Tag Archives: ASLR

Microsoft Patches Plug 23 Security Holes

August 13, 2013

Microsoft has issued security updates to fix at least 23 distinct vulnerabilities in its Windows operating systems and other software. Three of the patch bundles released today address flaws rated “critical,” meaning that malware or miscreants can use them to break into Windows PCs without any help from users.

Windows Security 101: EMET 4.0

June 18, 2013

Several years ago, Microsoft released the Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help Windows users beef up the security of third-party applications. This week, Microsoft debuted EMET 4.0, which includes some important new security protections and compatibility fixes for this unobtrusive but effective security tool.

Internet Explorer Users: Please Read This

September 18, 2012

Microsoft is urging Windows users who browse the Web with Internet Explorer to use a free tool called EMET to block attacks against a newly-discovered and unpatched critical security hole in IE versions 7, 8 and 9. But some experts say that advice falls short, and that users can better protect themselves by using an alternative browser until Microsoft can issue a proper patch.

How to Break Into Security, Grossman Edition

July 9, 2012

I recently began publishing a series of advice columns for people who are interested in learning more about security as a craft or profession. For the third installment in this series, I interviewed Jeremiah Grossman, chief technology officer of WhiteHat Security, a Web application security firm.

A frequent speaker on a broad range of security topics, Grossman stressed the importance of coding, networking, and getting your hands dirty (in a clean way, of course).

Security Group Claims to Have Subverted Google Chrome’s Sandbox

May 9, 2011

A French security research firm boasted on Monday that it had discovered a two-step process for defeating Google Chrome’s sandbox, the security technology designed to protect the browser from being compromised by previously unknown security flaws. Experts say the discovery, if true, marks the first time hackers have figured out a way around the vaunted security layer, and almost certainly will encourage attackers to devise similar methods of subverting this technology in Chrome and other widely used software.

In an advisory released today, VUPEN Security said “We are (un)happy to announce that we have official Pwnd Google Chrome and its sandbox.” The post includes a video showing the exploitation of what VUPEN claims is a previously undocumented security hole in Chrome v.11.0.696.65 on Microsoft Windows 7 SP1 (x64).

Exploit Published for New Internet Explorer Flaw

December 23, 2010

Hackers have released exploit code that can be used to compromise Windows PCs through a previously unknown security flaw present in all versions Internet Explorer, Microsoft warned today.

Dave Forstrom, director of trustworthy computing at Microsoft, said the software giant is not aware of any attacks via this flaw attack customers, “given the public disclosure of this vulnerability, the likelihood of criminals using this information to actively attack our customers may increase.”