illurity-logo
Log in

Site menu:

Categories

Tags

Ads analysis Assets Augury breach cybersecurity DNS DPI epidemic fail forensics fuzzing Identity insurance Javascript Mobile PenTests People privacy quackery regulation Risk SaaS signalling SSO twitter UTM VMWare

Site search

 

September 2010
M T W T F S S
« Jul    
 12345
6789101112
13141516171819
20212223242526
27282930  

Links:

Archives

Archive for 'Exploit'

Negative Day Threat Detection

Announcements of exploitable OS and application vulnerabilities are so commonplace that we’re perhaps even more inured to them than we are to a perpetually ‘Elevated’ Homeland Security threat level. While the severity of the first threat is far outweighed by that of the second, the former is far more likely to be attempted or exercised, [...]

Posted: November 5th, 2008 under Audit, Exploit, Vulnerability.
Comments: none

Where’d that firmware come from?

The word “hacker” is very frequently misused, insomuch as jargon can be misused. But who would dare argue with an RFC? This venerable 15 year old document incontrovertibly defines a hacker as “a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.  The [...]

Posted: May 20th, 2008 under Accountability, Certification, Exploit, Trust, Validation.
Comments: 1

Tough Love

Techno-eschatologists rejoice! The first sign that the end of days is nigh has come to pass. Lo, we have suffered what the professional fomentor convocation has declared the first significant hypervisor-level virtual machine security exploit: A VMWare Shared Folders Directory Traversal Vulnerability. And with that they reveal that contrived validation is no less sweet than [...]

Posted: March 4th, 2008 under Exploit, Validation, Virtualization, Vulnerability.
Comments: 1

Syndicated Malware

It’s virtually impossible to browse to a web-page these days without embedded advertising. Most of this sort of content gets included through the use of javascript retrieved from the ad syndicator’s network (such as Google’s show_ads.js or Yahoo’s ypn.js). Similarly, most web-sites also employ some form of analytics, where the tracking is often achieved in [...]

Posted: October 24th, 2007 under Exploit, WebApp Sec.
Comments: none

Intellectual Weapons

Well, this is one way to make IT vendors more accountable for bugs in their products. This is more or less vigilantism, but at least it provides an less injurious alternative to vulnerability-discoverers selling their discoveries on the black-market. I don’t know if this will fly (the word extortion comes to mind) but if does [...]

Posted: June 10th, 2007 under Accountability, Exploit, Vulnerability.
Comments: none

Stripping HTML from Email

Federal Computer Week is reporting that the DoD is now blocking HTML email (actually, converting it to plain-text) and also disallowing the use of OWA.
What about enabling EmailSecurity to define an “HTML Content” filter and providing plug-in to perform a “Strip HTML” action?
Rather than fully removing the html partition, or trying to clean-up/process the html, [...]

Posted: January 18th, 2007 under Email, Exploit.
Comments: none