Archive for zero-day

You are browsing the archives of zero-day.

Zero Day Vulnerabilities Have No Patch Yet

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the […]

How Real Hacking Works

Hacking computers is a mysterious and dangerous world that most of us don’t really understand. This video shows some hackers at DEFCON demonstrating their techniques on a reporter who volunteered to be hacked. The video shows some basic “social engineering” which may use technical knowledge and experience, but involves classic “confidence” manipulation to gain credentials […]

SMB2 Threat

The SMBv2 vulnerability that has been lurking for several weeks now has exploit code available from both Canvas and Metasploit: Remote exploit released for Windows Vista SMB2 worm hole – [zdnet.com] [Canvas] Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole […]

Zer0 Vee Attack

In what may be the first publicly recorded hack of a zero-day flaw in virtualization software, attackers have wiped out data from over 100,000 web sites hosted by VAServ in the UK. Webhost hack wipes out data for 100,000 sites – [theregister.co.uk] Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening […]

IIS WebDAV zer0-day

This is a chronology of the development of awareness about a new zer0-day vulnerability in MS IIS WebDAV. (so far…) Microsoft IIS 6.0 WebDAV Remote Authentication Bypass – [seclists.org] This is the original disclosure/advisory as discovered by “Kingcope” on May 12, 2009. Vulnerability Details This vulnerability allows remote attackers to bypass access restrictions on vulnerable […]

PPT Zero Day

Microsoft has announced a patch for fourteen vulnerabilities in PowerPoint that includes one which has been already used by exploit code in the wild (a “zero-day” exploit). MS09-017 is the patch designation. Microsoft Security Bulletin MS09-017 – Critical – [microsoft.com] Executive Summary This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities […]

Perimeter

Perimeter

Perimeter attacks involve using exploit code to take advantage of weaknesses detected in perimeter devices to take control of them or leverage some level of access into greater access. The list of known security holes in windows based systems is quite large and constantly growing. This puts the defenders in a position of needed to […]