Monday, April 21st, 2008
In a security alert last week, Microsoft reported a vulnerability which allows local users and users signed on with access to an Internet Information Server (IIS) or MS SQL server to escalate their privileges. Server operators such as hosting providers who allow user code to be executed, for example on ...
Posted in Coding, Privacy, Security, Windows | No Comments
Friday, April 4th, 2008
We have been noticing quite a few malware samples having references to or communicating with Google's SMTP servers. This post dissects one of these samples and in the process attempts to illustrate to the reader some reversing techniques and information gathering techniques, while explaining the behavior and impact of this ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Thursday, April 3rd, 2008
Spammers are once again using web bugs to verify the validity of of email addresses. This time the trick is not done with graphics but with digital certificates. Alexander Klink from German consultants Cynops has discovered a vulnerability in Microsoft products – or possibly in the Crypto API – that ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, April 2nd, 2008
Around a tenth of all malware is designed to use portable storage media, such as removable USB drives, as an attack and spread vector.
Security firm ESET said that 10.3 per cent of malware detections last month were identified as files containing information on programs to be run automatically when removable ...
Posted in Hardware, Internet, Privacy, Security | No Comments
