Android app “tests” Windows vulnerability

September 14, 2009 By 48 Comments
android_windows_vulnerability_checker

An Android App for "testing" the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the "workarounds" section.) [Thanks Tom101] … [Read more...]

Filed Under: Android Hacks, computer hacks, security hacks Tagged With: , , , , , , ,

Windows 7 and Vista crash via SMB exploit

September 9, 2009 By 40 Comments
Windows_XP_BSOD

[Laurent Gaffié] has discovered an exploit that affects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the … [Read more...]

Filed Under: computer hacks, news, security hacks Tagged With: , , , , ,

The GIFAR image vulnerability

August 4, 2008 By 7 Comments

Researchers at NGS Software have come up with a method to embed malicious code into a picture. When viewed, the picture could send the attacker the credentials of the viewer. Social sites like Facebook and Myspace are particularly at risk, but the researchers say that any site which includes log ins and user uploaded pictures could be vulnerable. This even includes some bank sites. The attack is … [Read more...]

Filed Under: cons, news, security hacks Tagged With: , , , , , ,

Securing DNS on OSX

July 31, 2008 By 5 Comments

It's been a few weeks since [Dan Kaminsky] announced the nature of the DNS vulnerability and allowed 30 days of non-disclosure for patches to be applied before details of the exploit went public. Unfortunately, the details were leaked early and it didn't take long for a functional exploit to be released into the wild. Since then, many ISPs have taken steps to prevent their users from falling … [Read more...]

Filed Under: security hacks Tagged With: , , , , , , ,

Major DNS issue causes multivendor patch day

July 8, 2008 By 3 Comments

Earlier this year, our friend [Dan Kaminsky] discovered a major DNS issue that could allow hackers to compromise name servers and clients easily. The vulnerability involves cache poisoning, and [Kaminsky] plans to publish the full details of the vulnerability on August 6th. However, he has already begun his work to control it, alerting major authorities early on of the vulnerability. As a result, … [Read more...]

Filed Under: news Tagged With: , , , , , ,
Newer Posts »