A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very interesting vulnerabilities in our work, we often share our findings with the masses in order to give something back to the community. […]
The Hack in the Box (HITB) conference that took place in Dubai, was all in all great fun. I would like to personally thank Dhillon, Belinda, Amy and everybody else from the HITB crew for making this event possible and making sure that everybody had a good time. The devil is in the details and this is what makes HITB the best conference in Asia and the middle-east region. I am anxiously looking forward to HITB KL. […]
The Black Hat Europe 2008 event took place on the 27th and 28th of March. In this post, you will be able to find information regarding my talk and research.
My presentation was titled Client-side Security. Here is the abstract:
The event was very interesting and very well organized. I met a lot of people and had very interesting discussions all together. You can download the conference materials from here. The paper is located here and the slides over here. […]
Yes, we’re back with more embedded devices vulnerability research! And yes, we’re also back with more security attacks against the BT Home Hub (most popular DSL router in the UK)!
As you know, we encourage folks in the community to team up with GNUCITIZEN in different projects as we’ve had very successful experiences doing so. This time it was Kevin Devine’s turn. […]
Here is the second version of the ZyXEL routers penetration testing paper. This second part of the paper is also fully practical just like the first one. No theory whatsoever, but rather real juicy attacks which is what we pentesters/whitehats are interested in (after all we need to be aware of what the bad guys can do)!. Unlike the first part of the paper, this one focuses more on attack techniques rather than newly-discovered vulnerabilities. […]
Help us create the best hacking reference/manual/book ever made. We provide the scene, the resources and the money, and you keep the credits and the control over the eventual profits. Read on.
During the next couple of months we are open for your submissions. The idea is to harvest the knowledge of the crowds in order to create the best hacker manual ever made. The process is very simple. […]
We were honored to be guests to Paul and Larry on PaulDotCom Security Weekly - the best security podcast on the Web.
The show was rather long, about 2 hours, but we’ve discussed many interesting things. Please mind the quality on Adrian’s and especially mine side of the audio stream. I used a very crappy headset, which was the cause of all sorts of problems. […]
Hacking is not only about coming up with interesting solutions to problems, but also about exploring the unknown. It was this drive for knowledge philosophy that lead to surveying a significant sample of the Internet which allowed us to make some VERY interesting observations and get an idea of the current state of remote SNMP hacking.
Why SNMP?
2.5 million random IP addresses were surveyed via SNMP. Why SNMP you might be asking? Well, there are several reasons. […]
I was asked to have a 30 minutes long introductionary presentation on client-side security issues. Although the presentation is very basic and high-level oriented, as it was designed to serve as an overview rather then as an in depth analysis, I thought that, still, someone may find it useful or may use it in their own works.
The PDF, PPT and ODT files are attached at the bottom. Let me know if it works for you.
First of all I need to let you know that it is not within our practice to disclose vulnerabilities on specific online applications. However, given the fact that Pownce, the vendor, was responsibly informed and the fact that we believe that the issue is interesting enough to be discussed, we’ve decided to let you know about our findings. […]