Latest Stories

*UPDATE* I placed the wrong PoC, I had several of test cases and the one below should work.

Abstract.  read more »

TippingPoint held another contest last week, which involved hacking a couple of fully patched Apple products, like the Apple MacBook Air. Reportedly it was hacked under two minutes by Charlie Miller's team. And guess what?  read more »

from Marco Crotta
"Hello

I recently wrote a small C program to modify PCAP files
to forge them and use them for test and so on
It allows you to change:
- IP address of packet
- Mac address of packet
- time of the capture
- Mbit/second
- Packets/second"
download here....

Correction: Sorry folks... there's so much happening at the moment, I've merged a couple of kits in my mind. It's not a mix of vbscript and javascript. It's just javascript, and thus far, we've only seen one exploit come out of it ... a mouldy, old MS06-014, although we expect there are more than that. The rest of the write-up is reasonably accurate, and we'll continue to correct things as we find more.

Hi folks,  read more »

Hi folks,

Here are some of the Innocent Searches that might get you into trouble from just today. There are rather a lot of them...

AREA MEASUREMENT - wrong choice gets a link to a known exploit site
recipe for bine turkey - what's a bine turkey? anyway, wrong choice gets a rootkit
currency converter - rootkit
americanexpress/activate - rootkit
sixth avenue electronics - rootkit
deltashuttle - rootkit
blue licenses holding - rootkit
office depot links paper templates - rootkit
knitted or crocheted dachshund patterns - rootkit  read more »

Hi folks,

MalwareAlarm is so common now, we decided to give it it's own vid. Remember, it's not really scanning your pc, it's just pretending to, but it does a very good job of pretending. Enjoy...

Cheers

Roger

Hi folks,

hat-tip to Ståle Fagerland of Norman for noticing this article...

http://joongangdaily.joins.com/article/view.asp?aid=2886846  read more »

(Sorry... the alliteration bug bit me)

Hi folks,

Last night, as the title suggests, we found a new version of Neosploit. It has two new exploits, one uses a clsid of EEE78591-FE22-11D0-8BEF-0060081841DE, which appears to be the ActiveVoice ActiveX dll from Microsoft, and the other clsid is 5F810AFC-BB5F-4416-BE63-E01DD117BD6C, which is the Music Jukebox control from Yahoo.

The most recent ActiveVoice exploit seems to be from about June 2007, but the most recent JukeBox exploit is from Feb 2008, so that's kind of interesting.  read more »

Hi folks,

As you've probably noticed, Storm is back for Christmas. There are only two noteworthy points about it.

The first is that they've added another fairly new exploit to it, and that is for something called GomPlayer, or the Gretech Online Movie Player, which is apparently very popular in South Korea.

The exploit is from October 2007, and is explained here, http://www.milw0rm.com/exploits/4579, but the key point is that if you're using GomPlayer, you're potentially vulnerable.  read more »

Note: One of our users, John Thomson (no relation as far as I know :-) ) noticed this first and brought it to our attention. His blog entry is here ...
http://www.roundtripsolutions.com/blog/2008/02/06/317/forth-road-bridge-website-hacked/

Sorry John! :-)

Hi folks,

Sometime between the 1st Feb 2008, and the 3rd of Feb 2008, the official website for the Forth Estuary Transport Authority was hacked an obfuscated iframe, using Neosploit encoding, was injected.  read more »

Hi folks,

In a previous entry I suggested that we'd probably never know how the uc8010.com mass hack occurred unless one of the website victims told us, and that the chances of that were about the same as flying pigs. Guess what ... it turns out that some people do have the right combination of nerve, public spirit, and willingness to share about security matters... so... pigs _can_ fly, and now we know how it happened. I _did_ promise it was off the record, so we can't share it further, but at least we know. Bravo to that person!  read more »

I'm kidding, I'm kidding!!!!!!!

Update number 2: Feb 26, 2008, 6:30am est

Dang, that was quick. Some of the sites, such as St Kilda, and the Geelong Cats sites, are now correctly marked as clean. They're not all correct though ... the Brisbane Lions site is still incorrectly marked as dangerous, for example, but that was still quick for the others, and we hope that all will shortly be corrected. Shout-outs to google for reacting quickly!

Update number 1:  read more »

Hi folks,

hat-tip to Ståle Fagerland of Norman for noticing this article...

http://joongangdaily.joins.com/article/view.asp?aid=2886846  read more »

Correction: Sorry folks... there's so much happening at the moment, I've merged a couple of kits in my mind. It's not a mix of vbscript and javascript. It's just javascript, and thus far, we've only seen one exploit come out of it ... a mouldy, old MS06-014, although we expect there are more than that. The rest of the write-up is reasonably accurate, and we'll continue to correct things as we find more.

Hi folks,  read more »

Company is poised to weather tough economy with diverse portfolio and strong customer base, analysts say.

TippingPoint held another contest last week, which involved hacking a couple of fully patched Apple products, like the Apple MacBook Air. Reportedly it was hacked under two minutes by Charlie Miller's team. And guess what?  read more »

or at least the Idaho variant.

Hi folks,

One of our in-house jokes is that the only real way to be safe on the Internet is to sell all your computers and move to Montana.

Regretably, today we noticed that the innocent and bucolic sounding boise.com was showing up as carrying a link to a known exploit site.

Thinking it couldn't possibly be so, we went to look at the website thusly...  read more »

Note: One of our users, John Thomson (no relation as far as I know :-) ) noticed this first and brought it to our attention. His blog entry is here ...
http://www.roundtripsolutions.com/blog/2008/02/06/317/forth-road-bridge-website-hacked/

Sorry John! :-)

Hi folks,

Sometime between the 1st Feb 2008, and the 3rd of Feb 2008, the official website for the Forth Estuary Transport Authority was hacked an obfuscated iframe, using Neosploit encoding, was injected.  read more »

Hi folks,

I keep getting requests offline for more innocent searches, so here are some from the last couple of days. Enjoy...

coal furnace with gas insert - fake codec
road trip - neosploit
pearl shop - neosploit
high capacity battery pack - fake codec/ rootkit
eyelashes + adhesive - fake codec
camping turon gate - fake codec
greenville gremlins - fake codec
blueberry jam - mpack/ icepack
school closings in illinois parents - search engine hijack
las vegas wedding photographers - mdac  read more »

TippingPoint held another contest last week, which involved hacking a couple of fully patched Apple products, like the Apple MacBook Air. Reportedly it was hacked under two minutes by Charlie Miller's team. And guess what?  read more »