TrueCrypt Audit Cryptanalysis Handed Off to NCC Group

The stagnant TrueCrypt audit stirred to life in the last 24 hours with the announcement that the second phase of the audit, tasked with examining the cryptography behind the open source disk encryption software, will begin shortly. NCC Group’s Cryptography Services has been contracted to do the...

Crowdsourcing a Tool for Application Vulnerability Research

Pulling in security help on a project has traditionally meant either hiring more full-time help, or bringing in an outside consultant. Enterprises and vendors alike, however, are starting to really go outside the perimeter these days and are taking advantage of crowdsourcing. Given the paranoia i...

Mozilla Firefox Array.reduceRight() Integer Overflow Exploit

No description provided by source. Title: Mozilla Firefox Array.reduceRight Integer Overflow Exploit Date: 12 Oct 2011 Author: Matteo Memelli ryujin -AT- offensive-security.com CVE-2011-2371 Full exploit package: http://www.exploit-db.com/sploits/17974.zip html head titleff-i-3-u/title /head body...

Frameset integer overflow vulnerability — Mozilla

Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of colum...

Tom Ptacek at RSA 2010

Ryan Naraine talks with Tom Ptacek of Matasano Security about the current state of the security industry and themes at the RSA Conference...

Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)

/ excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated, to make sure unauthorized processes do not retain control o...