128 matches found
Microsoft Aims to Make Life Harder, More Expensive For Attackers
MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...
Android Malware Increasing, AutoRun Attacks Still Prevalent
The recent trend of attackers focusing their attention on mobile platforms such as Android, Symbian and iOs is continuing to accelerate, researchers say, and the threats to smartphones are becoming more and more sophisticated and dangerous. Android is becoming the focus of much of the attention...
Easily Exploitable Bugs Becoming a Precious Commodity
There has never been more focus on security than there is right now, whether it’s from software vendors looking to eliminate flaws in their products, from attackers looking to exploit those flaws or from customers who are sick of having their PCs compromised. And as the focus has intensified in...
Dino Dai Zovi on Return-Oriented Exploitation and Bug Bounties
Dennis Fisher talks with independent security researcher Dino Dai Zovi about his upcoming Black Hat talk on return-oriented exploitation, the value of exploit mitigations such as DEP and ASLR, the new crop of vendor bug bounties and why we don’t have any good data on zero-day attacks. Podcast aud...
Dedicated Attackers Will Always Win
Despite the multitude of anti-exploit mitigations built into modern operating systems ASLR, DEP, Sandboxing, hackers were able to compromise every major target this year. This is confirmation that dedicated attackers with the right financial motivation, will almost always find a way to break into...
Researchers Finding New Ways to Bypass Exploit Mitigations
VANCOUVER–Software makers, led by Microsoft, have spent the last few years steadily adding new memory-protection and exploit-mitigation technologies such as ASLR, DEP and SafeSEH to their products. But the state of the art in exploitation has advanced just as steadily and, as researchers showed a...
Mozilla Firefox Hacked at Pwn2Own Contest
VANCOUVER, BC — The first day of the CanSecWest Pwn2Own hacker challenge wrapped up here today with a familiar face going after a familiar target. And, for the second year in a row, a German hacker known simply as “Nils” exploited a previously unknown vulnerability in Mozilla Firefox to take...
As Memory Protections Advance, Exploits Stay a Step Ahead
SAN FRANCISCO–Despite years of efforts by software security teams at major vendors to harden the operating systems and browsers that are the most common targets of attackers, exploitation of new as well as older vulnerabilities is still simpler than many people might think. Microsoft, Mozilla,...