skip to main | skip to sidebar
_ Where facts are few, experts are many
  • Home
  • Menu
    • About Me
    • Advisories
    • Research and Presentations
    • Vulnerability Disclosure Policy
    • Old archived Blog
    • E-business Card
  • Daily IT Security News
  • Contact
    • Mail
  • Subscribe to Feed
Advisories - FPROT,Clamav
| 0 comments ]

Subscribe to the RSS feed in case you are interested in updates


  • [TZO-33-2009] FPROT generic bypass (TAR)
  • [TZO-40-2009] Clamav generic bypass (RAR,ZIP,CAB)
  • [TZO-34-2009] FPROT generic bypass (RAR,LHA,ARJ)
  • [TZO-43-2009] Clamav generic bypass (CAB)



Links to this post
Advisories: Apple, F-prot, Norman,Ikarus, Kaspersky
| 0 comments ]

Subscribe to the RSS feed in case you are interested in updates
  • [TZO-30-2009] Kaspersky generic PDF evasion (update: Kaspersky got in touch)
  • [TZO-31-2009] Ikarus generic evasion (ZIP,RAR,CAB)
  • [TZO-32-2009] Norman generic evasion (RAR)
  • [TZO-33-2009] F-Prot generic evasion (TAR)
  • [TZO-36-2009] Apple Safari & Quicktime Denial of Service
  • [TZO-37-2009] Apple Safari Remote code execution



Links to this post
Newer Posts Older Posts Home

About Me

My Photo
Thierry Zoller
Welcome to my personal Blog where I blog about Information Security and in general anything I regard as newsworthy. On the professional side I am currently working as a Lead of Threat and Vulnerability Management at Verizon Business.

Quick-links
▪ About me / Profile
▪ Tools / Talks / Whitepapers
▪ My vulnerability disclosure policy
▪ Contact Me

The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.
View my complete profile

Follow @thierryzoller
View Thierry Zoller's profile on LinkedIn

Follow by Email

Subscribe to RSS

 Subscribe in a reader

Cluster Map

Popular Posts

  • The BEAST summary - TLS, CBC, Countermeasures (Update 4)
    Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Du...
  • IIS 6 / IIS 5 / IIS 5.1+ Webdav auth bypass [Final]
    Table of Contents Updates Bulletins Am I at risk ? Tools Technical details 0.1 Personal message Several news stories seem to allu...
  • Storing password securely - hashses, salts and bit stretching put into context
    Introduction Due to the latest row of high profile websites being compromised and parts of the password hashes being published h...
  • PCI compliance, Security in isolated systems and Parking Tellers (Part1)
    A colleague of mine spotted the below while doing expenses - The photograph below shows two separate receipts from two parking buildings t...
  • Attacker Classes and Pyramid (Version 3)
    This is a living blog post I will update whenever I have time and new ideas. TOC Introduction Updates Attacker Classes Attacker Pyr...

