Thursday, May 22nd, 2008
Security service Zero Day Initiative (ZDI) has found three critical vulnerabilities that allow attackers to infect the computers of Trillian Instant Messenger users with malicious code. The vendor has responded by releasing an update to close the holes.
When processing XML through functions of the talk.dll dynamic link library, malformed ...
Posted in General BS, Internet, Networking, Security, Software | No Comments
Tuesday, April 22nd, 2008
Following a friendly heads up from someone yesterday morning, I re-loaded the
following Kraken samples into my honeypot:
1d51463150db06bc098fef335bc64971
65b958bf6f5eddca3d9455354af08b6f
6ec7d67d5553cbec2a99c7fbe385a729
7ecef2f126e66e7270afa7b803f715bc
8fd8c67103ec073d9303a7fbc702f89a
and began monitoring them. Each sample proceeded to update itself;
the updated binary is around 160KB, given a random name and
placed in the system32 directory, and no longer has an imagefile icon.
The names/MD5 values of ...
Posted in Coding, Internet, Privacy, Security | No Comments
Thursday, April 3rd, 2008
Spammers are once again using web bugs to verify the validity of of email addresses. This time the trick is not done with graphics but with digital certificates. Alexander Klink from German consultants Cynops has discovered a vulnerability in Microsoft products – or possibly in the Crypto API – that ...
Posted in Coding, Internet, Privacy, Security | No Comments
