Debian OpenSSL Blunder
Anyone who has used OpenSSL on Debian to generate keys since September 2006 is exposed.
Hacking
May 15, 2008
Thursday, May 15, 2008 9:19 AM/EST
April 24, 2008
Thursday, April 24, 2008 10:54 AM/EST
Democratic Campaign Hacking Picks Up
Following last week's hack against BarackObama.com, Netcraft is reporting a research exploit against VoteHillary.org. VoteHillary.org is owned by a PAC, not the Clinton campaign, whose site is www.HillaryClinton.com. Harry Sintonen, the Finnish security researcher who found the bug in VoteHillary.org,...
August 3, 2007
Friday, August 03, 2007 7:54 AM/EST
More on Driver Certificate Revocation
For more from Microsoft on when/how driver certificate revocation works, see the comment section on the blog on the Atsiv revocation. Sounds like the current architecture only allows for boot-time checks, and they're just speculating that checks with VeriSign could...
August 2, 2007
Thursday, August 02, 2007 10:17 PM/EST
Microsoft Hits Back at Atsiv
My current column describes Atsiv, a tool for loading unsigned kernel code in Windows Vista x64. Perhaps I was the one who alerted Microsoft, but it responded tonight pretty strongly. As described by Scott Field, Windows Security Architect, in the...
July 29, 2007
Sunday, July 29, 2007 12:39 PM/EST
Halvar Flake Denied Entry to U.S. for Black Hat
Respected security researcher Halvar Flake has been denied entry to the United States for his presentation at Black Hat. It's all over some stupid technicality of the contract with Black Hat being with him personally and not his company. In...
July 5, 2007
Thursday, July 05, 2007 12:05 PM/EST
Code Insertion Through ARP Spoofing
Once you've got control of a system inside a network, it's amazing what you can do with it. Neil Carpenter of Microsoft's Security Incident Response team recently ran into an example of a particularly powerful and scary attack using ARP...
May 28, 2007
Monday, May 28, 2007 6:46 AM/EST
More From Symantec on MPack
A Symantec Security Response blog this morning goes into more detail on the attack I mentioned earlier. It confirms, as I suspected, that the server side of the attack is all PHP-based. PHP servers are the overwhelming focus of server-side...
May 26, 2007
Saturday, May 26, 2007 10:20 PM/EST
Major Web-Based Attack Underway
Symantec is reporting a widespread Web-based attack underway that is believed to have affected over 10,000 computers so far. As of the time of the report, 788 Web sites were known to be spreading the attack. Some of the sites...
April 15, 2007
Sunday, April 15, 2007 10:55 PM/EST
Another /Gs Failure
I've written lately about how Microsoft's /Gs compiler stack protection failed us with the .ANI fiasco. It seems that it failed us once again with the latest issue, the stack overflow in the DNS RPC administration interface. I would think...
- ← Previous
- Viewing articles 1-10
- Next →