Recent Comments

Powered by Disqus

Blogs I read

  • Leblanc
    MSDN Blogs - MSDN Blogs - Learn more about the MSDN Blog Platform at the MSDN Blogs - Help blog! Provide Site Feedback on MSDN Blogs
    14 minutes ago
  • Krebs on Security
    Reports: Liberty Reserve Founder Arrested, Site Shuttered - The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reported...
    6 hours ago
  • Ma petite parcelle d'Internet...
    NoSuchCon : one week later... - N oSuchCon s'est terminée il y a maintenant une semaine. Nous avons pris beaucoup de plaisir à organiser cet événement et remercions chaleureusement les sp...
    19 hours ago
  • Schneier on Security
    Friday Squid Blogging: Eating Giant Squid - How does he know this? Chris Cosentino, the Bay Area’s "Offal Chef" at Incanto in San Francisco and PIGG at Umamicatessen in Los Angeles, opted for the m...
    1 day ago
  • The New School of Information Security
    Workshop on the Economics of Information Security - The next Workshop on the Economics of Information Security will be held June 11-12 at Georgetown University, Washington, D.C. Many of the papers look fasci...
    1 day ago
  • Securosis Highlights
    Friday Summary: May 24, 2013 - This month Google announced a new five year plan for identity management, and update from 2008’s five year plan. Their look backward is as interesting as...
    1 day ago
  • Privacy Law Blog
    Colorado and Washington Join Growing List of States Prohibiting Employer Access to Employee Social Media Accounts - Kevin Khurana Colorado on May 12, 2013 and Washington on May 21, 2013 joined the likes of California, Maryland, Utah and New Mexico by prohibiting employ...
    1 day ago
  • Carnal0wnage & Attack Research Blog
    Funky Juniper URLs - If you've ever tested any clients that have Juniper VPNs you've probable seen the ol: http://[target]/dana-na/auth/url_default/welcome.cgi URL. @infosec...
    2 days ago
  • Lenny Zeltser on Information Security
    What Anomalies Trigger The LinkedIn Sign-In Verification Challenge? - LinkedIn prompts users to take additional steps when it determines that the logon attempt is unusual. What activities does LinkedIn consider suspicious? ...
    2 days ago
  • IBM Internet Security Systems Frequency X Blog
    Redirecting -
    3 days ago
  • LuxLegal
    Analyse du projet de loi proposant un nouveau cadre juridique pour l’archivage électronique - Le site d’information juridique Legitech vient de publier un article relatif au projet de loi proposant un nouveau cadre pour l’archivage électronique. A l...
    3 days ago
  • Claude Adam
    Meeting Alexander Bonde - Am Rande des Frühjahrsgipfels des NATO Parlamentes in Luxemburg hatte ich ein informelles Gespräch mit Alexander Bonde, Minister für Ländlichen Raum und Ve...
    5 days ago
  • Troy Hunt
    Your login form posts to HTTPS, but you blew it when you loaded it over HTTP - Here’s an often held conversation between concerned website user and site owner: *User:* “Hey mate, your website isn’t using SSL when I enter my password...
    5 days ago
  • VRT
    Java Web Start or as it should be called "Sure go ahead and run what you like" - Late last month, Immunity published a blog post concerning a new way to escape the Java security warnings using a novel and simple method, by using the con...
    1 week ago
  • Didier Stevens
    Quickpost: Signed PDF Stego - A signed PDF file is just like all signed files with embedded signatures: the signature itself is excluded from the hash calculation. Open a signed PDF doc...
    1 week ago
  • A Few Thoughts on Cryptographic Engineering
    On cellular encryption - If you're interested in technology/privacy issues then you probably heard last week's big news out of the Boston Marathon case. It comes by way of former...
    1 week ago
  • mossmann's blog
    Giving Away HackRF - The HackRF project has been open source from the very beginning. Even before we started the project, Jared Boone and I wanted to have an open source hardwar...
    2 weeks ago
  • root labs rdist
    Keeping skills current in a changing world - I came across this article on how older tech workers are having trouble finding work. I’m sure many others have written about whether this is true, whose f...
    2 weeks ago
  • Uncommon Sense Security
    You know stuff. Share it. We’ll help. - You know stuff, you’ve seen interesting things, done interesting research, have a unique perspective. You also know that the ability to communicate effe...
    3 weeks ago
  • /dev/ttyS0
    Finding All Paths Between Two Functions in IDA - A common need that I have when reversing code is to find all possible code paths between two functions. Say for example that I’m looking for calls to dange...
    3 weeks ago
  • TaoSecurity
    Practice of Network Security Monitoring Table of Contents - Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monitoring. The TOC...
    3 weeks ago
  • contagio
    Blackhole redirect story - Blackhole 2 redirect story *1. Victim searches for jobs and internships on Google, and the sun is shining* GET /url?sa=t&rct=j&q=internships%2008734&sou...
    4 weeks ago
  • The iSecLab Blog [by Faculty and Students];
    Could the AP Twitter hack have been prevented? - Twitter hacks can cause a lot of damage. It is news of this week that the Associated Press Twitter account got compromised, and sent a tweet announcing tha...
    4 weeks ago
  • Java security and related topics
    Randomly failed! Weaknesses in Java Pseudo Random Number Generators (PRNGs) - This will be a sum up of a Paper written by Kai Michaelis, Jörg Schwenk and me, which was presented at the Cryptographers' Track at RSA Conference 2013. ...
    2 months ago
  • Scrammed!
    Binary Instrumentation for Exploit Analysis Purposes (part 2) - *Introduction.* This is the second part of the article about binary instrumentation for exploit analysis purposes and this time we will discuss a real pdf ...
    2 months ago
  • CrySyS Blog
    Teamspy: bulbanews or vulvanews – a funny note? - From Wikipedia: Bulba From Wikipedia, the free encyclopedia Bulba (Бульба, [ˈbulʲba]) is a concert dance based on Belarusian folk traditions, choreographed...
    2 months ago
  • Chatter on the Wire: How excessive network traffic gives away too much!
    File updates to go with site change - I've been quite happy with the quick turn around that those that are using or have links to Satori have been able to update blog posts, urls, and in this c...
    2 months ago
  • woanware
    snorbert v1.0.8 - Changes Fixed bug in copy functionality Modified the NetWitness query generation as the generated query was too complex. Thanks ChrisB Added Find window/fu...
    2 months ago
  • GreyHatHacker.NET
    Bypassing Windows ASLR using “skype4COM” protocol handler - While investigating an unrelated issue using SysInternals Autoruns tool I spotted a couple of protocol handlers installed on the system by Skype. Knowing t...
    3 months ago
  • Amrit Williams Blog
    Red Dawn: Unit 61398 – Now What? - Some of my ‘so-called’ friends that help organize the RSA Security Bloggers event have decided that folks that attend should actually have blogged somethin...
    3 months ago
  • Cognitive Dissidents
    #RSAC is what you make of it - … Q: Are you going to RSA? A: Of course. RSA is mandatory punishment for people like me. Like I said just before RSA USA 2012, each year at RSA I want to q...
    3 months ago
  • Security
    Exploiting 64-bit Linux like a boss - Back in November 2012, a Chrome Releases blog post mysteriously stated: "Congratulations to Pinkie Pie for completing challenge: 64-bit exploit". Chrome pa...
    3 months ago
  • Metasploit
    New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590 - In this blog post we would like to share some details about the exploit for CVE-2010-2590, which we released in the last Metasploit update. This module e...
    5 months ago
  • Androguard
    Androguard 1.9 - Hi folks ! After pacsec conference in Tokyo, we finished few things to have a new version. And it is the time to release it ! We fixed a lot of things, bug...
    5 months ago
  • Secure Belief
    My Journey to OSCP - This all started when I enrolled for PWB, the most exciting course in network security. I had enough days to spend in lab but the pressure was to complet...
    6 months ago
  • ax330d's blog
    Announcing first release of PVT - I am happy to announce first public release of my project - PVT. Excerpt from the documentation: PVT is a PHP extension designed to make search of security...
    7 months ago
  • newsoft's fun blog
    L’échec du e-commerce français - J'ai envie d'un Google Galaxy Nexus. C'est quand même pratique pour tester Android 4.1 ou webOS 1.0. Pas de problème, puisque la page officielle de Google ...
    7 months ago
  • Fun Over IP
    Metasploit stager: reverse_https with basic authentication against proxy - 1. Introduction If reverse_https does an amazing job by supporting proxy server and NTLM authentication, it exists some situations where the proxy server o...
    7 months ago
  • CryptoLUX - Recent changes [en]
    MediaWiki:Sidebar -
    7 months ago
  • Digital Forensics is a Science
    Mobile Device Forensics - Course Update - It's been a few weeks since the last update, but things have been busy. The Fall 2012 term is now in Week 5 (wow, the semester is flying by). We've covered...
    7 months ago
  • Cup of Security
    Free Mobile ou Roaming Orange, vérifiez le vous-même avec votre iPhone ou smartphone Android - Si comme moi vous avez changé d'opérateur Mobile pour Free Mobile, vous n'avez pas pu passer à côté des lourdes accusations portées contre Free Mobile par ...
    1 year ago
  • ...And You Will Know me by the Trail of Bits
    Pwn2Own Pre-Game - Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses “Bug Hunting and Analysis 0×65” by Aaron Portnoy and ...
    1 year ago
  • Nynaeve
    NWScript JIT engine: Wrap-up (for now) - Yesterday, I provided a brief performance overview of the MSIL JIT backend versus my implementation of an interpretive VM for various workloads. Today, I’l...
    2 years ago
  • rmhrisk.wpengine.com/
    -
Show 10 Show All

