Category: Security Disclosures
-
Blind Zerg Rush for Security
While reviewing some old publications I came across this great article that was written just weeks after the 9/11 tragedy in NY. Based on recent events disclosed around the PRISM program and US Government actions against privacy in general the article seems to be very scary with it’s foreshadowing. Here is an excerpt taken from…
-
Cisco PIX & ASA Multiple DoS, ACL Bypass, & Authentication Bypass Vulnerabilities (Bugtraq ID:34429)
Some fairly critical issues disclosed on a very popular security product. Cisco PIX Security Appliance and ASA 5500 Series Adaptive Security Appliance are prone to multiple denial-of-service vulnerabilities, an ACL-bypass vulnerability, and an authentication-bypass vulnerability. Read More Here … An attacker can use readily available network utilities to exploit these issues. The following example data…
-
The Secret Battles of Electronic Warfare
This is not the first time we have mentioned the rise of computer security related crimes or pointed out the hacking of or weaknesses of many critical metropolitan infrastructures. With that said the recent hacking events first mentioned over the past weekend does again cast a big bright light on how living in our ‘digital…
-
Conflicted by Conflicker
As posted in the “Waiting for the Worms” article below the conflicker worm was MIA on April 1st along with all the Gloom N Doom forecasted by the IT security industry. There is an interesting article posted by SearchSecurity.com that talks about not only possible reasons for the fizzle of the worm but also the…
-
Waiting for the Worms
As anyone who have heard any news media source lately may already know. Today is April Fool’s Day, and also “worm” day. For those that are unfamiliar the worms first started back in 1988 and was released by accident (so the story goes) by a researcher named Robert Morris. Today this has evolved quite a…
-
Exploiting Intel CPU cache mechanism
Since I did not get out to Black Hat DC last month I was just reviewing the papers and came across one very interesting one. Aside from the white paper I also enjoy the story about the new “Friends” disclosing such an exploit brings. All in all a good read and just more wood for…
-
Critical IE Flaw & Emergency Patch
New 0 Day in the wild.. For those poor souls still using Internet Explorer take heed! Here are the details on the vulnerability and the emergency patch Good Luck! And if you haven’t already Do Yourself A Favor
-
Host Integration Server flaw exploited
On Tuesday, Microsoft issued MS08-059 to address the vulnerability detailed in CVE- 2008-3466. In it’s patch bulletin, ranked as critical, Microsoft said “this vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. More Info…
-
World Bank Hacked for a while now it seem’s
The article states that at least 18 servers (and maybe as many as 40) had been penetrated, including Human Resources and the banks “security and password server”. More Info…
-
Multiple flaws in the TCP stack could lead to DoS attacks
“Jack found some anomalies in which machines would stop working in some very specific circumstances while being scanned,” Lee told CNET News. One of the behaviors experienced was packet loss where the packets just kept trying, and trying, and trying, creating, more or less, a denial of service (DoS) on that machine.” More Info…
[security.pimp] 