[ad] Well it happened a while back, remember? The French researcher Guillaume Tena who got in trouble for breaching French copywrite laws by decompiling some software. Now people are generally starting to worry about disclosing vulnerabilities through any channels, does there need to be some kind of anonymous PGP key based system for vulnerability disclosure? […]
Exploits/Vulnerabilities
Trojan for the Word Vulnerability in the Wild
[ad] We all knew it was just a matter of time until the ‘thing’ was out. PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP. Microsoft confirmed today the existence of this vulnerability […]
The Biggest Web Defacement Ever
[ad] A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day! Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the […]
Microsoft Patching Practises Come Under Fire
[ad] Aye…it’s not the first time. The question came up, is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of ‘misleading’ customers by […]
MORE Sendmail Problems – Signal Handling Vulnerability
[ad] OH MY GOD, NOT ANOTHER SENDMAIL FLAW? What’s that? Yah number 1001010102121. Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don’t see major bugs in software that’s as popular as Sendmail very often (at least, in the Unix world anyways), and that’s probably a good thing. According to sendmail.com, […]