Previous
IP Traceback of Denial of Service (DoS) Attacks Using Mobile Agents
White Papers The main problem behind such attacks is the ability of an attacker to spoof his IP address. Thus, it's very difficult to identify the actual attacker. Accordingly, tracing back an attacker to actual source became a very important step to respond to...
[June 24, 2009, 16:02]
Microsoft warns of new server vulnerabilities
News Microsoft has warned of several newly discovered security holes in SQL Server, Microsoft Desktop Engine and Exchange software, the most serious of which could give an attacker control over an installation of SQL Server.
[July 25, 2002, 16:17]
IE security hole launches e-mail attachments
News A security hole in Microsoft's Internet Explorer Web browser can cause the browser to automatically open e-mail attachments that could be used by an attacker to execute malicious code, the company has warned.
[April 2, 2001, 8:06]
Longhorn deserves short shrift
Talkback When your machine is compromised by an attacker, and if you're running IE ultimately it WILL BE--that attacker wil lbe able to use these cool tools to parse through the contents of your entire hard disk using jus a few keywords.
[August 31, 2004, 14:08]
New attack technique puts Oracle in crosshairs
News It was previously thought that an attacker needed high-level privileges on the database to exploit so-called PL SQL injection vulnerabilities. NGS Software's 'Cursor Injection' paper describes a technique that may assist an attacker in exploitation...
[March 2, 2007, 8:02]
KDE flaw opens Linux systems to attack
News The flaw, deemed "critical" by the research outfit FrSIRT, could allow a remote attacker to gain control over vulnerable systems. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory.
[January 23, 2006, 9:15]
Microsoft to fix critical Windows holes
News The flaws, which could allow an attacker to remotely run code on a PC and take control of it, affect Windows 2000, XP, Vista, Windows Server 2003 and 2008, Windows Client for the Mac, Office 2000, XP and 2003, Microsoft Office Small Business...
[August 7, 2009, 13:18]
Media Player 'skins' in security alert
News Microsoft warned Windows Media Player users on Wednesday that a flaw in the way the application handles the download of "skins," or interface colours and motifs, could allow an attacker to take over a victim's PC.
[May 8, 2003, 8:42]
Microsoft warns of ActiveX attacks targeting Access
News An attacker would have to lure a victim, via a link in an email for instance, to a specially crafted web page that could exploit the security hole to allow remote code execution. This would provide the attacker with as much access to and rights on...
[July 8, 2008, 8:29]
New Apache flaw adds to Internet woes
News The Apache flaw could allow an attacker to discover sensitive information or execute malicious code, while the Windows bug makes it possible for users to gain privileges high enough to alter files and user accounts.
[August 20, 2002, 12:19]
Defense Against Low-Rate TCP-Targeted Denial-of-Service Attacks
White Papers An attacker injects periodic bursts of packets to fill the bottleneck queue and forces TCP connections to timeout with near-zero throughput. With RTO randomization, an attacker cannot predict the next TCP timeout and consequently cannot inject the...
[June 24, 2009, 16:02]
Microsoft Security Bulletin MS03-041
Downloads To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system.
[October 16, 2003, 8:00]
Companies urged to patch Sendmail
News The flaw allows an attacker to send a specially formatted email that could take control of a mail server running Sendmail and execute a malicious program. This vulnerability is especially dangerous because the exploit can be delivered within an...
[March 4, 2003, 7:53]
Security flaw hits SETI@home
News However, Wever pointed out that software to help an attacker reroute a victim's communications already exists. It fixes a buffer overflow vulnerability that could allow an attacker to take control of a computer just by sending specially formatted...
[April 7, 2003, 7:52]
Mac patch fails to fix problem
News The security issue could allow an attacker to transfer and then run a malicious program on a Mac, if the Mac's user can be enticed to go to a fake Web page on which the program has been placed. The other gives an attacker the ability to run a file...
[May 26, 2004, 8:35]
Microsoft patches 'important' security hole
News A flaw in Windows Media Services for Windows 2000 Server could allow an attacker to release a malicious program onto a server running the software. An attacker could invoke an ActiveX control that the software uses to access library data on the PC.
[June 26, 2003, 7:45]
IE flaws open back door to adware
News One flaw lets an attacker run a program on a victim's machine, while the other enables malicious code to "cross zones," or run with privileges higher than normal. The flaws could let any attacker with a Web site send an email message or an instant...
[June 10, 2004, 8:45]
Drive-by pharming poses security risk
News Security firm Symantec warned earlier this week that drive-by pharming could allow a malicious attacker to steal a user's bank details. If a user typed in www.my-bank.co.uk, for example, they would get a false version — allowing the attacker to...
[February 20, 2007, 16:12]
Cyberattacks exploit Word flaw
News When a user opens a rigged Word file, it may corrupt system memory in such a way that an attacker could gain complete control over the PC, Microsoft said in a security advisory posted late on Wednesday.
[February 16, 2007, 10:47]
Explorer flaw creates 'critical' worm-hole
News It appears to be a little more difficult than your vanilla buffer overflow because all of the data supplied by the attacker is converted to uppercase," he said. Although there is no proof that the vulnerability foretells the execution of arbitrary...
[June 26, 2003, 9:07]
