Browsing Tag: vulnerabilities

MIAMI BEACH–It’s the accepted wisdom these days that many of the traditional security defenses organizations depend on just aren’t effective at deterring attackers. But this glosses over the fact that the last few years have included some major advances in defensive technologies, including the widespread adoption of exploit mitigations such as ASLR and DEP and the use of sandboxes in many applications. However, as these advances have made their way into the mainstream, the folks on the offensive side of the game have not been sitting idly by, either, as was made abundantly clear during the talks at the Infiltrate conference here.

Read more...

Categories: Vulnerabilities

MIAMI BEACH–There has been a lot of discussion and research in the last decade on exploiting heap overflows in various platforms, especially Windows. But one researcher has found that there is a heap allocator in the Linux kernel that is, as he describes it, “beautifully exploitable.” Meet SLOB.

Read more...

The White House has launched a new initiative designed to help companies in the electric power industry measure the maturity of their security programs against a new maturity model. The program is being run in tandem with the Department of Homeland Security and Department of Energy and is meant to help the utility companies find their weak spots and where they need to improve.

Read more...

Microsoft said in a post on the Technet Web site that it plans to release seven security bulletins on Tuesday, fixing eight security holes in a variety of products. Among them will be a fix for a new class of software vulnerability – the “Security Feature Bypass,” which could be used by attackers to make other exploits more potent, Microsoft said.

Read more...