4 posts tagged with security by These Premises Are Alarmed.
Displaying 1 through 4 of 4.
ms12-020 mistery: the packet stored in the "chinese" rdpclient.exe PoC is the EXACT ONE I gave to ZDI!!! @thezdi? @microsoft? who leaked?
Included in this month's Patch Tuesday was MS12-020, which is a remote exploit in Microsoft's widely deployed Remote Desktop Protocol (RDP). Microsoft projected an exploit would be out 'within a month', but a Proof-of-Concept (PoC) appeared on a Chinese website within a few days. Professionals are concerned. The discoverer of the vulnerability noted that the PoC included the exact packet he had crafted to help Microsoft understand he issue; this points to a leak in the MAPP early vulnerability sharing program. A full remote exploit isn't out yet, but is expected soon.
Security reporter Brian Krebs [previously] visits Russian illicit online prescription baron Pavel Vrublevsky.
Theo de Raadt: I have received a mail regarding the early development of the OpenBSD IPSEC stack. It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack, in particular the IPSEC stack. [more inside]
The embargo has been lifted on the newest research on growing internet infrastructure insecurity. Using an army of Playstations, researchers have managed to forge a RapidSSL (owned by Verisign) CA certificate in a couple hours due to known flaws in MD5.