Exploring Exploits
Jun 12,
2012
In security testing, studying and deploying exploits seems to be the most fun. Exploits provoke the most thought and reaction amongst learners, as well. So, what exactly is an exploit? Let’s take a peek under the hood. Anatomy of Exploits They run the gamut in terms of how they work and what they do. The […]
Exploit vs. Antivirus: It’s No Contest
Jun 7,
2012
In a recent blog, we talked about the recent Java vulnerability and how it was still kicking around. The flaw has been identified as CVE-2012-0507 in the Common Vulnerabilities and Exposures database. You might be thinking that you are still safe, as you have antivirus. Let’s find out how well it protects you. As of […]
What is a Vulnerability?
May 30,
2012
In discussions and meetings with other information security professionals, I hear a lot of misinformation. I’m a geek and like to be more precise, rather than less. The use of the term vulnerability is a special pet-peeve of mine. The core of information assurance is making sure you don’t have serious vulnerabilities. So, what exactly […]
Bypassing User Activation Controls
May 22,
2012
My last blog about User Activation Controls suggested that they were of little help, even when they work. After all, user data (your documents, spreadsheets and such) are the most valuable things you have. Now, we’ll just trash UAC by bypassing it. We’ll do this by relying on a flaw: Microsoft loves itself. Remember, UAC […]
User Account Controls and False Security
May 16,
2012
It’s true that our friends at Microsoft have come a long way toward implementing good security. No, really. Adobe and Oracle/Java have become the big targets of cyberthieves. MS operating systems no longer regularly cause the Blue Screen of Death. And, ta-da, we have User Activation Controls to protect us. UAC, as it is called, […]