|
Two Easily Exploitable Vulnerabilities of Money Services Businesses
2008-05-21 22:41:00 Money Services Businesses (MSBs) provide important services to a large segment of our society. According to FinCEN, MSBs refer to five distinct types of financial services providers: currency exchangers; check cashers; issuers, sellers, or redeemers of traveler’s checks, money orders or stored value; the United States Postal Service; and money transmitters. MSB customers mostly consist of the “unbanked.” This client base tends to be more transient, consist of low income households,...(read more)
Selling Vulnerabilities and Ethics
2008-05-18 21:19:00 Shoaib just blogged on Hacking & Security Community - Ethical or Unethical?. To start with: I do not claim that I know all about ethics and that there is only one view on ethics but I have a clear view on certain things. I blogged on this theme several times already and made my points pretty clear: Vulnerability Auction Selling Vulnerabilities? WabiSabiLabi and their view on ethics When I talk to people who are selling vulnerabilities, they keep telling me that it is their right to sell their work and as they do vulnerability research for a living. So, let's use an analogy: How ethical would it be to try to find ways how to break into my house and then selling them to the people paying most as they will offer services to me to protect me? Is this ethical? Not from my perspective. If I would hire somebody to look for these vulnerabilities, this is a different game but I would then want to know them without going public. WasbiSabiLabi tells us that they will not sell to the...
The Old Titans All Collapsed. Is the U.S. Next?
2008-05-18 16:22:00 More than 80 percent of Americans now say that we are on the wrong track, but many if not most still believe that the history of other nations is irrelevant — that the United States is unique, chosen by God. So did all the previous world economic powers: Rome, Spain, the Netherlands (in the maritime ...
By: 1913 Intel
Microsoft Patch Tuesday: Six Vulnerabilities Fixed In Four Bulletins
2008-05-13 21:52:00 Microsoft Patch Tuesday: Six Vulnerabilities Fixed In Four BulletinsResearchers warn the buffer-overflow bug affecting the Jet Database Engine is especially critical to fix since there is evidence of hackers already exploiting the vulnerabilit...
Microsoft Patch Tuesday: Six Vulnerabilities Fixed In Four Bulletins
2008-05-13 21:52:00 Microsoft Patch Tuesday: Six Vulnerabilities Fixed In Four BulletinsResearchers warn the buffer-overflow bug affecting the Jet Database Engine is especially critical to fix since there is evidence of hackers already exploiting the vulnerabilit...
Vulnerabilities
2008-05-11 10:26:00 Recently I was thinking about an ex of mine from long ago. The reason for that is another story which I am in the process of writing. But it did make me think of why JR and I ended our relationship. The reason it ended was his inability to show vulnerability. Now that may be fine ...
By: Real Euphoria
India high on Internet vulnerabilities - Orkut, Mozilla on List
2008-04-28 20:25:00 India along with nations across the globe is high on internet vulnerabilities through various medium, highest being malicious codes, phishing and unauthorized scanning. Recent trend is that hackers now turning to websites, servers from their previous choice of emails, cheap apps etc. Recently India’s premier technology institute IIT’s website has been hacked (source), although this is ...
By: India Web 2.0
More vulnerabilities found in Apple?s Safari
2008-04-24 12:37:00 Could Safari be the black sheep in Apple’s software family? A recent rumor going around said that PayPal would lock Safari users out of its online payments on the claims that the Apple browser is unsafe. This links in with the announcement made back in February by PayPal’s Chief Information Officer that Safari is ...
By: insideTonic
More vulnerabilities found in Apple?s Safari
2008-04-24 12:37:00 Could Safari be the black sheep in Apple’s software family? A recent rumor going around said that PayPal would lock Safari users out of its online payments on the claims that the Apple browser is unsafe. This links in with the announcement made back in February by PayPal’s Chief Information Officer that Safari is ...
By: insideTonic
Security Vulnerabilities
2008-04-13 09:25:00 One of the difficulties faced by IT security professionals is keeping up with the latest security vulnerabilities in operating systems, databases, and applications. If an attacker knows a vulnerability and you don’t, your may not be able to effectively defend against the new vulnerability. This is especially true of applications which are accessible from the ...
