SecurityRatty: tag: exploitable

Pinch Vulnerable to Remotely Exploitable Flaw

2008-08-07 10:22:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exploitable vulnerabilities allowing them to competely hijack someone's command and control, and consequently, their botnet. The Zeus crimeware kit , which I've been discussing and analyzing for a while, is the perfect example of how once a popular underground kit start acting as the default crimeware kit, cybercriminals themselves start...

The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw

2008-06-18 17:45:15 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exploitable vulnerability according to a proof of concept code I obtained recently . The vulnerability allows the injection of logins and passwords within any misconfigured web interface, due to the way in which Zeus is processing php scripts (web shells and backdoors) from the directory in which it stores the stolen data. Ironically, "Zeus...

Tags: zeus, russian business network, crimeware kit, zeus users, vulnerability, vulnerability research, kit, security community, security community starts

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...exploitable I know what you're thinking, but remember that this classification doesn't exclude a tester from the requirement of having to triage all exceptions. The "Must Fix" category was composed of write access violations, read access violations on EIP, /GS and NX related access violations and read access violations where any one of the...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

76Service - Cybercrime as a Service Going Mainstream

2008-08-13 08:08:43 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exploitable vulnerability in yet another malware kit about to go mainstream? Definitely, unless of course backdooring it and releasing it doesn't achieve the obvious results of controlling someone else's cybercrime ecosystem Related posts The Underground Economy's Supply of Goods and Services The Dynamics of the Malware Industry -...

Tags: 76service, service, malware, malware kit, cybercrime, malware botnet, botnet, mysterious 76service server, web service

The Big Announcement

2008-03-13 00:03:25 by Bill in Grumpy Security Guy

...exploitable . Note my careful choice of words, exploitable VS. not there anymore. The vulnerability certainly still exist in the code but now that the attack is blocked the business can decide if this is a good enough solution or they need to go fix the actual flaw The geek in me is screaming that it still needs to be fixed, the business side...

Tags: vulnerabilities asap, vulnerabilities, app, web app, web application vulnerabilities, vulnerability, sentinel, business, default deny policy

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive

...exploitable perspective, and they are going to be cranky with you If you choose to go through the validate each and every defect and the types of defect are pervasive, you're going to spend almost as much verifying the defect as fixing it. Especially if you're going through and simply replacing strcpy() with strlcpy() for example. For both...

Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand

Stealing Sensitive Databases Online - the SQL Style

2008-05-12 01:13:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exploitable to web application vulnerabilities, with their SQL databases available for extraction in an unencrypted form In reality, reconnaissance through search engine's indexes to build a hit list of E-shops with a higher probability for exploitation, is what malicious attackers who lack the skills and capacity to build a botnet, even...

Tags: databases, pop e-shops, e-shops, site-specific vulnerability manner, specific vulnerability, complete access, malicious attackers, access, bad guys

Summarizing June's Threatscape

2008-07-01 07:05:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...exploitable flaw in the Zeus crimeware kit allowing both, researchers and malicious parties to assess the severity of a particular banker malware campaign, the increasing use of malicious doorways next to ICANN and IANA's DNS hijacking, all speak for themselves and how diverse the threats and, of course, the abilities to maintain a decent...

Tags: site, fake youtube site, web site defacements, malware, malware hosts, web site defacer, sites, vulnerable sites, malicious

Banker Malware Targeting Brazilian Banks in the Wild

2008-08-18 07:01:03 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...Exploitable Flaw Pinch Vulnerable to Remotely Exploitable Flaw Dissecting a Managed Spamming Service Managed "Spamming Appliances" - The Future of Spam

Tags: banker malware, banker malware kit, kit, popular banker malware, malware, bank itau personnalite, bank itau, malware authors, russian malware authors

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo