- Nils Jnemann: News about Google’s Vulnerability Reward Program – nilsjuenemann.de
Recently Adam Mein spoke at AppSec USA 2012 and Kevin Stadmeyer at SysScan 360 in Beijing about Google’s experience with the Web Vulnerability Reward Program. Both are Security Program Manager at Google.
- 5 Tips to Ensure Safe Penetration Tests with Metasploit – community.rapid7.com
In my warped view of the world, vulnerabilities are APIs that weren’t entirely intended by the developer. They hey are also undocumented and unsupported. Some of these vulnerabilities are exploited more reliably than others, and there are essentially three vectors to rank them.
- Exploiting and mitigating Java exploits in Internet Explorer – greyhathacker.net
This year we’ve seen a number of 0 day Java exploits surfacing and various mitigating steps mentioned in various sites that could be taken to prevent us from being compromised. A lot of these mitigating steps vary from each other so when it comes to mitigate Java in Internet Explorer it adds doubt to which is the best mitigation steps to follow.
- Defeating Windows 8 ROP Mitigation – c0decstuff.blogspot.com.es
Windows 8 introduced a number of exploit mitigation features, including hardening of both the userland and kernel heaps, mitigation against kernel-mode NULL pointer dereferences, and protection against abuse of virtual function pointer tables.
- Security flaw found in Samsung handsets, tablets – zdnet.com
An Android exploit could result in remote attackers gaining root level permissions of Samsung products.
- Iran CERT Reports New Data-Wiping Malware – threatpost.com
New data-wiping malware has been discovered targeting computers in Iran. No connection has been made to Flame, Wiper, Shamoon or other destructive malware.
- Security Researcher Compromises Cisco VoIP Phones With Vulnerability – darkreading.com
Grad student demonstrates how phones can be turned into listening devices by attackers
- And we’re back… – passing-the-hash.blogspot.com
Sorry folks for the delay in getting the blog updated. I’d meant to get back to the blog sooner, but I was on the road for a month, then I was trying to finish stuff up at work, then $excuse