By: Tech FAQ Blog
Vulnerabilities in Windows XP SP3
2008-04-08 07:13:00 The third and final service pack for Windows XP is not even out the door, and security company Symantec has already warned of a security vulnerability impacting XP SP3. With the advent of Windows Vista, Microsoft has started beating the drum of the increased security of its latest Windows client in comparison to XP SP2. Throughout 2007, the Redmond company has offered ample proof of the fact that Vista RTM was affected by less than half thevolume of vulnerabilities in contrast to XP RTM. This trend seems to continue with Vista Service Pack 1 and XP SP3. The proof of concept of a new bug impacting Windows Explorer is now available in the wild, with potential exploits affecting XP SP3."The bug affects the code that parses Word documents in order to extract and display summary information (for example, document type, author, title, etc.). A malformed property record in the DocumentSummaryInformation stream of the Word document will cause Explorer to access an invalid pointer when parsi...
Windows XP SP3 Gets Its First Taste of Vulnerabilities
2008-04-08 01:12:00 The third and final service pack for Windows XP is not even out the door, and security company Symantec has already warned of a security vulnerability impacting XP SP3. With the advent of Windows Vista, Microsoft has started beating the drum of the increased security of its latest Windows client in comparison to XP ...
By: CTF Blog
Cisco IOS Multiple Vulnerabilities
2008-03-27 13:44:00 Out today are multiple vulnerabilities from Cisco. There are patches available from Cisco to tackle data manipulation and denial of service issues in their IOS. From Secunia: Description: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or to cause a DoS (Denial of Service). 1) ...
Hacking contest highlights value of vulnerabilities :-) [Digg]
2008-03-27 04:28:00 Security professionals that take part in an annual hacking contest will have more reasons to part with their latest vulnerabilities: Up to 20,000 more reasons.On Monday, security firm Tipping Point agreed to offer up to $20,000 as a prize to the first person to compromise each of three laptops running popular operating systems...
WhiteHat: 90% of Sites Still Vulnerable
2008-03-26 13:57:00 After years of fighting the hacker wars, today’s Websites are still a long way from being secure, according to a new research report.
Adobe Flash FLA File Parsing Vulnerabilities
2008-03-20 14:01:00 Adobe Flash is back in the news with a new vulnerability that affects how files are parsed. From Secunia: Description: cocoruder has reported some vulnerabilities in Adobe Flash, which can be exploited by malicious people to compromise a user’s system. The vulnerabilities are caused due to unspecified errors when parsing specially crafted FLA files. Successful exploitation may allow execution ...
Vulnerabilities: Malicious subtitle file could harm VLC media player
2008-03-19 07:22:00 "A flaw in the widely-used open-source VLC media player could allow an attacker to execute harmful code on a PC. The problem stems from a buffer overflow that can occur when the player processes subtitle files used for movies, according to a security advisory. ShareThis Possibly relatedSecurity: Apple releases massive security updateMicrosoft fixes a dozen critical Office ...
By: Malware Help Org
Patches for Microsoft Office Vulnerabilities
2008-03-15 00:12:00 Microsoft has addressed 12 vulnerabilities in four security bulletins for its suite of Microsoft Office applications, which includes Excel and Outlook. These vulnerabilities could pose a serious threat, especially so with its zero-day vulnerability for Excel, where an attacker is able to gain control over systems affected by a malicious Excel file. Others include an exploit in Outlook which allows an attacker to read and re-route a user's e-mail messages, which is worrying for the fact that privacy issues are at stake here.InformationWeek - Microsoft Tuesday fixed 12 vulnerabilities in four security bulletins, all of which affect Microsoft Office. The fact that all the vulnerabilities found reside in Microsoft Office, said Eric Schultze, chief technology officer of Shavlik Technologies, supports the current belief that client-side vulnerabilities are more likely to bear fruit for hackers than the server side vulnerabilities.
Mac and Windows Users sharing the same Security Vulnerabilities
2008-03-13 22:50:00 As part of its monthly “Patch Tuesday” schedule Microsoft has issued a number of bulletins about 12 security vulnerabilities in its software. Seven of the vulnerabilities affect Microsoft Excel, and could allow a hacker to gain remote control over a user’s computer by a maliciously crafted spreadsheet. Alarmingly, the vulnerability is not just found in ...
