Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Black Hat Las Vegas Day 2
- Black Hat Las Vegas Day 2Dowd and SotirovYou mention Dowd and Sotirov's talk in passing. I'm intensely curious to read your take on their presentation when you get an opportunity to review their stuff. Is it on your blogging agenda?GreatSounds like lots of fun. Nice update. Don't know how you...
- Tags: Blogging, Sotirov, Dowd, Black Hat
- Discussion threads 2008-08-09
Additional Resources
- Apple eliminates CanSecWest Pwn2Own flaws
- Apple eliminates CanSecWest Pwn2Own flawsFault EliminationI did see the SVG fix in your article on 10.5.7's release and your relaying of Apple's attribution of discovery to "Nils." Regarding the IE8 issue, this is difficult to research because the signal to noise ratio is real low, but it looks as though...
- Tags: SECURITY, Patches, OSX, IE8, Apple Inc., vulnerability
- Discussion threads 2009-05-14
- Nils2Own: 'I want to see security flaws fixed'
- VANCOUVER, BC -- Charlie Miller may have dominated the headlines but the undisputed champion of this year's CanSecWest Pwn2Own contest was a hitherto unknown hacker who asked to be identified simply as "Nils." A day after his perfect sweep of the breaking into...
- Tags: Apple Macintosh, Mozilla Firefox, Vulnerability, Bug, Microsoft Internet Explorer, Web Browser, Exploit, Web Browsers, Apple Mac OS X, Apple Mac OS, Desktops, Operating Systems, Security, Internet, Software, Hardware, Ryan Naraine
- Blog posts 2009-03-23
- Questions for Pwn2Own hacker Charlie Miller
- VANCOUVER, BC -- At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability. We discuss the state of Web browser security, the vulnerability marketplace and...
- Tags: Apple Macintosh, Mozilla Firefox, Apple Safari, Vulnerability, Bug, Microsoft Internet Explorer, Google Chrome, Hacker, Exploit, Web Browsers, Security, Internet, Ryan Naraine
- Blog posts 2009-03-19
- Pwn2Own hacker contest targets browsers, smart phones
- Pwn2Own hacker contest targets browsers, smart phonesBig correction[i]Alex Sotirov also partnered with Macaulay in 2008 to exploit a Windows Vista vulnerability.[/i]It was not a Vista vulnerability, it was a Flash vulnerability. The [b]only[/b] OS to fall in its out of the box plus fully patched configuration was OS X. Try...
- Tags: Web browsers, Smart phones, SECURITY, Handhelds, phone, Web browser, vulnerability, smart phone, Pwn2Own hacker
- Discussion threads 2009-02-11
- Pwn2Own hacker contest targets browsers, smart phones
- After two straight years of taking dead aim at Macbooks and Windows-powered machines, hackers at this year's CanSecWest conference will have shiny new targets:Â Web browsers and mobile phones. According to CanSecWest organisers, there will be two separate Pwn2Own competitions this year -- one pitting hackers against...
- Tags: Phone, Mobile, Smart Phone, Apple MacBook, Web Browser, Hacker, Hacking, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine
- Blog posts 2009-02-11
- MD5/rogue CA attack: The sky is not falling
- Guest post by John Viega Today there’s been a lot of buzz about the clever new attack on public key infrastructure from Alex Sotirov and a team of researchers.  In the attack, the bad guy ends up with his own Certification Authority CA that is...
- Tags: Certification, Certification Authority, Computer Associates International Inc., Attack, MD5, Ryan Naraine
- Blog posts 2008-12-31
- An easy fix ignored
- An easy fix ignoredWhich points out the other obvious flaw...Who identified these CA's as being trustworthy in the first place? No one. They are self-appointed holders of our trust.This was the major criticism of the certificate process in the first place, and the fact that they continue to...
- Tags: Web browsers, SSL/TLS, Network security, Computer Associates International Inc., MD5, easy fix
- Discussion threads 2008-12-30
- An easy fix ignored
- Guest post by Chris Eng In the wake of this morning's 25C3 presentation by Alex Sotirov and Jacob Appelbaum, most of the coverage I've read so far has focused on the technical details and real-world impact of their findings. Rightly so -- their paper describing the attack...
- Tags: Certificate Authority, Attack, MD5, Security, Ryan Naraine
- Blog posts 2008-12-30
- SSL broken! Hackers create rogue CA certificate using MD5 collisions
- Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority CA, a breakthrough...
- Tags: Certification Authority, SSL, Web Browser, Computer Associates International Inc., Certificate, Hacker, MD5, Web Browsers, Internet, Ryan Naraine
- Blog posts 2008-12-30
- News to know: Cyber attacks; Google; Windows security; Gmail outage
- Notable headlines: Larry Dignan: Georgia turns to Google's Blogger amid Russia onslaught Dancho Danchev: Coordinated Russia vs Georgia cyber attack in progress ZDNet UK: Georgia accuses Russia of co-ordinated cyberattack Video: Defcon: Where feds and hackers rub elbows News.com: Defcon ends...
