Attacking SMM Memory via Intel CPU Cache Poisoning

Saturday, March 21st, 2009

As promised, the paper and the proof of concept code has just been posted on the ITL website here. A quote from the paper: In this paper we have described practical exploitation of the CPU cache poisoning in order to read or write into (otherwise protected) SMRAM memory. We have implemented two ...

Adobe Patches Zero-Day Vulnerability

Tuesday, March 10th, 2009

Adobe released a patch today for a zero-day vulnerability under attack by hackers. The patch, available for version 9 of Adobe Reader and Adobe Acrobat, comes a day earlier than the company’s planned release. Patches for earlier versions of the product are still slated for March 18. The vulnerability is the result ...

No User Action Required In Newly Discovered PDF Attack

Tuesday, March 10th, 2009

Merely storing -- without opening -- a malicious PDF file can trigger an attack that exploits the new, unpatched zero-day flaw in Adobe Reader, a researcher has discovered. Didier Stevens, a researcher and IT security consultant with Contrast Europe NV, today released a proof-of-concept demonstration that shows how a file ...

GMail Service CSRF Vulnerability

Tuesday, March 3rd, 2009

Gmail is Google's "free webmail service. It comes with built-in Google search technology and over 2,600 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you're looking for, and make sense of it ...

SSLstrip – HTTPS Stripping Attack Tool

Thursday, February 26th, 2009

This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes ...