securitybananas.com

Security news from all over the world

Archive for the 'Vulnerabilities' Category

SSL/TLS Re-negotiation attack movie

November 23rd, 2009 | Category: General,Vulnerabilities

My dear friend Ivan Buetler from Compass & Hacking-LAb posted a movie of the SSL/TLS re-negotiation attack on his site.

Have a look here

Great work and thanx for sharing!

No comments

OpenSSH 5.2 zero day exploit code to be released

July 20th, 2009 | Category: 0-day exploits,Vulnerabilities,exploits

On the full disclosure list the following posting was made:

Dear Reader,
In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It
will be posted to the Full-Disclosure security list.
Soon, the very foundations of Information Technology and Information Security will be unearthed as millions upon million of systems running ANY
version of OpenSSH are compromised by wave after wave of script-kiddie and malicious hacker.

Within 10 hours of the initial release of the OpenSSH 0-day exploit code, anti-sec will be unleashing powerful computer worm source code with the
ability to auotmatically find and compromise systems running any and all versions of OpenSSH.

This is an attack against all White Hat Hackers who think that running a Penetration Test simply searching for known vulnerabilities is all they have
to do in order to receive their payment. Anti-sec will savor the moment when White Hat Hackers are made to look like fools in the eyes of their clients.

Sincerely,

anti-sec

Any updates or activity or exploit code to investigate is/are welcome

No comments

Google fixes flaws in Chrome

July 20th, 2009 | Category: Bananas,Vulnerabilities

New versions of Google Chrome are out, fixing bugs and patching security holes in both the stable build and the beta build.

Two serious security flaws have been plugged. One had allowed for malicious code exploitation within the Chrome tab sandbox. Found by the Google security team, the threat was serious enough that Google has declined to be more specific until “a majority of users are up to date with the fix,” the company said in a blog post on Thursday.

A second security risk caused by memory corruption was found in the browser tab processes. It could have been used to run arbitrary code that would crash all of the browser tabs, creating a second security hole through which an attacker might be able to run code with the privileges of the logged-on user.

http://googlechromereleases.blogspot.com/2009/07/stable-beta-update-bug-fixes.html

No comments