Microsoft Patches 12 Office Security Holes
2008-03-12 15:16:00 Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft’s "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or no help from users.
WordPress 2.3.3 Vulnerabilities?
2008-03-08 03:19:00 Verne Ho, the owner of Creative Briefing, has e-mailed me about having some problems with his blog resulting in errors for his visitors and users. He states in the e-mail that he did some investigating and found out it might be something wrong with WordPress 2.3.3. “Upon investigation, I discovered something that might suggest a […] Read it at the source ShareThis
By: Wp Wordpress
Cyber Alert: Java Sun Updates for Multiple Vulnerabilities in Java
2008-03-07 00:00:00 If you have Sun Java installed, then you should apply updates from Sun to remedy these vulnerabilities. Follow these instructions to update your version of Java.
E-mail Risk ( Data vulnerabilities )
2008-03-05 23:27:00 As a universally implemented protocol, email should be a targetfor attacks and risk ; due to the very sensitive nature of the data or information that is transmitted.E-mail at its core is safe because it does not transmit directly executable(binary) code. But an e-mail client starts adding features to be more of a collaboration tool, such as Outlook which embed malcode that has chances of being decoded and launched.An e-mail protocol like Post Office Protocol (POP), was used in the clear, which means when a mail was received, it was transmitted with the POP3 protocol.In such case, the entire e-mail fit into one packet and opportunity to capture packets and read e-mail content isn't off-topic.Capturing and modifying of e-mail can be done either as a man-in-the-middle attack (using ARP spoofing tool, such as ettercap) or as a replay attack. Man-in-the-middle attacks are best avoided by using encryption and digital signing of messages. On the other hand, Spam DoS attacks are a result ...
By: Foo bar Lab
cDc's Goolag googles for vulnerabilities
2008-02-27 19:04:00 LUBBOCK, TX, February 20th - CULT OF THE DEAD COW (cDc), a hacker group,announced the release of Goolag Scanner, a web auditing tool. Goolag Scanner enables everyone to audit his or her own web site via Google. The scanner technology is based on "Google hacking," a form of vulnerability research developed by Johnny I Hack Stuff.Goolag is open source and comes as a standalone application with GUI. You can read the specifications here"It's no big secret that the Web is the platform," said cDc spokesmodel Oxblood Ruffin. "And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for web site owners to patch up their online properties. We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East.If I were a government, a large corporation, or anyone with a large web site, I'd be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious."More...
By: Ghepardoo's Blog
Cult of the Dead Cow turns Google into a vulnerability scanner
2008-02-26 07:16:00 The "Cult of the Dead Cow" hacker group ? cDc for short ? has published a tool that searches for vulnerabilities and private information across the web. Using well-chosen Google search queries, Goolag Scan discovers links to vulnerable web applications, back doors, or documents inadvertently put on the internet that contain sensitive information.
Researchers crack FileVault, BitLocker with canned air hack
2008-02-26 07:04:00 One of the adages of computing is that no hardware is safe when a hacker has physical access to the machine. In an age of booming laptop sales, people haven’t found that reassuring and have frequently turned to disk encryption in an effort to protect their personal data.
Virtualization and Security
2008-02-26 01:06:00 Virtualization. A technology that is supposed to save organizations money... take 10, 20 or even 50 physical servers and run them on a single virtual server. The concept seems to make sense; after all, as someone recently pointed out to me... virtualization has existed in the mainframe world for quite some time. The problem today ...
By: ComputerDefense
Virtualization and Security
2008-02-26 01:06:00 Virtualization. A technology that is supposed to save organizations money... take 10, 20 or even 50 physical servers and run them on a single virtual server. The concept seems to make sense; after all, as someone recently pointed out to me... virtualization has existed in the mainframe world for quite some time. The problem today ...
By: ComputerDefense
Vulnerabilities: Serious Browser Bugs Spoil Opera Tune
2008-02-23 08:14:00 "Opera has shipped a high-priority update to its flagship Web browser to correct multiple flaws that put Windows users at risk of malicious hacker attacks. ShareThis Readers who viewed this page, also viewed:Spam: Five Things You Should Know About Fighting SpamHacking: Hackers go after ExcelWidespread encryption heralds new attacksA History of Hacking CultureMalware: Mobile worm spreads through ...
