Aye…it’s not the first time. The question came up, is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of ‘misleading’ customers by not […]
The Latest Windows Hacking
Find the Best Windows Hacking from 2021 here:
AV Firms Say Windows Vista Security Claims are Bullsh*t
It seems the faith in Microsoft from the security industry is at an all time low, not surprising really with the amount of flaws that have been coming out in both the OS and the crapware forced upon its users like Internet Explorer Exploder. Anti-virus firms at Infosec say they expect Vista and IE7 to […]
Microsoft Shelves Support for RSA SecurID in Vista
Switchback? For the worst? Aww Microsoft would never compromise our security for the sake of convenience or their profit line right? Microsoft has shelved plans to include native support for RSA’s SecurID tokens in Windows Vista, even though the company has been trialling the technology for almost two years. In February 2004, Microsoft chairman Bill […]
Proof of Concept for Internet Explorer Modal Dialog Exploit
Pretty interesting and imaginative way to exploit the flaw in IE…yeah I know linked to ActiveX again, all the more reason to use Firefox right? It just shows that the browser really is a point of entry, this could be useful for a penetration test, another way to show how easy it is to get […]
New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer
Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously. Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks. The Redmond, Wash., software giant sent […]
Information about the Internet Explorer Exploit createTextRange Code Execution
Internet Storm Center’s always informative Diary has some good information. At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results: Software-based DEP protecting core Windows programs: sploit worked Software-based DEP protecting all programs: sploit worked DropMyRights, config’ed to allow IE to […]