Tuesday, July 1st, 2008
I got forwarded this link today from businesswire about how Google and Yahoo are now going to be armed with the information necessary to look at and extract information out of SWF files. Ho-boy, here we go. The link was sent to me with the “bad juju” caveat, and I’m ...
Posted in Internet, Privacy, Security, Software | No Comments
Tuesday, June 24th, 2008
Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.
According to Adobe’s advisory, the flaw “could potentially allow an attacker to take control of the affected system.”
If you have Adobe Reader or Acrobat installed on your machine, this update ...
Posted in Coding, Internet, Security, Software | No Comments
Monday, June 2nd, 2008
Yesterday's post discussed a mystery PDF file that was boopytrapped to drop a backdoor.
Today we'll look at how these documents are created.
Here's an example of a tool called Y08-04 aka GenMDB.
When run, it displays this user interface:
The apparent purpose of this tool is to create trojanized PDF files. You select ...
Posted in Coding, Internet, Security, Software | No Comments
Saturday, April 26th, 2008
How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Thursday, April 24th, 2008
Dating back to the end of February, we have been tracking test runs of malicious PDF messages to very specific targets. These PDF files exploit the recent vulnerability CVE-2008-0655.
Ever since the end of March, beginning of April, the amount of samples seen in the wild has significantly increased. Interestingly enough, ...
Posted in Internet, Privacy, Security, Software | No Comments
Wednesday, April 23rd, 2008
With the Ubuntu 8.04 release a few days away, there comes a time when one needs an end-all reference to the system. The time is now, and if you’re an Ubuntu user and liked the original cheat sheet, then do we have a surprise for you:
Click the preview above to ...
Posted in Linux, Networking, Perl | No Comments
Wednesday, April 23rd, 2008
In an attempt to find a good Unix reference for you FOSSwire readers, I was unsuccessful at finding a decent one on the Internet. So, why not make one?
Click the image above to download a full PDF. Print it out, stick it on your wall, and pass it on. It’s ...
Posted in Linux, Networking, Perl | No Comments
Wednesday, April 23rd, 2008
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our ...
Posted in Coding, Linux, Security, Windows | No Comments
Tuesday, April 22nd, 2008
Foxit Reader is "a free PDF document viewer and printer, with incredible small size (only 2.1 M download size), breezing-fast launch speed and rich feature set. Foxit Reader supports Windows 98/Me/2000/XP/2003/Vista". Two security vulnerability in Foxit Reader allow a remote attacker armed with a malformed PDF file to cause the ...
Posted in Security, Software | No Comments
