skip to main | skip to sidebar
_ Where facts are few, experts are many
  • Home
  • Menu
    • About Me
    • Advisories
    • Research and Presentations
    • Vulnerability Disclosure Policy
    • Old archived Blog
    • E-business Card
  • Daily IT Security News
  • Contact
    • Mail
  • Subscribe to Feed
Advisory : One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
| 1 comments ]

Subscribe to the RSS feed in case you are interested in updates
  • [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....



1 comments

CG said... @ 16 July, 2009 15:04

thanks for not killing my PS3 ;-)

Post a Comment

Newer Post Older Post Home

About Me

My Photo
Thierry Zoller
Welcome to my personal Blog where I blog about Information Security and in general anything I regard as newsworthy. On the professional side I am currently working as a Lead of Threat and Vulnerability Management at Verizon Business.

Quick-links
▪ About me / Profile
▪ Tools / Talks / Whitepapers
▪ My vulnerability disclosure policy
▪ Contact Me

The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.
View my complete profile

Follow @thierryzoller
View Thierry Zoller's profile on LinkedIn

Follow by Email

Subscribe to RSS

 Subscribe in a reader

Cluster Map

Popular Posts

  • The BEAST summary - TLS, CBC, Countermeasures (Update 4)
    Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Du...
  • IIS 6 / IIS 5 / IIS 5.1+ Webdav auth bypass [Final]
    Table of Contents Updates Bulletins Am I at risk ? Tools Technical details 0.1 Personal message Several news stories seem to allu...
  • Storing password securely - hashses, salts and bit stretching put into context
    Introduction Due to the latest row of high profile websites being compromised and parts of the password hashes being published h...
  • PCI compliance, Security in isolated systems and Parking Tellers (Part1)
    A colleague of mine spotted the below while doing expenses - The photograph below shows two separate receipts from two parking buildings t...
  • Attacker Classes and Pyramid (Version 3)
    This is a living blog post I will update whenever I have time and new ideas. TOC Introduction Updates Attacker Classes Attacker Pyr...

