Blog about windows, security, ethical hacking etc.
As all of you probably know, all software has bugs and have to be updated regulary. But, what if you could exploit a software using allowed functions just the way they are supposed to work? This is something that happened to PDF readers (Adobe, Foxit) few days ago.
Didier Stevens proved this concept. Read more on his blog:
After a few months of initial public demonstration of SSL renegotiation vulnerability, there was no widely used exploit/attack. Unfortunately, there is (was) only a matter of time when something like this will happen. Reading Microsoft security advisory 977377, one can speculate that this will happen soon. Since this is not only Microsoft “problem” (SSL and TLS are used in other OS-es), other companies are working to find a solution to.
Microsoft has offered a workaround (disabling SSL/TLS renegotiation) for IIS servers.If you are interested, please read KB article 977377 . Be aware that after you apply this workaround some application will not work as expected (more on this in KB article).
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « May | ||||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
Microsoft Security Response Center Microsoft Malware Protection Center WebSense Security Labs Alerts ECCouncil Hacker Journals Microsoft Security Advisories Latest Exploits