaw in Microsoft DNSMissing some good details..Last time I checked there was a zero day section...guess you guys are competing or something. Regardless, thanks for the heads up, but you did not post any details besides what is vulnerable. [b]"A vulnerability has been reported in Microsoft Windows, which...

Tags: Domain names, Microsoft Windows, NETWORKING, SECURITY, exploitation, DNS, Microsoft Corp., Zero-day RPC, Microsoft DNS, flaw, vulnerability

Discussion threads 2007-04-13

Michael Dell pushes governments to invest in IT

Michael Dell pushes governments to invest in ITGovernments should investto: See that all of their people have food.See that all of their people have proper housing.See that their people have proper medical care.See that their people are free to worship or not worship as they please.See that ALL their people...

Tags: Vertical industries, Exploitation, Big Brother, government, Dell Computer Corp., IT IS, information technology

Discussion threads 2006-05-04

What's the next security threat?

What's the next security threat?The next security threat is:"WINDOZE"Oh, wait, WINDOZE has been a security threat for 20 years. OK, the next security threat is Vista - another MICROSUCKS abortion.The next security threat has a name and it isVista.... it's not out yet so we are still secure until it...

Tags: Web browsers, exploitation, security threat, Mozilla Firefox, security, JavaScript

Discussion threads 2006-04-17

Open-source companies see profit aplenty

Open-source companies see profit aplentySee....1.Make/develope/update free software.2.Sell support or a commercial license depending on the vendor3.Profit. The only thing that i would say they need to do is make sure their commercial license is extremely compeditive. or else... So long and thanks for all the code.Interesting article......doesn't say whether RedHat...

Tags: Tools & Techniques, GPL, software, exploitation, open source, Even Microsoft

Discussion threads 2004-05-19

Additional Resources

NoScript 1.9.9.15 (Windows)

NoScript provides extra protection for your Mozilla/Firefox or Flock browser: this extension allows JavaScript and Java execution only for trusted domains of your choice. This whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities with no loss of functionality. You can enable JavaScript/Java execution for sites you trust...

Tags: JavaScript, Execution, Microsoft Windows, InformAction, NoScript, Scripting Languages, Programming Languages, Java, Software/Web Development, Web Development, Software Development

Software downloads 2009-11-18