Send tip

Microsoft’s Enhanced Mitigation Experience Toolkit

Written on January 12, 2011 by Adam Eve

0 person

Microsoft's Enhanced Mitigation Experience Toolkit (EMET), aims to harden up Windows applications from exploits while patch is still under way. Every Windows PC users should have one in their desktop.

A new zero-day hole in all versions of Windows has been spotted! The flaw occurs when an attacker exploits an un-initialized memory during a CSS function in Internet Explorer. Hence, it is possible for memory to be leveraged by an attacker under certain conditions, with the help of customized website. Similar holes have been discovered in past applications like Adobe Reader, Adobe Flash, and Apple’s QuickTime. And while users are waiting for the patch, Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is here to help them.

EMET is a simple, but powerful, configuration utility that enables users to toughen their Windows applications for security purposes. A couple of months ago, Microsoft released the second version of EMET that runs on all supported Windows client and server editions. The toolkit offers a straightforward and clean interface that works with multiple Windows versions. It provides users with granular control over Data Execution Prevention (DEP). Hardware-enforced DEP prevents the execution of code in memory locations that should contain only data. With the help of EMET, users can turn on the DEP for applications that were not originally compatible with the feature.

Read the rest of the article »
TumblrStumbleUponDeliciousRedditDiggShare

Hackers Exploit Newest Adobe Flash Bug

Written on November 01, 2010 by Adam Eve

3 persons

Adobe acknowledged another flaw on their Flash player, as Mila Parkour reported the bug. Users must be aware of some PDF files that are sleeping inside their computers. Or else it may drop a bomb.

Adobe confirmed today that hackers are exploiting a critical un-patched bug in Flash Player. According to a security advisory issued by the company: “There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat.”

Mila Parkour, an independent security researcher, reported that a malicious PDF file document exploits the bug in Reader, then drops a malware on the victimized machine. All versions of Flash on Windows, Mac, Linux, and Android carries the bug by the “Authplay” component of Reader and Acrobat 9.x. And while no patch is available yet, users can protect themselves by deleting the authplay.dll. However, it will crash the Reader and Acrobat when it access a file that contains a Flash content.

Adobe promised to issue a fix by November 9, and will update the Reader and Acrobat a week after that.

View Article Source »
TumblrStumbleUponDeliciousRedditDiggShare

Adobe Warns About Zero-day Hole

Written on September 09, 2010 by Adam Eve

0 person

It's a big "fire in the hole" with Adobe's Acrobat Reader 9.3.4 as exploits has been discovered by the company. There's not patch available yet, so move over before the bomb explodes right at your face.

According to a company statement, Adobe learned last Tuesday that their Acrobat Reader is being exploited in the wild. The vulnerability was found in Adobe Reader 9.3.4 and earlier versions for Macintosh, Windows and Unix. As stated in a security advisory, the hole can enable an attacker to take control of an affected computer and eventually millions of other PCs that uses the Adobe Software. Unfortunately, there no mitigations that can be provided by the company as of the moment. Still, Adobe is actively sharing the information about this issue with partners in the security community to quickly develop detection and quarantine methods. Until a patch becomes available, the schedule for a security update release is still under evaluation.

View Article Source »
TumblrStumbleUponDeliciousRedditDiggShare

Now Available: iOS PDF Flaw Patch

Written on August 12, 2010 by Adam Eve

0 person

After jailbreaking an iOS device was announced as legal, Apple created a patch for the flaw. User of iPhone, iPod Touch and iPad can now work on their devices without breaking their warranty.

Apple has released the security updates for iPhone, iPod touch and iPad today. The update address the flaw in PDF handling and I/O that have been recently exploited to create a web-based jailbreak for Apple’s portable devices. iOS 4.0.2 for iPod touch and iPhone and 3.2.2 for iPad is now available via iTunes.

The web-based jailbreak is dependent on two vulnerabilities in order to work. An open source from FreeType Library is used by iOS’s PDF rendering engine, that can result in and overflow of stack buffer whenever it handles a CFF data. The flaw can be exploited to execute an arbitrary code with the help of an especially designed PDF. Once the overflow occurs, and integer counterpart flaw in IOSurface could be misused to elevate privileges from the user to the root. With heightened freedom, a code from jailbreakme.com removes the security features that prevent other apps in running on any iOS-based devices.

Read the rest of the article »
TumblrStumbleUponDeliciousRedditDiggShare

Patch for Backbreaker Due Soon

Written on August 05, 2010 by Adam Eve

0 person

After two years of developing the game, Backbreaker now has an available update. NaturalMotion promises gamers a new, faster and better online American Football game experience. Are you ready to take the action?

As soon as Wednesday, new features for the football game, Backbreaker, will be available through the biggest patch you’ll ever see in a sports game. Features include new plays, better AI, replay camera suites and better “focus mode.” Though the patch , dubbed as “Greathouse,” are sort of needed in the first place, it is still a good news.



One of the biggest complaints in the original game is the passing. NaturalMotion Games, the game’s most dedicated contributor, promises a complete pass, increased quarter back accuracy across the board and a pump-fake command relocation to a shoulder button. Corners and safeties now fully respect their visibility cone, and see interception opportunities whenever acceptable.

Read the rest of the article »
TumblrStumbleUponDeliciousRedditDiggShare

Featured


View all