Blog Archive

  • ►  2013 (2)
    • ►  March (2)
  • ►  2012 (11)
    • ►  November (1)
    • ►  August (2)
    • ►  July (1)
    • ►  June (4)
    • ►  May (2)
    • ►  March (1)
  • ►  2011 (10)
    • ►  December (3)
    • ►  November (1)
    • ►  October (2)
    • ►  September (2)
    • ►  August (2)
  • ►  2010 (6)
    • ►  August (1)
    • ►  July (1)
    • ►  March (2)
    • ►  February (2)
  • ▼  2009 (80)
    • ►  November (2)
    • ►  October (1)
    • ►  September (3)
    • ►  July (3)
    • ▼  June (2)
      • Advisories - FPROT,Clamav
      • Advisories: Apple, F-prot, Norman,Ikarus, Kaspers...
    • ►  May (22)
    • ►  April (16)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2008 (31)
    • ►  December (2)
    • ►  November (7)
    • ►  October (7)
    • ►  September (3)
    • ►  August (12)
  • ►  2007 (7)
    • ►  October (1)
    • ►  May (1)
    • ►  April (2)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2006 (6)
    • ►  December (1)
    • ►  August (2)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2005 (9)
    • ►  October (1)
    • ►  April (7)
    • ►  January (1)
  • ►  2000 (1)
    • ►  March (1)

Links

  • Schneier on Security
  • Brian Krebs on Security
  • Lenny Zeltser
  • Malware LU
  • CryptoLux
  • Unmitigated Risk
  • TaoSecurity - Bejtlich
  • root labs rdist
  • Securosis Blog
  • Trail of Bits
  • Sid's Blog [FR]
  • Fun over IP
  • Hack.lu
  • Joe Sandbox
  • SVEN

Labels

  • 0day (7)
  • Advisory (53)
  • Bluetooth (3)
  • BTcrack (5)
  • Hardware hacking (1)
  • How-to (7)
  • Interesting Reads (6)
  • Lectures (2)
  • Misc (10)
  • Omron 3S4YR-MVFW Card reader (3)
  • Rants from Thierry (19)
  • Tool (16)
  • Vulnerabilties (11)
  • Whitepaper (3)
 
Copyright Musings on Information Security Template by Michael Jubel