Monday, April 14th, 2008
Security researcher Billy Rios has discovered a vulnerability in Google Spreadsheets which attackers can exploit using links to crafted tables to steal a user's cookie. According to Rios, the victim has to follow such a link in Internet Explorer. The stolen cookie can be used to access all Google services ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Monday, April 14th, 2008
As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too.
Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are ...
Posted in Internet, Privacy, Security | No Comments
Friday, April 11th, 2008
Traditional IDS/IPS systems occur at the network level, usually plugged into a spanning port on a switch. I love this concept and think it should be part of any defense in depth strategy. The two primary weaknesses in these devices are, (1) they cannot process encrypted streams and (2) they ...
Posted in Coding, Internet, Security | No Comments
Monday, April 7th, 2008
Recycling an old social engineering technique and using two different attack methods, a new spam run emerges as a threat to Web users before Microsoft’s Patch Tuesday. And not because it exploits soon-to-be named vulnerabilities.
What this spamming operation takes advantage of is the anticipation itself for the release of patches ...
Posted in Coding, Internet, Privacy, Security, Windows | No Comments
Sunday, April 6th, 2008
As Chris mentioned in a previous post we used social engineering and phishing emails as an attack vector. The scope of the engagement prevented us from collecting any data that could be used to identify the user. The client was not out to make examples of their staff but to ...
Posted in Coding, Internet, Privacy, Security | No Comments
Thursday, April 3rd, 2008
Spammers are once again using web bugs to verify the validity of of email addresses. This time the trick is not done with graphics but with digital certificates. Alexander Klink from German consultants Cynops has discovered a vulnerability in Microsoft products – or possibly in the Crypto API – that ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 2nd, 2008
The amount of new malware has never been higher. Our labs are receiving an average of 25,000 malware samples every day, seven days a week. If this trend continues, the total number of viruses and Trojans will pass the one million mark by the end of 2008.
While there are more ...
Posted in Internet, Security | No Comments
Sunday, March 30th, 2008
"I'm proud to announce the release of Wireshark 1.0. This is the culmination of nearly ten years of hard work by a team of brilliant and talented developers. It is an honor to be able to work with these people.
On behalf of the development team, I would like to thank ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Thursday, March 27th, 2008
A couple of weeks ago, we received a CHM, or Windows Help file, embedded in e-mail as part of a targeted attack campaign against an NGO. Virus detection was near zero. On Virustotal.com, two solutions actually flagged it as malicious.
After decompiling the CHM file, which you can easily do using tools ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, March 26th, 2008
The Mozilla project is distributing version 2.0.0.13 of its popular open source Firefox browser. This release fixes several critical vulnerabilities which could be exploited by attackers to inject malicious code or fake page content.
The browser's JavaScript engine contains several of the security vulnerabilities. Due to incorrect processing, attackers can execute ...
Posted in Internet, Linux, Privacy, Security, Software, Windows | No Comments
