Microsoft Windows .ANI file BITMAPINFOHEADER.biClrUsed bounds check missing

Skypher � Microsoft Windows .ANI file BITMAPINFOHEADER.biClrUsed bounds check missing

What

Adam Shostack here. I’m pleased to announce that at RSA this week, Microsoft is releasing Elevation of Privilege, the Threat Modeling Game. Elevation of Privilege is the easiest way to get started threat modeling. EoP is a card game for 3-6 players. Card decks are available at Microsoft’s RSA booth, or for download here. The deck contains 74 playing cards in 6 suits: one suit for each of the STRIDE threats (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of Privilege). Each card has a more specific threat on it. For example, here’s the 5 of Tampering.

The Security Development Lifecycle : Announcing Elevation of Privilege: The Threat Modeling Game

SAN FRANCISCO – The annual Cryptographers' Panel at the RSA Conference is part state of the union on cryptography and security, and part homage to the pioneers of encryption. It can be a dizzying discussion on hash functions and broken encryption algorithms; a nirvana for nerds. But this year, however, the Shamirs, Rivests and Diffies and Hellmans of the cryptoworld were joined on stage by the National Security Agency, making for a bit of good natured contention as well.

NSA, cryptoexperts jab at RSA Conference Cryptographers' Panel

Custom data types and formats

Another new feature that will be available in the upcoming version of IDA Pro is the ability to create and render custom data types and formats.

Hex blog: Custom data types and formats

Hi everyone, Bryan here. We’ve written here before about Casaba Security’s Watcher tool and how it can help you verify compliance with several of the SDL web application security requirements, such as:

The Security Development Lifecycle : Casaba Releases Watcher 1.3.0 with Added SDL Integration

Hi everyone,

this week we launched the first beta of BinNavi 3.0 to select customers. We are planning to have a beta phase of 8 weeks with the final release of BinNavi 3.0 coming May 1st 2010.

BinNavi 3.0 Feature Preview � blog.zynamics.com

Assured Exploitation Training

This year, Alex Sotirov and I will be teaching our first “Assured Exploitation” training class at CanSecWest. This training class is focused on various topics in advanced exploitation of memory corruption vulnerabilities. This includes a thorough understanding of exploitation mitigations (where they are effective and where they aren’t), heap manipulation, return-oriented programming, and ensuring a clean continuation of process execution so that the application does not crash.

If you have the means, please go to this!

Assured Exploitation Training « …And You Will Know me by the Trail of Bits

Greetings!

If you were at Shmoocon this past weekend, you might remember a talk on Friday, done by Justin Morehouse and Tony Flick, on VMWare Guest Stealing. If you don't, you probably started drinking too early. :)

SkullSecurity � Blog Archive � VM Stealing: The Nmap way (CVE-2009-3733 exploit)

There were some very interesting vulnerabilities fixed this time and two of these were the PowerPoint Viewer 2003 vulnerabilities (CVE-2010-0033 and CVE-2010-0034). As such the vulnerabilities and analysis were simple and very straight-forward, however, an interesting case of how the "CExpParameterValidate::Read(..)" function in ole32.dll is implemented differently across versions of Windows has a big impact on the exploitability and even existence of the vulnerabilities.

OS Dependant PowerPoint Viewer Vulnerabilities - Blog - Blog & News - Company

SMobile Global Threat Center
Study of BlackBerry Proof-of-Concept Malicious
Applications

Huge waste of time.

BB_Final2.pdf (application/pdf Object)