IT Trenches:

vulnerability


September 10, 2010  3:56 PM

DLL hole also affects EXE files



Posted by: Troy Tate
exploit, hacking, information security, infosec, risk analysis, threat, vulnerability

According to a Heise Media report, the DLL binary planting vulnerability is not just limited to DLL files but affects EXE files. The example given: An HTML file is saved along with a copy of a file called EXPLORE.EXE. The HTML file is opened and has a URI link embedded with the address file://....

August 26, 2010  6:08 PM

Online devices, applications and threats grow – predictions for 2013



Posted by: Troy Tate
analysis, application, application development, application management, Cisco, device management, information security, mobile devices, mobility, social networking, threats, trends, vulnerability, vulnerability assessment

The Cisco 2010 Midyear Security Report shows some staggering statistics about the number of online devices, mobile applications and security threats projected to be around in 2013.

  • In 2007...


August 24, 2010  8:01 PM

Whak-a-mole testing for Microsoft DLL exploit



Posted by: Troy Tate
application development, DLL, exploit, metasploit, Microsoft, Microsoft DLL, qa testing, vulnerability, vulnerability analysis

HD Moore of


January 22, 2010  7:34 PM

Sure you can use my security context – exploit me!



Posted by: Troy Tate
exploit, group policy, information security, least user authority, lua, Microsoft, principle of least privilege, security bulletin, vulnerability

I recently blogged about the fact that the initial reports of the Google Aurora attack focused on Internet Explorer version 6. Some...


January 21, 2010  9:57 PM

Google Aurora attack focused on IE6 – does anybody do autoupdates anymore?



Posted by: Troy Tate
attack, Aurora, fixes, Internet Explorer, malicious software, malware, Microsoft, patch, patch management, threat, update, vulnerability

Maybe you have heard about the recent


November 5, 2009  4:50 PM

Do you use TLS or client certificates for authentication? Beware of new MITM vulnerability



Posted by: Troy Tate
apache, authentication, certificates, IIS, information security, risk, risk management, SSL, tls, vulnerability, web services

As Michael Morisy of ITKE recently posted, New SSL security hole allows man-in-the-middle attacks, a new SSL...


September 14, 2009  1:49 PM

Microsoft does not patch vulnerability for supported version of Windows



Posted by: Troy Tate
information security, Microsoft, Microsoft support, patches, risk, risk management, support, tcp, tcp-ip, tcp/ip, threat, vulnerability, Windows, windows 2000

Last week was the September issue of Microsoft "patch Tuesday". The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the


August 24, 2009  8:33 PM

Red alert – automated SHIELDS Up – malware becomes smarter!



Posted by: Troy Tate
bot, command and control, information security, malware, malware research, threat, vulnerability

If you haven't recently kept up to date on the malware front, a recent article at DarkReading may come as a surprise to you. ALERT: Malware has become intelligent!


March 31, 2009  3:32 PM

Simple Conficker Scanner tool released – find the infected machines



Posted by: Troy Tate
anti-virus, antivirus, Conficker, detection, diagnostic tools, honeynet, ms08-067, patches, scanning, vulnerability, vulnerability scanning

A Simple Conficker Scanner (SCS) tool has been released by members of the Honeynet Project. This tool can be run under linux or Windows. It runs a...


December 3, 2008  3:50 PM

Holiday greeting cards, holiday shopping and computer security awareness



Posted by: Troy Tate
administration, anti-virus, antivirus, awareness, Browsers, data loss, Data security, education, Firefox, Firewalls, homeland security, IT education, malware, Microsoft, Microsoft Windows, online identity, phishing, risk, Security, spam, SSL, vulnerability


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: