[Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.]Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan Kaminsky.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches.Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool.
[ UPDATE: Davidson was found dead, involved in an apparent murder-suicide that involved his wife and 3-year-old daughter. ] Edward "Eddie" Davidson, a notorious e-mail spammer who was sentenced to jail time in April, has escaped from a federal prison camp in Florence, Colorado.
Security researcher Aviv Raff (left) has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks.According to an advisory from Raff, the iPhone's Mail and Safari applications are susceptible to a URL Spoofing vulnerability which allow attackers to conduct phishing attacks.
Using a link analysis algorithm similar to Google PageRank, researchers at the SANS Institute and SRI International have created a new Internet network defense service that completely revamps the way network blacklists are formulated and distributed.The service, called Highly Predictive Blacklisting (.
Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products :"A recent ZDnet blog discusses a large number of vulnerabilities German research team N.
In a paper entitled "Analyzing Web sites for user-visible security design flaws" to be published at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25, Atul Prakash and two of his doctoral students examined 214 financial institutions in 2006, finding that over 75% of all the sites have at least one security design flaw :"These design flaws aren't bugs that can be fixed with a patch.
From Russia with (political) love? It appears so according to a deeper analysis of the command and control servers used by the attackers.
Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.From the alert:A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service.
True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed widely through the use of a cross-site scripting attack vector.