SEARCH RESULTS
 
Showing 1-10 of 24 records
 
Expand article

The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw

The Article has images
2008-06-18 17:45:15 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...exploitable vulnerability according to a proof of concept code I obtained recently . The vulnerability allows the injection of logins and passwords within any misconfigured web interface, due to the way in which Zeus is processing php scripts (web shells and backdoors) from the directory in which it stores the stolen data. Ironically, "Zeus...
 
Tags: zeus, russian business network, crimeware kit, zeus users, vulnerability, vulnerability research, kit, security community, security community starts
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...exploitable I know what you're thinking, but remember that this classification doesn't exclude a tester from the requirement of having to triage all exceptions. The "Must Fix" category was composed of write access violations, read access violations on EIP, /GS and NX related access violations and read access violations where any one of the...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

The Big Announcement

2008-03-13 00:03:25 by Bill in Grumpy Security Guy
 
...exploitable . Note my careful choice of words, exploitable VS. not there anymore. The vulnerability certainly still exist in the code but now that the attack is blocked the business can decide if this is a good enough solution or they need to go fix the actual flaw The geek in me is screaming that it still needs to be fixed, the business side...
 
Tags: vulnerabilities asap, vulnerabilities, app, web app, web application vulnerabilities, vulnerability, sentinel, business, default deny policy
 
 
 
 
Expand article

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive
 
...exploitable perspective, and they are going to be cranky with you If you choose to go through the validate each and every defect and the types of defect are pervasive, you're going to spend almost as much verifying the defect as fixing it. Especially if you're going through and simply replacing strcpy() with strlcpy() for example. For both...
 
Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand
 
 
 
 
Expand article

Stealing Sensitive Databases Online - the SQL Style

The Article has images
2008-05-12 01:13:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...exploitable to web application vulnerabilities, with their SQL databases available for extraction in an unencrypted form In reality, reconnaissance through search engine's indexes to build a hit list of E-shops with a higher probability for exploitation, is what malicious attackers who lack the skills and capacity to build a botnet, even...
 
Tags: databases, pop e-shops, e-shops, site-specific vulnerability manner, specific vulnerability, complete access, malicious attackers, access, bad guys
 
 
 
 
Expand article

Summarizing June's Threatscape

The Article has images
2008-07-01 07:05:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...exploitable flaw in the Zeus crimeware kit allowing both, researchers and malicious parties to assess the severity of a particular banker malware campaign, the increasing use of malicious doorways next to ICANN and IANA's DNS hijacking, all speak for themselves and how diverse the threats and, of course, the abilities to maintain a decent...
 
Tags: site, fake youtube site, web site defacements, malware, malware hosts, web site defacer, sites, vulnerable sites, malicious
 
 
 
 
Expand article

On virtualisation

2007-05-29 16:20:00 by Niels Provos in Google Online Security Blog
 
...exploitable, attackers restricted to the guest could potentially break out onto the host machine. I investigated this topic earlier this year, and presented a paper at CanSecWest on a number of ways that an attacker could break out of a virtual machine Most of the attacks identified were flaws, such as buffer overflows, in emulated hardware...
 
Tags: machine, virtual machine process, virtual machine software, host machine, host, software, virtual machine, low, low level access
 
 
 
 
Expand article

Sendmail Users Update ClamAV NOW!

2007-08-25 14:13:03 by Editor in Cheap Hack
 
...exploitable vulnerability in ClamAV versions prior to 0.91.2, recently released, could allow an attacker to compromise a system by sending an e-mail to it. The issue is in clamav-milter, the sendmail plug-in for the anti-virus, which scans e-mail as it comes into the server. Clamav-milter doesn't properly sanitize user input. It is possible...
 
Tags: easily exploitable vulnerability, vulnerability, scans e-mail, e-mail, clamav versions prior, inject shell code, clamav-milter, user input, server
 
 
 
 
Expand article

Reliability Vs. Security

2007-12-07 16:46:00 by sdl in The Security Development Lifecycle
 
...exploitable. The rest of the issues can be ignored. Reliability people, on the other hand, must deal with the entirety of the application because reliability bugs can be anywhere. Reliability folks deal with this by weighting their tests according to an operational profile, an unwieldy proposition at best and one that security folks can...
 
Tags: folks, reliability folks deal, reliability, reliability folks, security, bugs, reliability bugs, reliability analysis, software reliability