Home > Uncategorized > Security News #0x73

Security News #0x73

For Students
  • The folks over at the Trail of Bits have a nice CTF Field Guide. If you are a student looking to get better at this (important!) skill set, then head over there! Just be sure that you give it the time it deserves- they have a lot of material!
Learning More
  • The folks at VUPEN have described in some detail their Pwn2Own attack on Firefox 27 on Windows. The underlying problem, CVE 2014-1512 is a use after free vulnerability in how Firefox responds when available memory is low.
  • There are lots of places you can go to learn about the basics of binary exploitation. The usual story for buffer overflows- overflow a buffer, and some shell code, and point the return to your shell code- can be found in many books and web sites. What happens with ASLR and NX is more complex and less well covered. Well, the folks at Spider Labs have a wonderful blog post aimed at new folks who want to see how to bypass NX and ASLR. Definitely worth a read!
  • Back in #0x71, we mentioned CVE 2014-0515 and its Metasploit module. Well, the folks at HP have a nice technical analysis of the flaw and an exploit that is going around for it.
Industry News
  • Brian Krebs has some important reporting on Shockwave Player. It turns out that (at least until very recently) Shockwave includes a version of Adobe Flash that is not only laughably out of date, but also vulnerable to a number of attacks. Ouch.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: