exploits

  • WebOS vulnerability found, patched by Palm in latest release

    What to make of this WebOS exploit? It was discovered by the Intrepidus Group security firm, and it has to do with the way the operating system handles SMS messages. Basically, WebOS doesn’t perform a common security check on incoming SMS messages, meaning that any craftily formed SMS can essentially take out the entire phone. Read More

  • Windows 7 exploit (the first?) confirmed by Microsoft

    Windows 7 exploit (the first?) confirmed by Microsoft

    Windows 7 users would be well-advised to block outgoing ports 139 and 445. Microsoft has confirmed the existence of a vulnerability that affects SMB in Windows 7 and Windows Server 2008 RC2. Worst case scenario: you connect to a malicious server then it crashes your PC. Read More

  • Correction: Firefox vulnerability update

    Correction: Firefox vulnerability update

    Just a quick update on something we posted yesterday concerning a security vulnerability found in Mozilla’s Firefox web browser (see the original post here). First, this incident was NOT a zero day attack, as was originally reported. The exploit was discovered by a group called “The Zero Day Initiative” but was not actually a zero day exploit. According to the Mozilla… Read More

  • Classy CIA exploit makes you part of the .GOV

    Classy CIA exploit makes you part of the .GOV

    In line with the government-certified 8GB flash drive we just posted here’s a fun trick you can play on your local G-Men. There’s a search exploit at cia.gov that lets you type in any URL and have it pop up under the cia.gov URL. Great for phishing and scamming, kids, and even more fun for procuring government funds for your blog. Read More

  • Microsoft Word vulnerability confirmed

    Microsoft Word vulnerability confirmed

    A vulnerability found in Microsoft’s Jet Database Engine — the engine that shares data between Microsoft Office products and other apps — has been confirmed by Microsoft to be the area of exploit for a recent round of attacks. Windows Vista users aren’t vulnerable, as the operating system includes an updated version of the Jet Database Engine, but XP users could likely… Read More

  • Exploit makes iPhone a Spyphone*

    Exploit makes iPhone a Spyphone*

    Now this is scary. That iPhone in your pocket just might be your worst enemy. Ultranerd Rik Farrow, at the behest of Fast Company, has discovered a way to trick iPhone users into downloading malware to the handset. The application then allows the owner of the app to own the phone, and allows them to also intercept any text, email, or voice conversation you have. Thus your iPhone becomes a… Read More

  • The iPhone/Touch TIFF exploit explained in the cold poetry of code

    The iPhone/Touch TIFF exploit explained in the cold poetry of code


    Remember that weird TIFF exploit they used to get the iPhone/Touch to jailbreak itself? Neither do we. However, here is the source code for generating the improper and massive TIFF that is needed to get write access to your iPhone. If you go through the code you can see where the TIFF actually patches the filesystem to allow read/write access to the internal memory. Very cool. Source Read More

  • Safari For Windows Updated To 3.0.1, Fixes Exploits

    Safari For Windows Updated To 3.0.1, Fixes Exploits

    Apple just released Safari 3.0.1 for Windows, which fixes a few of those exploits we mentioned the other day. The update doesn’t apply to the Mac version of the public beta since Macs are inherently immune from viruses and other malware. You can get it via the Software Update app that came with the latest version of iTunes or via Apple’s download site. Safari [Apple] Read More

  • 0day Exploit For Safari For Windows Spotted

    0day Exploit For Safari For Windows Spotted

    Apple released its Safari Web browser for Windows (and Mac!) yesterday. There’s already a so-called 0day exploit for it, one that causes the browser to instantly crash when visiting a specific Web site. This Web site, to be exact. It’s mainly a proof of concept, so the exploit won’t really damage your installation, but the proof is in the pudding, as they say. Now Apple… Read More

  • Mac Users Don't Do Security Says Some Brit, Some Other Guy from Ohio

    Mac Users Don't Do Security Says Some Brit, Some Other Guy from Ohio

    A fellow by the name of Kevin Finisterre has been posting OS X security holes and bugs on his website every day. Some aren’t too happy that Finisterre is doing this as it could let otherwise clueless attackers know what to look for when trying to penetrate an OS X box. But Kevin thinks he’s doing the right thing. He says that OS X users are lazy and don’t care about… Read More