Posts

Showing posts from March, 2010

Vulnerabilities and Exploits Flying all over in Vancouver

If you want to be a witness to all kinds of new Vulnerabilities and Exploits to major Web Browsers, OS, and Mobile devices, then you should head right away to Vancouver, BC, Canada where the CanSecWest Conference is taking place. The infamous Pwn2Own contest is well underway and is bringing results like no other contest. In the past 2 days vulnerabilities in Microsoft's IE 8 was discovered and exploited by Peter Vreugdenhil a security researcher participating in this contest. Apple's Safari was also exploited mostly to Own iPhone devices. Mozilla's Firefox was not left out of the party. A security researcher that goes by the name of Nils developed the exploit to attack Firefox 3.x. Note that all of those Vulnerabilities and exploits will be reported to Vendors in order to provide sufficient patches and the exploit code will not be available until the vendors patch there products. Nils2Own: 'I want to see security flaws fixed'

The Reason behind Conficker

If you are in the security field, you probably had heard about the Conficker Worm . But for everyone else who is interested in Information Security, or anybody in the IT field, or even anyone who owns a PC, this is a concern. The Conficker Worm was on of the highlights of the first quarter of last year and the end of 2008. You will find the link at the bottom of this post that tells you all about Conficker. This post is to show you the reason behind Conficker and how it came to live. It started in October 23, 2008 when Microsoft reported a Vulnerability in their

Latest Internet Explorer 0-day Vulnerability Demo

Most of you have already heard or know about the latest 0-day vulnerability affecting Microsoft's Internet Explorer. In the video demo below, i show you how to perform the attack on a demo lab network. As always this video is for tutorial and educational purposes only. I am also providing the original advisory from Microsoft and the vulnerability information from Secunia and Security Focus which both are considered to be leaders in providing vulnerability advisories. Microsoft Advisory: http://www.microsoft.com/technet/security/advisory/981374.mspx BID: http://www.securityfocus.com/bid/38615 Secunia ID: http://secunia.com/advisories/38860 For any questions, comments, or recommendations; leave it in the comments section below.