About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Dennis Fisher talks with HD Moore, the founder of the Metasploit Project and the chief security officer at Rapid7, about the evolution of Metasploit, the difficulty of client-side exploitation in the age of DEP and ASLR and the decision on when to publish an exploit.
Foxit on Friday released an update to fix the problem with PDF readers running executables without users’ permission. The problem, which was identified and publicized by Didier Stevens earlier this week, still exists in Adobe Reader.
This video features a detailed demonstration of a technique for reproducing the Aurora Internet Explorer exploit using the Metasploit Framework.
The developers at Mozilla soon will be adding a new privacy enhancement to the Firefox browser that will help prevent attackers and the operators of third-party Web sites from seeing which other sites a user has visited.
Spammers and malware writers have wasted no time in taking advantage of Monday’s bombings in Moscow, opening up a campaign on Twitter to point users to malicious sites.
There is a vulnerability in some versions of the OpenSSL software that can enable an attacker to crash remote clients or servers using a specially constructed record.
VANCOUVER–Software makers, led by Microsoft, have spent the last few years steadily adding new memory-protection and exploit-mitigation technologies such as ASLR, DEP and SafeSEH to their products. But the state of the art in exploitation has advanced just as steadily and, as researchers showed at CanSecWest this week, bypassing these protections is challenging, but increasingly feasible.
Charlie Miller won his third consecutive Pwn2Own contest at the CanSecWest conference in Vancouver this week. In this video he talks about the contest, the state of Apple security and the bug-finding and reporting process.
A revised draft of the Rockefeller-Snowe cybersecurity legislation
released last week removes the so-called “kill switch” that gives the
president the authority to shut down the Internet in the event of a
massive cyberattack. Read the full article [SearchCompliance.com]
In their constant quest to find new and interesting ways to abuse the Internet, attackers recently have begun using an old technique to obfuscate URLs and IP addresses to bypass URL filters and direct users to malicious sites.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
