Security News #0x6A
- Do you want to know some more about reverse engineering MS 10-058, a Windows memory corruption bug? Take a look at the work of Jérémy Fetiveau.
- Spider Labs has a nice piece on a double free vulnerability in Flash (CVE 2014-0502) caused by some multi-threading in Flash Player.
- Some 162,000 WordPress sites were apparently co-opted into a DDoS attack through their pingback feature. Daniel Cid has a discussion over on the Sucuri Blog, and the Spider Labs Blog has some technical details. You may also want to take a look at Brian Krebs’ take. He is not just a reporter here; his site was on the receiving end of one of these attacks.
- Threatpost reports that a weak random number generator in iOS 7 reduces the effectiveness of ASLR on the platform. Azimuth Security has some of the details.
- And if you are not following the Pwn2Own competition, you can catch up a bit at Ars Technica.
- Mari Huertas picked up on a comment of Tim Berners-Lee at a recent Reddit AmA, and has now declared him the "winner of the Internet". After the laughter subsides, you might want to read the summary Time magazine wrote on the 25th anniversary.