Archive | Exploits/Vulnerabilities


28 June 2006 | 5,172 views

Web Services Attack Frequency Increasing

As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others. As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers [...]

Continue Reading


20 June 2006 | 4,893 views

3Com’s TippingPoint Finds New IE Vulnerabilities

What? New vulnerabilities in Internet Explorer? You can hack Internet Exploder Explorer? Never! 3Com Corp’s TippingPoint division has discovered and disclosed two critical new vulnerabilities in Microsoft’s Internet Explorer through 3Com’s Zero Day Initiative (ZDI). The vulnerabilities could have allowed an attacker to gain control of a PC if the user was logged in with [...]

Continue Reading


26 May 2006 | 7,361 views

Serious Symantec Anti-Virus Vulnerability

Apparently a gaping security flaw in the latest versions of Symantec’s anti-virus software suite has been discovered that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the [...]

Continue Reading


24 May 2006 | 3,796 views

Security Researchers Afraid to Reveal Vulnerabilities

Well it happened a while back, remember? The French researcher Guillaume Tena who got in trouble for breaching French copywrite laws by decompiling some software. Now people are generally starting to worry about disclosing vulnerabilities through any channels, does there need to be some kind of anonymous PGP key based system for vulnerability disclosure? So [...]

Continue Reading


23 May 2006 | 3,374 views

Trojan for the Word Vulnerability in the Wild

We all knew it was just a matter of time until the ‘thing’ was out. PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP. Microsoft confirmed today the existence of this vulnerability and [...]

Continue Reading


20 May 2006 | 14,836 views

The Biggest Web Defacement Ever

A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day! Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the handle [...]

Continue Reading


15 May 2006 | 3,407 views

Microsoft Patching Practises Come Under Fire

Aye…it’s not the first time. The question came up, is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of ‘misleading’ customers by not [...]

Continue Reading


10 May 2006 | 6,286 views

MORE Sendmail Problems – Signal Handling Vulnerability

OH MY GOD, NOT ANOTHER SENDMAIL FLAW? What’s that? Yah number 1001010102121. Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don’t see major bugs in software that’s as popular as Sendmail very often (at least, in the Unix world anyways), and that’s probably a good thing. According to sendmail.com, Sendmail [...]

Continue Reading


04 May 2006 | 12,802 views

Homeland Security Uncovers Critical Flaw in X11

An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using [...]

Continue Reading


02 May 2006 | 6,708 views

Proof of Concept for Internet Explorer Modal Dialog Exploit

Pretty interesting and imaginative way to exploit the flaw in IE…yeah I know linked to ActiveX again, all the more reason to use Firefox right? It just shows that the browser really is a point of entry, this could be useful for a penetration test, another way to show how easy it is to get [...]

Continue Reading