Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Code Diffs for DNS Exploit Code
- Diffs between revisions of the exploit code released by HDM and |)ruid. Generated by Billy Rios. by Nathan McFeters
- Tags: Revision, DNS, Exploit Code, Domain Names, Networking, Internet, Nathan McFeters, diffs, code, Exploit, HDM, |)ruid, Billy, Rios, McFeters, Nate, Nathan, screenshots
- Image galleries 2008-07-23
- Taking ownership (pwnership) of content: Cross-site Scripting Google
- My good friend Billy Rios pictured to the right published another interesting exploit recently. It's a cross-site scripting exposure in spreadsheets.google.com, which is interesting because it's exploited by using the content-type returned by spreadsheets.google.com and a caching flaw on the part of Google. Here's some details from Billy's blog: I was...
- Tags: Security, Google Inc., HTML, XSS, Domain, Billy Rios, Rios, Nathan McFeters
- Blog posts 2008-04-16
Additional Resources
- |)ruid and HD Moore release part 2 of DNS exploit
- [Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.] Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan...
- Tags: DNS, Domain, Server, Entry, Exploit, NS, NS Record, Domain Names, Networking, Internet, Nathan McFeters
- Blog posts 2008-07-23
- A look at the recent Firefox 3 vulnerability
- True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed...
- Tags: Mozilla Firefox 3.0, Mozilla Firefox, Apple Safari, Vulnerability, Protocol Handler, Firefox3, Security Decision, Web Browsers, Security, Internet, Nathan McFeters
- Blog posts 2008-07-22
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Tags: Nominee, Vulnerability, XSS, Attack, Flaw, Dan, XSS Flaw, Lifelock, Security, Nathan McFeters
- Blog posts 2008-07-21
- Romanian authorities arrest cybercrime suspects
- Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once. Just a day after reading...
- Tags: Arrest, eBay Inc., Romania, Romanian, Phishing, Identity Theft, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters
- Blog posts 2008-07-17
- Protocol handlers cause Mozilla Firefox 3 remote command execution vulnerabilities
- Update 07/16/2008: Apparently I neglected to mention that this has been patched already. Reading over it again and a heads up from a reader pointed out the error to me. As always, great job by Window Snyder and the Mozilla Security Team for getting this patched quickly. ...
- Tags: Mozilla Firefox 3.0, Mozilla Firefox, URI, Vulnerability, Mozilla Corp., Attack, Web Browsers, Security, Internet, Nathan McFeters
- Blog posts 2008-07-16
- Open Discussion: Software firewalls
- It my recent story on "Patching the Internet" a discussion on how Dan Kaminsky broke, then subsequently helped fix DNS and the Internet, a lot of discussion centered around how the patch was breaking various software firewall applications. Most notably I heard talk of ZoneAlarm having issues. ...
- Tags: Software, Firewalls, Network Security, Security, Networking, Nathan McFeters
- Blog posts 2008-07-11
- Sun releases JRE Version 6 Update 7, 90% of desktops currently at risk*
- * The 90% of desktops currently at risk comes from numbers presented at the Java One Keynote in 2008. If you aren't patched, get the Java control panel up and get updated, or go to Sun's site to download the update, cause this one's big. Yesterday Sun...
- Tags: Desktop, Sun Microsystems Inc., JRE, Programming Languages, Java, Software Development, Software/Web Development, Nathan McFeters
- Blog posts 2008-07-11
- Opera patches serious code exection flaw
- Opera patches serious code exection flawURI/Protocol Handler AbuseI can confirm that Rios has been working on a protocol handler flaw on Opera. I'm not sure if this is what was patched... we've both been so busy lately we haven't been researching together as much as we did in the...
- Tags: Opera Software, flaw, Opera patch, patch management
- Discussion threads 2008-07-03
- Opera patches serious code exection flaw
- Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities. The company's new Opera 9.5.1 patches at least four security issues, the most serious being a flaw reported by Microsoft's Billy Rios that could be used to execute arbitrary code....
- Tags: Opera Software, Patch Management, Flaw, Security Statu, Security, Ryan Naraine
- Blog posts 2008-07-03
- Multiple Facebook vulnerabilities reported on Full-Disclosure
- Jouko Pynnonen posted a message to the Full-Disclosure mailing list today, citing multiple "script injection" vulnerabilities within Facebook. I'm not sure if this is a surprise to anybody out there, it's certainly not to me, as numerous web applications have major problems with Cross-site Scripting vulnerabilities, but I think this...
