(Proof Of Concept) See PoC exploit.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- What's holding Desktop Virtualization back?
- What's holding Desktop Virtualization back?Another hold-up to desktop virtualizationWe often see companies still in the "have to POC" virtual desktops stage because they have heard rumors of slow performance or application incompatibility. At vmSight we offer a tool to measure performance, connectivity, and access control of virtual desktops that...
- Discussion threads 2008-08-12
- Twitter vulnerability forces auto-follow
- Ryan Naraine over at ZDNet's Zero Day has the scoop on a new CSRF vulnerability in Twitter that forces users to follow a supposed attacker. While Naraine viewed the POC of this vulnerability no technical details were yet shared -- and Twitter has been notified -- but this is a...
- Blog posts 2008-07-31
- Heap-based buffer overflow reported in RealNetworks RealPlayer
- Heap-based buffer overflow reported in RealNetworks RealPlayerDefinition of PoC?Forgive my ignorance when using vulnerability speak, but what does PoC stand for? I thought at first it might mean Point of Contact, but I figured I might as well ask.RE: Black Hat webcastThe Black Hat conference organisers really should know...
- Discussion threads 2008-07-25
- Heap-based buffer overflow reported in RealNetworks RealPlayer
- Update 07/25/2008: Aaron Portnoy of TippingPoint's security research group was kind enough to point out that I'm actually not affected by this, since I've installed the newest version of RealPlayer. From Aaron's email: Notice the Secunia advisory states it affects RealPlayer 10.5... the latest is 11.x, which now uses...
- Blog posts 2008-07-25
- |)ruid and HD Moore release part 2 of DNS exploit
- |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...
- Discussion threads 2008-07-24
- McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position
- Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products : "A recent...
- Blog posts 2008-07-23
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Blog posts 2008-07-21
- Remote code execution through Intel CPU bugs
- Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting his research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia. If his proof of concept code consisting of JavaScript or TCP/IP packet attacks on...
- Blog posts 2008-07-14
- XSS worm at Justin.tv infects 2,525 profiles
- XSS worm at Justin.tv infects 2,525 profilesThe virus is impossible to findI see that they needed a proof of concept argument to have it studied then fixed.All computer problems stem from virus.Re: The virus is impossible to findXSS worms propagate using a site-specific vulnerability to do so. Fixing the vulnerability...
- Discussion threads 2008-07-14
- XSS worm at Justin.tv infects 2,525 profiles
- A XSS worm was crawling across Justin.tv, the popular lifecasting platform at the end of June, details of the incident emerged in the middle of last week. Basically, the group that found the XSS vulnerability abused it for the purpose of generating the following graph as a proof of concept,...
- Blog posts 2008-07-14
- Hyper-V: It's here
- Hyper-V: It's hereI Love it ....Quote:"Hyper-V does have one drawback, in that it will only run on the 64-bit version of Windows Server 2008, because it makes heavy use of Intel VT-X and AMD-V on chip virtualization acceleration features, which are only present in newer 64-bit CPUs."I have deployed 20...
- Discussion threads 2008-06-26
- Proof of Concept "carpet bombing" exploit released in the wild
- In what appears to be an attempt to provoke Apple to reconsider its currently passive position on the severity of the dubbed as "carpet bomb" flaw, a working Proof of Concept exploit code has been released at Liu Die Yu's security blog : Nitesh Dhanjani discovered that Safari for...
- Blog posts 2008-06-11
- Apple under pressure to fix Safari 'carpet bomb' flaw
- Apple under pressure to fix Safari 'carpet bomb' flawThe problem with this one isIt's too easy. Anyone can read the PoC and figure out how to conduct a full blown attack quite simply. If you fit the pieces together, it's directly attackable.-NateRE: Apple under pressure to fix Safari...
- Discussion threads 2008-05-20
- Rumor Mill: What's next from Apple (updated)
- Rumor Mill: What's next from Apple updatedNot backing up while working?That's insane. That's when I WANT my hourly backups. Too much dinosaur IT thinking (back up when the system isn't under load).POC?You might want lump all low-end PCs in this category as this is all the Psystar is. It benefits...
- Discussion threads 2008-05-16
- Rumor Mill: Atom smashed? MacBooks, location, Time Machine (updated)
- It's Friday, which means that it's time to look at the latest raft of rumors about our favorite Cupertino company. Atom-powered mini-tablet This one was pretty hot. ZDNet.de reported that Intel Germany CEO Hannes Schwaderer confirmed that there is an iPhone that will be using Intel's...
- Blog posts 2008-05-16
- AT
- ATHyperboleWell, you and I wouldn't buy one with a new release imminent, but that doesn't mean it's still not a valuable commodity. Hence, the insane demand.I posted a Craigslist ad for an 8GB iPhone and received 11 responses within 90 minutes of posting. Sold in less than 24...
- Discussion threads 2008-05-14
- MS08-025: Microsoft Windows kernel vulnerable to local privilege escalation flaw
- From Microsoft: A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server...
- Blog posts 2008-04-29
- TechNet Webcast: An Overview of Exchange Server 2007 Unified Messaging (Level 200)
- The presenter of this webcast provides an idea of what Unified Messaging UM is with Microsoft Exchange Server 2007. The presenter answers questions like - how is it different from other UM solutions? What are the components in a real-life UM implementation? The webcast introduces the components and describes their...
- Webcasts 2008-04-07
- Taking ownership of content
- Billy Rios covered a very interesting flaw in Google's code.google.com site on his blog today. The issue involves taking ownership of content of a third party by an application and relates to research that Rios and I originally presented at DEFCON 15 last year. Before...
- Blog posts 2008-04-04
- Firefox+patch+imminent
- Firefox+patch+imminentOf course it's imminentMozilla takes care of their apps. I would expect nothing less from them.9 days to patchthat's just one of the reasons FF is considered the safest browser around today.Hope the changes are reflected in the Ubuntu repositories soon.Is Firefox really safe to use it?This new is...
- Discussion threads 2008-02-06
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Intel IT Data Center Efficiency Initiative - Going Green
-
"See how Intel is consolidating down to 8 global data center hubs through the use of consolidation, virtualization and standardization. The initiative is expected to save Intel $1.8B by project completion.
- See how Intel plans to save $1.8 billion >>
