|
|
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Lots of things have been going on and I'm gonna do a quick update on my blog now. I released 3 new exploits on 09.07.2009. Ipswitch WS_FTP 12 Professional Remote Format String 0day PoC nocoolnameforawsftppoc.pl I actually got a non-robotic, insightful vendor response We saw your post regarding this vulnerability and wanted to thank you for bringing it to our attention. We have been able to reproduce the issue and have identified a fix. Our Ipswitch File Transfer Division policy is to notify the first reporting company via email , then after fixing, give mention to you in the Release Notes when the patch is released. You mention in your post that you tried to find a resource at Ipswitch. Can you tell me who you tried, so we can be more responsive in the future Sent in response Thanks for fixing the issue, please link me to the release notes when the updates are publically issued. I attempted to go through the support procedure, but the process seemed vague when trying to report a security issue. Like most other vendors that make security a top priority, a security contact email is issued and make publically available along with a team dedicated to fixing and responding to emails about security issues. And then I got Thanks for your response. I can see where the standard support procedure would seem vague for this purpose. I did find out today that we have a security ipswitch.com email that is monitored. We'll need to do a better job of publicizing it. I'll let you know when we have a release for the fix. GemStone S 6.3.1 stoned Local Buffer Overflow Exploit wonderfulcaricatureofexploitability.c Which is a good example of beating Linux's ASLR implementation as discussed in a previous post. Safari 3.2.3 Win32 'eval' Remote Denial of Service Exploit letsgosurfinnowonsafari.pl This is a bug that was in Krakow Lab's Fun Archive for a while and was fixed in Safari 4. I just released 4f, The File Format Fuzzing Framework at the Krakow Labs website today, you should check it out, and if you want to write modules for it there is a section explaining just how to do it. You can also check out the video graciously hosted by SecurityTube a GREAT site if you'd like to see 4f in action. Also, I am working with Mozilla on a vulnerability that affects Firefox 2.x and 3.x, currently tested up to 3.6a1 and allows users to tamper with other users downloads. You can check out the video here and I will be releasing exploit code as soon as updates fixing the issue are provided.
Les derniers articles du site "Jeremy's Computer Security Blog" :
- What did they fix
- Adobe Flash Temporary Filename Scheme
- Reverse Engineering File Formats
- Browser Fuzzer 3
- Writing Code that Breaks Code
- Mozilla Code sighs
- From Static Analysis to 0day Exploit
- Some vendors are 'unconcerned'
- Firefox Local Download Manager Vulnerability
- Desktop Management Interface DMI
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
