From: Erin Carroll (amoeba@amoebazone.com)
Date: Wed Jan 04 2006 - 20:49:37 EST
A new article on SecurityFocus regarding the recent WMF exploit. I've
personally played with the metasploit package for this but haven't had time
to check out the updated signatures for various vendors (F-Secure, ISS,
Trend, etc). Out of curiousity has anyone done any testing against the new
signatures to determine if they are code specific or if tricks like tagging
%0%0 in the payload bypasses them?
Zero-day holiday
by Kelly Martin
2006-01-04
A few hundred million Windows XP machines lay vulnerable on the Web today, a
week after a zero-day exploit was discovered. Meanwhile, new approaches and
ideas from the academic world - that focus exclusively on children - may
give us hope for the future after all.
http://www.securityfocus.com/columnists/377
-- Erin Carroll "Do Not Taunt Happy-Fun Ball" -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date: 1/3/2006 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:19 EDT