DNS Rebinding – Explained

Tuesday, December 1st, 2009

Here is a great video from Robert "RSnake" Hansen explaining what DNS Rebinding actually is and shows some various attacks that may be performed as a result of it.  RSnake also explains what can be done to fix the problem and explains why it might not happen any time soon. DNS ...

Clientless SSL VPN Vulnerability

Tuesday, December 1st, 2009

Web browsers enforce the same origin policy to prevent one site's active content (such as JavaScript) from accessing or modifying another site's data. For instance, active content hosted at http:///page1.html can access DOM objects on http:///page2.html, but cannot access objects hosted at http:///page.html. Many clientless SSL VPN products retrieve content ...

VirtualBox 3.1.0 released

Monday, November 30th, 2009

Sun today released VirtualBox 3.1.0, a major update introducing teleportation, branched snapshots, 2D video acceleration for Windows guests, more flexible storage management and much more. See the ChangeLog for details. Download:http://www.virtualbox.org/wiki/Downloads

Numerous vulnerabilities in VMware products

Tuesday, November 24th, 2009

VMware has advised of a total of 93 vulnerabilities in several of its products, including ESX Server, Server, VirtualCenter and vCenter. Most of the vulnerabilities are in Java, Tomcat and the kernel and have been known for some time. Some of them can be exploited to compromise a system, however, ...

Metasploit 3.3 released

Wednesday, November 18th, 2009

Nearly one year after the release of Metasploit 3.2, the Metasploit Project developers have announced the availability of version 3.3 of the Metasploit Framework. The comprehensive programming framework for developing exploits for vulnerabilities is used by security researchers, penetration testers and black hat crackers alike. The latest release includes a ...