[ad] OH MY GOD, NOT ANOTHER SENDMAIL FLAW? What’s that? Yah number 1001010102121. Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don’t see major bugs in software that’s as popular as Sendmail very often (at least, in the Unix world anyways), and that’s probably a good thing. According to sendmail.com, […]
vulnerability
Proof of Concept for Internet Explorer Modal Dialog Exploit
[ad] Pretty interesting and imaginative way to exploit the flaw in IE…yeah I know linked to ActiveX again, all the more reason to use Firefox right? It just shows that the browser really is a point of entry, this could be useful for a penetration test, another way to show how easy it is to […]
MS and the new IE vulnerability – Object Tag
[ad] Can you see the irony? Just after 2 weeks that M$ released the Internet Explorer security makeover, Michal Zalewski came up with a highly critical exploit, as called by Secunia… based on a mishandling of the OBJECT tag…. Security alerts aggregator Secunia flagged the issue as “highly critical” and stressed that it can be […]
Penetration Testing vs Vulnerability Assessment
There seems to be a certain amount of confusion within the security industry about the difference between Penetration Testing and Vulnerability Assessment, they are often classified as the same thing when in fact they are not. I know Penetration Testing sounds a lot more exciting, but most people actually want a VA not a pentest, […]
New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer
[ad] Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously. Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks. The Redmond, Wash., software giant […]