Well everyone has been waiting for a Jailbreak for the iPad 2 with the latest version of iOS – it happened and only hours later the malformed PDF files that were used in the exploit were circulating the Internet. It’s not the first time this has happened, last time jailbreakme did the same thing back […]
Well it’s March again and well we love March because it’s Pwn2Own time! Every year around this time we get some goodies to discuss way back since: 2008 – Mac owned on 2nd day of Pwn2Own hack contest 2009 – Charlie Miller Does It Again At PWN2OWN 2010 – Mozilla Beats Apple & Microsoft to […]
Tags: apple, chaouki bekrar, charlie miller, hacking apple, hacking macbook, IE, internet explorer hack, internet-explorer, pwn2own, return oriented programming, safari, safari-exploit, safari-security, use-after-free flaw, vulnerability
Posted in: Apple, Exploits/Vulnerabilities, Windows Hacking | Add a CommentThere’s been a number of bounty programs in the past year or so with Mozilla being one of the forerunners with their Mozilla Security Bug Bounty Program. There are others like Google offering rewards for bugs in Chrome, and other specific high profile bounties like when Microsoft Offered $250K Bounty for Conficker Author. Mozilla on […]
Tags: bug bounty, exploit, firefox, firefox bug bounty, firefox exploit, firefox exploit bounty, firefox-vulnerability, mozilla, mozilla bounty, mozilla bug bounty, mozilla firefox, mozilla security bug bounty, security bug, security bug bounty, vulnerability
Posted in: Exploits/Vulnerabilities, Programming, Web Hacking | Add a CommentYou may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break. I’d like to wish all of you […]
Tags: buzz, buzz privacy, buzz security, cross-site-scripting, exploit, google, google buzz, google buzz exploit, google buzz privacy, google buzz security, google buzz vulnerability, google-security, trainreq, vulnerability, web privacy, web-security, XSS
Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a CommentAh Microsoft is treating this one seriously after France and Germany advised users to avoid IE. The current strain being exploited only targets IE6 users, but one security company has developed an exploit for IE8 which also bypasses DEP (Data Execution Prevention). It was rumoured this was the exploit used last week to compromise Google […]
Tags: crc-16, data execution prevention, dep, exploit, hacking-IE, ie 0day, IE-exploit, IE-security, IE-vulnerability, internet explorer security, internet explorer vulnerability, internet explorere 0day, internet-explorer-exploit, microsoft, microsoft patch tuesday, microsoft security, oob patch, out of band patch, vulnerability
Posted in: General Hacking | Add a CommentYou should remember the SSL Renegotiation bug from last year that was used to successfully attack twitter. Finally IETF have come out with a fix for the issue, it’s natural it has taken some time as it’s a flaw in the actual protocol itself not in any specific implementation (which is usually the case). The […]
A fairly serious flaw that was announced in October 2008 by Outpost24 (and apparently discovered way back in 2005), has finally been patched by the major players Cisco and Microsoft. So far Redhat has offered a workaround for the flaw and Juniper has responded that their equipment is not vulnerable. It could be that Juniper […]
Tags: cisco dos, cisco exploit, denial-of-service, exploit, memory pressure protection, microsoft dos, microsoft-exploit, ms09-48, Network Hacking, network-security, outpost24, tcp dos, tcp dos exploit, tcp exploit, tcp flaw, vulnerability
Posted in: Exploits/Vulnerabilities, Network Hacking, Windows Hacking | Add a CommentNow this doesn’t happen all that often, it must be really serious! An Out-of-Band patch from Microsoft (since it’s famous ‘Patch Tuesday‘ it only releases patches on the second Tuesday of each month) has been released for a new RPC flaw. I’d imagine it’s similar to the RPC flaw that spawned such disasters as Blaster […]
It’s somewhat ironic that shortly after the Kaminsky DNS bug went wild and almost immediately got ported into Metasploit that it was then used to attack HD Moore’s very own company BreakingPoint. It happened just a couple of days ago, it doesnt seem to have been a targeted attack though more like mass spammers/scammers leveraging […]
The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do […]
