[ad] So as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser. It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up […]
exploits
ISR-evilgrade – Inject Updates to Exploit Software
[ad] ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software. How does it work? It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims […]
Exploit for Kaminsky DNS Bug Goes Wild
[ad] There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild. To top that, they have already been ported into Metasploit! I hope all the major ISPs are in a patching frenzy right now and not thinking to […]
oCERT – Responsing to Flaws in Open Source Software
[ad] So a new initiative – the Open Source Computer Emergency Response Team known as oCERT has been set up one of the main sponsors being Google (read more here – Contributing to Open Source Software Security). The oCERT project is a public effort providing security handling support to Open Source projects affected by security […]
Patch Window Shrinking – Semi-Automated Reverse Engineering
[ad] As far as I know this has been happening for some time, sometimes a patch comes out for a vulnerability that many people don’t know about (including the hackers) so they will see what problem the patch fixes (possibly through reverse engineering) then develop an exploit to leverage on the flaw. It seems things […]