By: Malware Help Org
FrSIRT finds flaws in MySQL
2008-02-19 07:04:00 Researchers at a French security organisation have uncovered a number of security vulnerabilities in the MySQL database application, the open source software used to support many Web 2.0 applications. FrSIRT, the French Security Incidence Response Team, reported Thursday that it has identified seven vulnerabilities in MySQL.
Cisco IP Phone Overflow and DoS Vulnerabilities
2008-02-14 14:25:00 There comes world today of some rather nasty vulnerabilities that effect Cisco IP phones. Some of the affected Cisco (CSCO) devices are: The following Cisco Unified IP Phone devices running Skinny Client Control Protocol (SCCP) firmware: 7906G, 7911G, 7935, 7936, 7940, 7940G, 7941G, 7960, 7960G, 7961G, 7970G, 7971G The following Cisco Unified IP Phone devices running Session Initiation ...
Blended security threats on the rise, IBM says
2008-02-13 06:55:00 The number of malware code samples in the wild grew 30% to 410,000 in 2007, according to security researchers at IBM’s ISS division. The Storm Worm, in particular, accounted for 13% of the entire malware collection.
Encryption Brings New Risks, Experts Say
2008-02-13 06:47:00 The use of data encryption could make organizations vulnerable to new risks and threats, a panel of security experts warned. Many organizations are encrypting their stored data to relieve concerns over data theft or loss - for example, U.S. mandatory disclosure laws on data breaches do not apply to encrypted data.
Web hosting providers underestimate the security threat facing web applicat
2008-02-10 13:54:00 Despite the highly publicized attacks on websites worldwide, many web hosting customers remain unprotected against the newest forms of attacks as cyber crime tactics evolve. Hundreds of thousands of web site operators ? many with little or no technical expertise ? rely on web hosting providers to keep their websites and web applications safe. Technorati ...
Metasploit exploit tool gets update
2008-02-10 13:46:00 The Metasploit Project has updated its signature open-source exploit framework to Version 3.1, adding a new graphical interface for Windows that will boost the number of researchers and white hat hackers who are able to use the software. Technorati Tags: Metasploit
Exploit Released for Unexploitable Windows Worm Hole
2008-02-10 13:38:00 Remember that MS08-001 worm hole that Microsoft claimed was "difficult and unlikely" to be exploited in real-world conditions? Well, a private pen-testing and vulnerability research outfit has released an exploit that fires against Windows XP SP2 (English), confirming fears that a Blaster-type network worm is theoretically very possible. Technorati Tags: Windows Worm, windows xp, Windows XP ...
Drive By Pharming Now a Reality, Researchers Say
2008-02-10 13:25:00 At first it was just an idea. Now it’s a threat. In a blog, Symantec today reported that it has spotted the first exploits using the "drive-by pharming" concept that researchers have been warning about for two years. Technorati Tags: DNS server, Pharming
Are there any Vulnerabilities in your software?
2008-02-10 13:12:00 To find answer to the question you can visit National Vulnerability Database. This database is maintained by US government and claims to list all known vulnerabilities. I did a quick search for vulnerabilities in my two favourite browsers. Here are the results: Looks like Firefox is catching up :) addthis_url ...
By: DeepakKapoor.net
Secunia PSI – protects against Software Vulnerabilities
2008-02-10 04:18:00 The computer security company Secunia has designed a free security tool, Secunia PSI (Personal Software Inspector) which helps us secure our computer from software vulnerabilities (Vulnerabilities from the Operating System down to browser, email client, office application, IM, and so on).Software vulnerability is basically a programming error/flaw in a software application that can be utilized by hacker to intrude in to our system to perform some actions like automatic installation of viruses, Trojans, key loggers, or other malicious code. “Programs such as anti-virus, personal firewall and anti-spy ware are good measures of protection, but they will NOT protect you from the threat of software vulnerabilities - despite what many of them promise!” said Secunia.The only solution for software vulnerability is to keep installed software updated. Unfortunately, most software vendors are not completely forthcoming about security-related releases, results much damage to the user. Her...
