QuickTime 0day for Vista and XP

A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.

The video above demonstrates the issue on Windows Vista and Windows XP. The Windows Vista demo is rather slow because it runs from a 512MB VMWare machine.

more | comments | comments rss | posted by

A Must Read: Brief Testimony of Our Disclosure Experience

We have been trying to expose our thoughts about the fundamental ethical issues in the industry for a quite a long time. The truth is that it is not very simple to define what a righteous hacking is or which is the best way to deal with discovered vulnerabilities. Moreover, we do realize that having this talk is also very subjective and has different meanings to everyone. In the past couple of months, GNUCITIZEN has increased its rank dramatically and became key topic of many media outlets. [...]

more | comments | comments rss | posted by

Full Disclosure?

As the GNUCITIZEN group grows, the team continue to find vulnerabilities in software products and applications, and there has been no real set policy around our members disclosure of these vulnerabilities. I think most of us have leaned towards the full-disclosure route. Occasionally, the vulnerability has been fairly critical and we have felt that releasing it early would be irresponsible, especially if the vendor had provided us with an acceptable timescale of when a fix would be available. [...]

more | comments | comments rss | posted by