Thursday, June 4th, 2009
Researchers for some time have demonstrated the possibility of one of virtualization's worst nightmares -- a guest virtual machine (VM) infiltrating and hacking its host system. Now another commercial tool is offering an exploit that does exactly that.
The newest version of Immunity's Canvas commercial penetration testing tool, v6.47, includes the ...
Posted in Internet, Networking, Privacy, Security | No Comments
Monday, June 1st, 2009
Apple has released versions 8.2 of iTunes and 7.6.2 of QuickTime to address a series of vulnerabilities, mostly in QuickTime.
The one iTunes vulnerability is a stack overflow in parsing "itms:" URLs which can lead to a DOS or arbitrary code execution. 10 vulnerabilities in QuickTime are all of a type ...
Posted in Coding, Internet, Security, Software | No Comments
Thursday, May 28th, 2009
Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far ...
Posted in Security, Windows | No Comments
Monday, May 25th, 2009
Version 1.0.8 of the Wireshark network protocol analyser has fixed a few bugs, including one that affects the processing of the PCNFSD protocol. Crafted packages can crash the PCNFSD dissector, and the developers classify this as a security vulnerability. A PCNFS server is contained in Microsoft Windows Services for UNIX, ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Monday, May 18th, 2009
US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur ...
Posted in Internet, Security | No Comments