Recent Comments

Powered by Disqus

Blogs I read

  • Leblanc
    MSDN Blogs - MSDN Blogs - Integrated blog from the Microsoft Developer Network.
    15 minutes ago
  • Schneier on Security
    Friday Squid Blogging: Striped Pyjama Squid Pet Sculpture - Technically, it's a cuttlefish and not a squid. But it's still nice art. I posted a photo of a real striped pyjama squid way back in 2006. As usual, you ...
    11 hours ago
  • Securosis Highlights
    This botnet is no Pushdo-ver - In our recent little ditty on Network-based Threat Intelligence, we mentioned how resilience has become a major focus for command and control networks. T...
    15 hours ago
  • Krebs on Security
    Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor? - On Monday, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site "stress testing" services. Today, we'l...
    1 day ago
  • Claude Adam
    Reliounsunterrecht - Wat de Reliounsunterrecht an der Schoul betrëfft sinn d’Positiounen -zumindest theoretesch an um Pabeier, kloer. déi gréng, DP, LSAP an déi Lénk sinn fir e...
    1 day ago
  • Troy Hunt
    Hack yourself first – how to go on the offence before online attackers do - The unfortunate reality of the web today is that* you’re going to get hacked *. Statistically speaking at least, the odds of you having a website without ...
    2 days ago
  • Lenny Zeltser on Information Security
    Anticipating Cyber Threats Beyond APT - [image: image] Some organizations have encountered Advanced Persistent Threat over 5 years ago—earlier than most of us. Because of the types of data they...
    2 days ago
  • Didier Stevens
    Quickpost: Signed PDF Stego - A signed PDF file is just like all signed files with embedded signatures: the signature itself is excluded from the hash calculation. Open a signed PDF doc...
    2 days ago
  • VRT
    Microsoft Update Tuesday: Update for IE8 0-day and More - Today is Update Tuesday and Microsoft is releasing updates for 33 CVEs across 10 bulletins. We'll be discussing some of the highlights here. One of the mos...
    3 days ago
  • A Few Thoughts on Cryptographic Engineering
    On cellular encryption - If you're interested in technology/privacy issues then you probably heard last week's big news out of the Boston Marathon case. It comes by way of former...
    4 days ago
  • IBM Internet Security Systems Frequency X Blog
    April 2013 Super Tuesday -
    4 days ago
  • mossmann's blog
    Giving Away HackRF - The HackRF project has been open source from the very beginning. Even before we started the project, Jared Boone and I wanted to have an open source hardwar...
    1 week ago
  • The New School of Information Security
    The Onion and Breach Disclosure - There’s an important and interesting new breach disclosure that came out yesterdau. It demonstrates leadership by clearly explaining what happened and offe...
    1 week ago
  • Privacy Law Blog
    Protecting Privacy or Enabling Fraud? Employee Social Media Password Protection Laws May Clash with FINRA Rules - Jessica Goldenberg As a growing number of states pass legislation which will protect individuals’ social media accounts from employer scrutiny, they have...
    1 week ago
  • root labs rdist
    Keeping skills current in a changing world - I came across this article on how older tech workers are having trouble finding work. I’m sure many others have written about whether this is true, whose f...
    1 week ago
  • Uncommon Sense Security
    You know stuff. Share it. We’ll help. - You know stuff, you’ve seen interesting things, done interesting research, have a unique perspective. You also know that the ability to communicate effe...
    2 weeks ago
  • /dev/ttyS0
    Finding All Paths Between Two Functions in IDA - A common need that I have when reversing code is to find all possible code paths between two functions. Say for example that I’m looking for calls to dange...
    2 weeks ago
  • TaoSecurity
    Practice of Network Security Monitoring Table of Contents - Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monitoring. The TOC...
    2 weeks ago
  • contagio
    Blackhole redirect story - Blackhole 2 redirect story *1. Victim searches for jobs and internships on Google, and the sun is shining* GET /url?sa=t&rct=j&q=internships%2008734&sou...
    2 weeks ago
  • The iSecLab Blog [by Faculty and Students];
    Could the AP Twitter hack have been prevented? - Twitter hacks can cause a lot of damage. It is news of this week that the Associated Press Twitter account got compromised, and sent a tweet announcing tha...
    3 weeks ago
  • Ma petite parcelle d'Internet...
    NoSuchCon : le programme est (vraiment) en ligne - L e programme de No Such Conference est en ligne. Vous pouvez le consulter ici : http://www.nosuchcon.org/#schedule Speakers : http://www.nosuchcon.org/#sp...
    4 weeks ago
  • Carnal0wnage & Attack Research Blog
    Rails - Guard, Brakeman, and Bundler-Audit - Thanks to the efforts of Justin Collins (@presidentbeef - Brakeman) and Hal Brodigan (@postmodern_mod3 - Bundler-Audit), Rails developers (and Sinatra) ca...
    5 weeks ago
  • LuxLegal
    Actualités: Google, Youtube et la Sacem - Données personnelles : action répressive contre Google Le 2 avril 2013, les autorités de protection des données de six pays européens (l’autorité luxembour...
    1 month ago
  • Java security and related topics
    Randomly failed! Weaknesses in Java Pseudo Random Number Generators (PRNGs) - This will be a sum up of a Paper written by Kai Michaelis, Jörg Schwenk and me, which was presented at the Cryptographers' Track at RSA Conference 2013. ...
    1 month ago
  • Scrammed!
    Binary Instrumentation for Exploit Analysis Purposes (part 2) - *Introduction.* This is the second part of the article about binary instrumentation for exploit analysis purposes and this time we will discuss a real pdf ...
    1 month ago
  • CrySyS Blog
    Teamspy: bulbanews or vulvanews – a funny note? - From Wikipedia: Bulba From Wikipedia, the free encyclopedia Bulba (Бульба, [ˈbulʲba]) is a concert dance based on Belarusian folk traditions, choreographed...
    1 month ago
  • Chatter on the Wire: How excessive network traffic gives away too much!
    File updates to go with site change - I've been quite happy with the quick turn around that those that are using or have links to Satori have been able to update blog posts, urls, and in this c...
    2 months ago
  • woanware
    snorbert v1.0.8 - Changes Fixed bug in copy functionality Modified the NetWitness query generation as the generated query was too complex. Thanks ChrisB Added Find window/fu...
    2 months ago
  • GreyHatHacker.NET
    Bypassing Windows ASLR using “skype4COM” protocol handler - While investigating an unrelated issue using SysInternals Autoruns tool I spotted a couple of protocol handlers installed on the system by Skype. Knowing t...
    2 months ago
  • Amrit Williams Blog
    Red Dawn: Unit 61398 – Now What? - Some of my ‘so-called’ friends that help organize the RSA Security Bloggers event have decided that folks that attend should actually have blogged somethin...
    2 months ago
  • Cognitive Dissidents
    #RSAC is what you make of it - … Q: Are you going to RSA? A: Of course. RSA is mandatory punishment for people like me. Like I said just before RSA USA 2012, each year at RSA I want to q...
    2 months ago
  • Security
    Exploiting 64-bit Linux like a boss - Back in November 2012, a Chrome Releases blog post mysteriously stated: "Congratulations to Pinkie Pie for completing challenge: 64-bit exploit". Chrome pa...
    3 months ago
  • Metasploit
    New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590 - In this blog post we would like to share some details about the exploit for CVE-2010-2590, which we released in the last Metasploit update. This module e...
    4 months ago
  • Androguard
    Androguard 1.9 - Hi folks ! After pacsec conference in Tokyo, we finished few things to have a new version. And it is the time to release it ! We fixed a lot of things, bug...
    5 months ago
  • Secure Belief
    My Journey to OSCP - This all started when I enrolled for PWB, the most exciting course in network security. I had enough days to spend in lab but the pressure was to complet...
    5 months ago
  • ax330d's blog
    Announcing first release of PVT - I am happy to announce first public release of my project - PVT. Excerpt from the documentation: PVT is a PHP extension designed to make search of security...
    6 months ago
  • newsoft's fun blog
    L’échec du e-commerce français - J'ai envie d'un Google Galaxy Nexus. C'est quand même pratique pour tester Android 4.1 ou webOS 1.0. Pas de problème, puisque la page officielle de Google ...
    6 months ago
  • Fun Over IP
    Metasploit stager: reverse_https with basic authentication against proxy - 1. Introduction If reverse_https does an amazing job by supporting proxy server and NTLM authentication, it exists some situations where the proxy server o...
    7 months ago
  • CryptoLUX - Recent changes [en]
    MediaWiki:Sidebar -
    7 months ago
  • Digital Forensics is a Science
    Mobile Device Forensics - Course Update - It's been a few weeks since the last update, but things have been busy. The Fall 2012 term is now in Week 5 (wow, the semester is flying by). We've covered...
    7 months ago
  • Cup of Security
    Free Mobile ou Roaming Orange, vérifiez le vous-même avec votre iPhone ou smartphone Android - Si comme moi vous avez changé d'opérateur Mobile pour Free Mobile, vous n'avez pas pu passer à côté des lourdes accusations portées contre Free Mobile par ...
    1 year ago
  • ...And You Will Know me by the Trail of Bits
    Pwn2Own Pre-Game - Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses “Bug Hunting and Analysis 0×65” by Aaron Portnoy and ...
    1 year ago
  • Nynaeve
    NWScript JIT engine: Wrap-up (for now) - Yesterday, I provided a brief performance overview of the MSIL JIT backend versus my implementation of an interpretive VM for various workloads. Today, I’l...
    2 years ago
  • rmhrisk.wpengine.com/
    -
Show 10 Show All

