Monday, March 30th, 2009
Experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide. The security community is treading lightly with this news, because while the discovery could make it easier to isolate infected ...
Posted in Coding, Internet, Security, Windows | 2 Comments
Thursday, March 26th, 2009
Mozilla Firefox is prone to a remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.
The following proof of concept is available:
http://www.securityfocus.com/data/vulnerabilities/exploits/2009-ffox-poc.tar.gz
Posted in Coding, Internet, Security, Software | 1 Comment
Tuesday, March 24th, 2009
Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm targeting routers and DSL modems.
The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem (above) and launching denial-of-service attacks on some Web sites.
Some ...
Posted in Hardware, Internet, Networking, Privacy, Security | No Comments
Monday, March 23rd, 2009
Apply all of the browser, application and OS patches you want, your machine still can be completely and silently compromised at the lowest level--without the use of any vulnerability.
That was the rather sobering message delivered by a pair of security researchers from Core Security Technologies in a talk at the ...
Posted in Hardware, Privacy, Security | No Comments
Saturday, March 21st, 2009
As promised, the paper and the proof of concept code has just been posted on the ITL website here.
A quote from the paper:
In this paper we have described practical exploitation of the CPU cache poisoning in order to read or write into (otherwise protected) SMRAM memory. We have implemented two ...
Posted in Coding, Hardware, Linux, Security, Windows | No Comments