- Tags: Facebook, Vulnerability, XSS, JavaScript, Microsoft Internet Explorer, Web Browser, Sandbox, JS, Canvas Page, Web Browsers, Internet, Nathan McFeters
- Blog posts 2008-07-02
- Security researcher keeps "Carpet Bomb" attack alive, despite patch
- Security researcher keeps "Carpet Bomb" attack alive, despite patchYesIt def. still works, albeit not in exactly the same way. I can't comment more until Rios has released details.-NateIs the attack really still "alive" ?Re-read BK's blog:"... Safari's behavior affected more than just IE. In fact, I've discovered a way...
- Tags: Web browsers, Cyberthreats, Spyware, adware & malware, Apple Safari, carpet bomb, bomb, security
- Discussion threads 2008-06-21
- Researcher keeps 'carpet bomb' attack alive, despite patch
- Security research Billy Rios posted an article today about the Apple Safari "Carpet Bomb" attack, discussing a new issue that, despite the patch which prevented a "blended" remote command execution attack when Safari was used in conjunction with IE on a Windows system, keeps the "Carpet Bomb" attack alive and well. ...
- Tags: Software, Apple Safari, Apple Inc., Ecosystem, Attack, Billy Rios, Security, Nathan McFeters
- Blog posts 2008-06-21
- 2008 Pwnie Awards
- Don't forget to go and vote on the Pwnie Awards, which will happen at Black Hat Vegas again this year. I don't want to campaign for votes, but I wouldn't be pissed if some of my loyal readers out there voted for me, Billy Rios, Rob Carter, and John Heasman and...
- Tags: Category, Nomination, Security, Nathan McFeters
- Blog posts 2008-06-19
- Black Hat '08 preview webcast on its way
- Ladies and gents, For those who hadn't heard, I will be presenting at Black Hat Vegas '08 this year with Rob Carter, John Heasman, and Billy Rios. Our presentation is called "The Internet is Broken: Beyond document.cookie - Extreme Client Side Attacks", which may sound like a...
- Tags: Black Hat, Webcast, Nathan McFeters
- Blog posts 2008-06-15
- Hacking SCADA for terrorism and destruction
- SCADA scares me, and I've seen enough things on the Internet to be desensitized to many things, but attacks against SCADA threaten our national security in a very real and topical way by attacking power grids, water treatment plants, nuclear plants, etc. Hacking networks that SCADA devices reside on and...
- Tags: Device, Hacking, Internet, Network, SCADA, Terrorism, Attack, Enterprise Software, Software, Nathan McFeters
- Blog posts 2008-06-12
- Black Hat Vegas '08: Sneak peek at some of the interesting attacks we will unveil
- John Heasman posted a sneak preview of our Black Hat presentation, which will happen in August in Las Vegas today. This particular attack is extremely interesting, multi-stage nastiness involving the use of Java to steal domain credentials. John describes this as: "I'm going to revisit an old...
- Tags: Black Hat, Attack, John, Security, Nathan McFeters
- Blog posts 2008-06-06
- Motorola RAZR vulnerable, what's up with Motorola's update process?
- Motorola RAZR vulnerable, what's up with Motorola's update process?Apparently AT&T Razrs are not affected?When I click on the Motorola link you provideit allows me to use my computer to download theupdate ... BUT ... AT&T is not listed under the"carrier type" selection. Only T-mobile is asimilar network type selection...
- Tags: Text messaging/SMS/MMS, Cellular phones, Blogging, Motorola Inc., MMS, image, Motorola Razr
- Discussion threads 2008-05-27
- Gaping holes in Trillian IM client
- Gaping holes in Trillian IM clientShowing its ageThese sound like some rather old-style security bugs (buffer overflows!)... Hopefully their next version (Astra, IIRC) will be much tighter, or they'll keep losing share to Pidgin.RE: Gaping holes in Trillian IM clientI just love Trillian bugs. You know, they called...
- Tags: Instant messaging, SECURITY, Trillian, Trillian IM client, Trillian IM, IM
- Discussion threads 2008-05-22
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
The Cisco Mobility Resource Center offers FREE videos, downloads, podcasts and more, all designed to help small and medium businesses get mobile connectivity solutions, improve productivity and drive sales and revenue.
Designed specifically to address the concerns of senior IT managers at organizations with more than 100 employees, the Intel Premier IT Professional Program provides best practices via local and e-Seminars and a members-only Web site.
