:: Deepquest ::

Zero Day Initiative Advisory 10-253 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the application’s implementation of the LZW compression when opening a certain file format. The application will allocate a buffer for the image and then decompress image data into it. Due to explicitly trusting the decompressed data, a buffer overflow will occur. This can lead to memory corruption and code execution under the context of the application.

And Android security hits the news once again, it’s not a vulnerability in the OS per-say but rather in the browser based on the Webkit engine. It does highlight the inherent fragmentation problems with the Android platform and the security concerns that come with running old OS and software versions.

Adobe Inc. said on Friday that it is planning to release an out-of-cycle update to fix critical security holes in its Reader and Acrobat products, including a fix for a newly disclosed hole that is already being exploited in the wild.

Some Apple Mac users who rushed to upgrade their systems with the company’s latest security patch were left to scramble for help after a conflict with disk encryption software from PGP rendered the upgraded Macs un-bootable. Reports of users who were unable to boot their Macs after upgrading their Mac OS X systems to the […]

DDOSIM simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, DDOSIM starts the conversation with the listening application (e.g. HTTP server). Can be used only in a laboratory environment to test the capacity of the target server to handle application specific DDOS attacks.

An anonymous hacker wearing a Guy Fawkes mask took over classroom projection screens at Washington State University last Friday, the fifth of November, to broadcast a prerecorded message adapted from V For Vendetta, in a prank that evidently alarmed administrators and amused students. The nearly four minute video, which was also posted on YouTube, and has […]

Facebook has its advantages, but also its negative side. Apart from the fact that your boss can see you weren’t actually sick that day last week because of your status update at that time, there are also some real security issues. The good thing is, with a bit of knowledge about those threats, most of […]

Security researchers found dozens of high risk security holes in the software used to run specific Android mobile devices, but that’s still a lot better than industry averages, according to a new report. Coverity, an application code testing firm, analyzed the source code for HTC’s Droid Incredible and found 359 defects, 88 of which it […]

SQL Server fingerprinting can be a time consuming process. It involves a lot many trial and error methods to fingerprint the exact SQL Server version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for a certain server are two of the ways to possibly fingerprint […]

Google has unveiled a new program to pay between $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications. “We hope our new program will attract new researchers and the types of reports that help make our users safer,” members of Google’s security team said in a group blog post.