By: Techtrends
Free tool blocks Facebook, MySpace, and Yahoo ActiveX vulnerabilities
2008-02-08 14:56:00 "A researcher over at the Internet Storm Center has created a powerful GUI that will set the kill-bits on vulnerable ActiveX controls used in Facebook, Myspace, and Yahoo apps. These popular apps came under attack on Monday after researchers Elazar Broad and Krystian Kloskowski disclosed their findings to a online security newsgroup. ShareThis Possibly relatedKill ActiveXCritical flaws ...
By: Malware Help Org
Web Application Vulnerabilities: Detect, Exploit, Prevent
2008-01-23 17:31:00 This book is about Web Application Hacking. The world-renowned authors teach the reader to use publicly available tools to conduct thorough assessments of web application. This assessment process provides the reader with an understanding of Web application vulnerabilities and how they are exploited. The book goes on to teach the reader to detect, exploit, and ultimately prevent these vulnerabilities. Next, the authors cover advanced techniques of exploiting vulnerabilities such as SQL Injection, Arbitrary command injection, and more. · Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more.· See why Cross Site Scripting attacks can be so devastating.· Download working code from the companion Web site. http://rapidshare.com/files/847-61190/1597492094.7z http://rapidshare.com/files/847-37800/1597492094.rar
Power and Energy Grids and Cyber Security Vulnerabilities in India
2008-01-23 13:40:00 The Cyber Security Trends in India are not very encouraging.[1] To worsen the situation we have a weak Cyber Law in India.[2] We have to develop technologies and capabilities to protect Indian Citizens/Persons in areas such as transport, civil protection, energy, environment, health, etc. Additionally we have to increase the Security of infrastructures and utilities ...
Most home routers vulnerable to remote takeover
2008-01-21 06:36:00 Security mavens have uncovered a design flaw in most home routers that allows attackers to remotely control the devices by luring an attached computer to a booby-trapped website. The weakness could allow attackers to redirect victims to fraudulent destinations that masquerade as trusted sites belonging to banks, ecommerce companies or health care organizations.
Microsoft warns of Excel flaw
2008-01-21 06:32:00 Microsoft is warning users of a flaw in Excel which is already being targeted by hackers. The company has received reports of attacks attempting to exploit the vulnerability via email. In order to launch the attack, users must manually launch the malicious file. A successful exploit could allow the attacker to access the machine with ...
A Clean Slate for Network Vulnerabilities?
2008-01-19 16:52:00 An important aspect of network management and potentially the most unpredictable is information security. As the name implies, information security is concerned with monitoring and controlling access to data on a network. This in itself is a daunting task, but companies with a web presence can be even more vulnerable to security breeches. ...
By: shyspeak.net
Apple iPhone / iPod Touch Multiple Vulnerabilities
2008-01-16 14:32:00 From Secunia: Description: Two vulnerabilities and a security issue have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or to compromise a vulnerable device. 1) An unspecified error in the handling of URLs exists in Safari. This can be exploited to cause ...
Vulnerabilities: First QuickTime bug of 2008
2008-01-12 06:42:00 "Luigi Auriemma, a 27-year-old Italian researcher who broke the news of the flaw on Thursday, said that the most recent version of QuickTime is prone to a buffer overflow that, if successfully exploited, gives the attacker free rein over a user’s computer. He posted information and proof-of-concept code on security site, milw0rm, his own website ...
By: Malware Help Org
Vulnerabilities: Microsoft Flaw could lead to worm attack
2008-01-12 06:33:00 "Microsoft has fixed a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack. The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel. Microsoft also released a second update for a ...
By: Malware Help Org
Vulnerabilities: RealPlayer flaw raises security flags
2008-01-12 06:13:00 "Security experts are warning users to be vigilant after the disclosure of a new security vulnerability in RealPlayer. The flaw could allow an attacker to remotely execute code on a victim’s machine. ShareThis Possibly relatedVulnerabilities: First QuickTime bug of 2008Vulnerabilities: Microsoft Flaw could lead to worm attackVulberabilities: ID Theft Vulnerability Haunts FirefoxSecurity: Microsoft launches Security Vulnerability Research ...
By: Malware Help Org
MS08-001 Disassembly Flash
2008-01-10 18:51:00 By now many people will have seen this, it appeared on Slashdot and Halvar posted it to his blog, but for those that haven’t… this is a pretty cool flash to watch. MS08-001 Disassembly.
By: ComputerDefense
|
|
 |
|
 |
