Latest Vulnerability Breakdown – 10/30/08
My apologies on the lack of posts this week. Work has been a bear and teachning a CISSP class every week has started to catch up with me also. All in all though it is a great time to be working with security. Microsoft’s patch was a big one and there are several exploits attacking [...]
Read Full Post | Make a Comment ( None so far )FrSIRT – Fedora Security Update Fixes Drupal Security Bypass Vulnerabilities / Exploit (Security Advisories)
via FrSIRT – Fedora Security Update Fixes Drupal Security Bypass Vulnerabilities / Exploit (Security Advisories)
Read Full Post | Make a Comment ( None so far )Kiosk Vulnerability Tester
*** (WORD OF WARNING) The website used http://ikat.ha.cked.net/ for iKat has a semi-graphic image that could be found objectionable ***
iKAT was designed to aid security consultants with the task of auditing the security of internet Kiosk software and deployed Kiosk terminals.
iKAT is designed to provide access to the underlying operating system of a Kiosk terminal [...]
Thwart Windows Authentication through Firewire
Adam Boileau (Metlstorm) has released a script (winlockpwn) written in Python, which allows a device running Linux to be connected to the FireWire port of a target workstation running Windows XP to get full read/write memory access and bypass Windows authentication. He demonstrated the tool in 2006, but didn’t release it until a few [...]
Read Full Post | Make a Comment ( None so far )VMWare Security Crumbling: Not Really
This week CoreLabs came out with notification of a vulnerability found with in VMWare’s software. This vulnerability allows an attacker to break out of the Guest Operating System. This vulnerability was found in VMware’s shared folders mechanism. It grants users of a Guest system read and write access to any portion of the [...]
Read Full Post | Make a Comment ( 2 so far )
