Archive for the 'vulns' Category

Stop Fixing All The Things – Our BSidesLV Talk | The Risk I/O Blog

Saturday, August 10th, 2013

Recent parer shows that it make sense to focus only on vulns that have ready exploits in metasploit and exploitdb

Stop Fixing All The Things – Our BSidesLV Talk | The Risk I/O Blog

Saturday, August 10th, 2013

Recent parer shows that it make sense to focus only on vulns that have ready exploits in metasploit and exploitdb

Stop Fixing All The Things – Our BSidesLV Talk | The Risk I/O Blog

Saturday, August 10th, 2013

Recent parer shows that it make sense to focus only on vulns that have ready exploits in metasploit and exploitdb

Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

Saturday, August 10th, 2013

Recent security hole in wifi authentication — fix requires a roll-out of PKI (i.e. certificate-based auth ) for all devices . (Great ?! )

Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

Saturday, August 10th, 2013

Recent security hole in wifi authentication — fix requires a roll-out of PKI (i.e. certificate-based auth ) for all devices . (Great ?! )

Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

Saturday, August 10th, 2013

Recent security hole in wifi authentication — fix requires a roll-out of PKI (i.e. certificate-based auth ) for all devices . (Great ?! )

Reverse Proxy Bypass – Bug in Apache mod_proxy

Wednesday, October 5th, 2011

It is possible for an attacker to reach internal resources in a DMZ if RewriteRule or ProxyPassMatch directives are used in mod_proxy config

Reverse Proxy Bypass – Bug in Apache mod_proxy

Wednesday, October 5th, 2011

It is possible for an attacker to reach internal resources in a DMZ if RewriteRule or ProxyPassMatch directives are used in mod_proxy config

Not a Guessing Game — Paul Vixie [from ISC/Bind] on recenet DNS hole

Tuesday, July 15th, 2008

do a ‘dig TXT porttest.dns-oarc.net’ . || w.out disclosing details Pau confirms that the hole exists, and that !IMPORTANT! NAT/PAT effectively netrualize UDP port randomization fix

Matasano Chargen » This New Vulnerability: Dowd’s Inhuman Flash Exploit

Wednesday, April 16th, 2008

detalied description about Flash vuln that was used to vin a recent hack contest (where vista and mac were hacked )