- Tags: Apple iPhone, Google Inc., Google Gmail, Larry Dignan, Russia, Windows Security, Cyberattack, Outage, Georgia, E-mail Providers, Cloud Computing, Microsoft Windows, Hacking, Security, Viruses And Worms, Internet, Operating Systems, Software
- Blog posts 2008-08-12
- Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out
- Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks outNicely doneI appreciate that you took the time to speak with the researcher who actually discovered the flaws.There are a couple of bloggers on ZDNET who always seem slant their "blogs" with grandiose claims against one platform or technology.I think...
- Tags: Microsoft Windows Vista (Longhorn), Blogging, Black Hat, Microsoft Windows Vista, Alexander Sotirov, Microsoft Corp., security
- Discussion threads 2008-08-11
- Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out
- Earlier today I published a lengthy blog post questioning some of the sensationalist conclusions raised in press coverage of a paper presented by Alexander Sotirov and Mark Dowd at last week’s Black Hat Conference in Las Vegas. This afternoon, I received an e-mail from Sotirov, who says he was "horrified...
- Tags: Technique, Black Hat, Microsoft Windows XP, Vulnerability, Microsoft Windows Vista, Microsoft Corp., Web Browser, Exploitation, Microsoft Windows Vista (Longhorn), Web Browsers, Security, Operating Systems, Microsoft Windows, Software, Internet, Ed Bott
- Blog posts 2008-08-11
- Windows security rendered useless? Uh, not exactly
- Windows security rendered useless? Uh, not exactlyOh no!!Another Bott post!!!! I glad there is no more nonsense comparison between two different things.Um, Ed ...... I know you read the paper because I sent you the PDF, but it seems you failed to notice a few things.You accuse me of "alarming...
- Tags: Web browsers, Defense-in-Depth, exploitation, Microsoft Windows, memory corruption vulnerability, Web browser, security
- Discussion threads 2008-08-11
- Windows security rendered useless? Uh, not exactly
- Oh dear. The Chicken Little contingent is out in full force. Break out your Kevlar helmets, everyone, because the sky is falling on Windows! At last week’s Black Hat conference in Las Vegas, researchers Alexander Sotirov and Mark Dowd presented a paper that outlined some new attack vectors they had...
- Tags: Black Hat, Attacker, Windows Security, Vulnerability, Microsoft Windows Vista, Defense, Memory Protection, Vulnerability Disclosure, Microsoft Windows, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Software, Ed Bott
- Blog posts 2008-08-11
- Windows broken ... I'm surprised it took this long
- Windows broken ... I'm surprised it took this longBest security is to take computers off the NetFor my computers at home, there is now only one that has firewalled access to the Internet. My kids' computers DO NOT. My media server DOES NOT. The PC with my finance stuff and...
- Tags: Microsoft Windows Vista (Longhorn), Operating systems, Web browsers, Microsoft Windows Vista, Microsoft Windows, UAC, administrative right
- Discussion threads 2008-08-09
- Black Hat Las Vegas Day 2
- Again, sorry for the late updates. Vegas is the kind of place that demands a lot of a person. Too many parties make it difficult to find time to blog on the conference. Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but...
- Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters
- Blog posts 2008-08-09
- Windows broken ... I'm surprised it took this long
- So, in a stroke, two security researchers Mark Dowd of IBM and Alexander Sotirov or VMware at Black Hat have set browser security back 10 years and rendered Vista's security have been rendered useless. by Adrian Kingsley-Hughes
- Tags: Paper, Microsoft Windows Vista, Microsoft Corp., Web Browser, Data Execution Prevention, Microsoft Windows, Microsoft Windows Vista (Longhorn), Operating Systems, Security, Software, Adrian Kingsley-Hughes
- Blog posts 2008-08-09
- Black Hat Las Vegas Day 1
- Well, this is well late, but here's my recap of Black Hat Day 1. Sorry for the delay, but I've been terribly busy finishing up preparations for my Day 2 talk. The first talk I went to see, "Pointers and Handles, A Story of Unchecked Assumptions...
- Tags: Billy Rios, Black Hat, Cyberthreats, Nathan McFeters, Phishing, Security, Spam, Spam And Phishing, Viruses And Worms
- Blog posts 2008-08-08
- Black Hat Sneak Preview
- Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined...
- Tags: Black Hat, Java Applet, Web Application, Web Browser, Applet, Attack, GIFAR, Java, Programming Languages, Security, Software Development, Software/Web Development, Nathan McFeters
- Blog posts 2008-08-01
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
