QuickTime 0day for Vista and XP

A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.

The video above demonstrates the issue on Windows Vista and Windows XP. The Windows Vista demo is rather slow because it runs from a 512MB VMWare machine.

more | comments | comments rss | posted by

Name (mDNS) Poisoning Attacks inside the LAN

How easy is for attackers to compromise the LAN? Answer: Very easy! With a few simple tricks, attackers can easily poison the local name resolution system for the machines inside a given LAN. Network Devices and Apple products are most vulnerable among others of course.

It is all due to mDNS. From Wikipedia’s article:

The problem with mDNS is that it is spoof-able. Here is how it works. A mDNS enabled client will perform a mDNS query on a multicast address. [...]

more | comments | comments rss | posted by