25 matches found
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada, on January 27, 2026, at 1:30 PM ET. I’m speaking at the Université de Montréal in Montreal, Quebec, Canada, on January 29, 2026, at 4:00...
Ross Anderson
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I cant remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and...
Xen Security Vulnerabilities
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen 4.14...
Feds Take Down 13 More DDoS-for-Hire Services
The U.S. Federal Bureau of Investigation FBI this week seized 13 domain names connected to "booter" services that let paying customers launch crippling distributed denial-of-service DDoS attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when...
Cambridge Xen 信息泄露漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. An information disclosure vulnerability exis...
Exim Out-of-Bounds Read Vulnerability
Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from an out-of-bounds read vulnerability that stems from pdkimfinishbodyhash not validating the relationship between sig-bodyhash.len and b-bh.len, which can be...
Exim out-of-bounds read vulnerability (CNVD-2021-34537)
Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. An out-of-bounds read vulnerability exists in smtpsetupmsg in Exim, which can be exploited by an attacker to obtain sensitive information from process memory via an SMTP client...
Exim 缓冲区错误漏洞
Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from a buffer overflow vulnerability. The vulnerability stems from a "-F" handling error in parsefixphrase. No details of the vulnerability are available at this tim...
amantuuh.socanth.cam.ac.uk Cross Site Scripting vulnerability OBB-1250758
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
platonism.divinity.cam.ac.uk Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1186453 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Career Choice Tip: Cybercrime is Mostly Boring
When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of...
Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections
A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From...
Hard Pass: Declining APT34’s Invite to Join Their Professional Network
Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers a...
idiscover.lib.cam.ac.uk XSS vulnerability
Open Bug Bounty ID: OBB-682742 Description| Value ---|--- Affected Website:| idiscover.lib.cam.ac.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
nena.ames.cam.ac.uk XSS vulnerability
Open Bug Bounty ID: OBB-264974 Description| Value ---|--- Affected Website:| nena.ames.cam.ac.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Security and Human Behavior (SHB 2017)
I'm in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myself. The 50 or so people in the room include...
trinhall.cam.ac.uk XSS vulnerability
Vulnerable URL: http://www.trinhall.cam.ac.uk/contact/contact-directory.asp?searchType=fellows=xss4=2='"--!=Search+Fellows Details: Description| Value ---|--- Patched:| Yes, at 22.02.2017 Latest check for patch:| 22.02.2017 15:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
koo.corpus.cam.ac.uk XSS vulnerability
Vulnerable URL: http://koo.corpus.cam.ac.uk/mixerton/mixertones/spec.php?usecode=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:55 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
data.lib.cam.ac.uk XSS vulnerability
Vulnerable URL: http://data.lib.cam.ac.uk/record.php?uri=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Googl...
Expert Warns of Chip-and-PIN Pitfalls
LAS VEGAS – The inevitable changeover from magnetic strip-based payment cards to EMV, or chip-and-PIN, is coming for consumers and merchants in the United States. And coming along with it are a raft of weaknesses and real-world attacks that shoot holes in the presumption that EMV will remedy cred...