What to make of this WebOS exploit? It was discovered by the Intrepidus Group security firm, and it has to do with the way the operating system handles SMS messages. Basically, WebOS doesn’t perform a common security check on incoming SMS messages, meaning that any craftily formed SMS can essentially take out the entire phone. → Read More
Windows 7 users would be well-advised to block outgoing ports 139 and 445. Microsoft has confirmed the existence of a vulnerability that affects SMB in Windows 7 and Windows Server 2008 RC2. Worst case scenario: you connect to a malicious server then it crashes your PC. → Read More
Just a quick update on something we posted yesterday concerning a security vulnerability found in Mozilla’s Firefox web browser (see the original post here). First, this incident was NOT a zero day attack, as was originally reported. The exploit was discovered by a group called “The Zero Day Initiative” but was not actually a zero day exploit. According to the Mozilla Security Blog, the… → Read More
In line with the government-certified 8GB flash drive we just posted here’s a fun trick you can play on your local G-Men. There’s a search exploit at cia.gov that lets you type in any URL and have it pop up under the cia.gov URL. Great for phishing and scamming, kids, and even more fun for procuring government funds for your blog. → Read More
A vulnerability found in Microsoft’s Jet Database Engine — the engine that shares data between Microsoft Office products and other apps — has been confirmed by Microsoft to be the area of exploit for a recent round of attacks. Windows Vista users aren’t vulnerable, as the operating system includes an updated version of the Jet Database Engine, but XP users could likely be… → Read More
Remember that weird TIFF exploit they used to get the iPhone/Touch to jailbreak itself? Neither do we. However, here is the source code for generating the improper and massive TIFF that is needed to get write access to your iPhone. If you go through the code you can see where the TIFF actually patches the filesystem to allow read/write access to the internal memory. Very cool. Source → Read More
Apple just released Safari 3.0.1 for Windows, which fixes a few of those exploits we mentioned the other day. The update doesn’t apply to the Mac version of the public beta since Macs are inherently immune from viruses and other malware. You can get it via the Software Update app that came with the latest version of iTunes or via Apple’s download site. Safari [Apple] → Read More
Apple released its Safari Web browser for Windows (and Mac!) yesterday. There’s already a so-called 0day exploit for it, one that causes the browser to instantly crash when visiting a specific Web site. This Web site, to be exact. It’s mainly a proof of concept, so the exploit won’t really damage your installation, but the proof is in the pudding, as they say. Now Apple knows… → Read More
A fellow by the name of Kevin Finisterre has been posting OS X security holes and bugs on his website every day. Some aren’t too happy that Finisterre is doing this as it could let otherwise clueless attackers know what to look for when trying to penetrate an OS X box. But Kevin thinks he’s doing the right thing. He says that OS X users are lazy and don’t care about security… → Read More
Austin, TX
Seattle, WA
San Diego, CA
Menlo Park, CA
San Francisco, CA
Berlin, Germany