Blog Archive

  • ►  2013 (2)
    • ►  March (2)
  • ►  2012 (11)
    • ►  November (1)
    • ►  August (2)
    • ►  July (1)
    • ►  June (4)
    • ►  May (2)
    • ►  March (1)
  • ►  2011 (10)
    • ►  December (3)
    • ►  November (1)
    • ►  October (2)
    • ►  September (2)
    • ►  August (2)
  • ►  2010 (6)
    • ►  August (1)
    • ►  July (1)
    • ►  March (2)
    • ►  February (2)
  • ▼  2009 (80)
    • ►  November (2)
    • ►  October (1)
    • ►  September (3)
    • ▼  July (3)
      • New advances in Office malware analysis
      • Advisory : One bug to rule them all - Firefox, IE...
      • 0pen0wn.c - Shellcode "dissasembled"
    • ►  June (2)
    • ►  May (22)
    • ►  April (16)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2008 (31)
    • ►  December (2)
    • ►  November (7)
    • ►  October (7)
    • ►  September (3)
    • ►  August (12)
  • ►  2007 (7)
    • ►  October (1)
    • ►  May (1)
    • ►  April (2)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2006 (6)
    • ►  December (1)
    • ►  August (2)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2005 (9)
    • ►  October (1)
    • ►  April (7)
    • ►  January (1)
  • ►  2000 (1)
    • ►  March (1)

Links

  • Schneier on Security
  • Brian Krebs on Security
  • Lenny Zeltser
  • Malware LU
  • CryptoLux
  • Unmitigated Risk
  • TaoSecurity - Bejtlich
  • root labs rdist
  • Securosis Blog
  • Trail of Bits
  • Sid's Blog [FR]
  • Fun over IP
  • Hack.lu
  • Joe Sandbox
  • SVEN

Labels

  • 0day (7)
  • Advisory (53)
  • Bluetooth (3)
  • BTcrack (5)
  • Hardware hacking (1)
  • How-to (7)
  • Interesting Reads (6)
  • Lectures (2)
  • Misc (10)
  • Omron 3S4YR-MVFW Card reader (3)
  • Rants from Thierry (19)
  • Tool (16)
  • Vulnerabilties (11)
  • Whitepaper (3)
 
Copyright Musings on Information Security Template by Michael Jubel