Nenad Vijatov » Security http://blog.vijatov.com xor %ecx,%ecx Thu, 05 Aug 2010 23:14:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Ubuntu Pentest Edition http://blog.vijatov.com/2010/01/15/ubuntu-pentest-edition/ http://blog.vijatov.com/2010/01/15/ubuntu-pentest-edition/#comments Fri, 15 Jan 2010 11:41:00 +0000 Nenad Vijatov http://blog.vijatov.com/?p=116 netinfinity release Ubuntu Pentest Edition …
“Ubuntu pentest edition is primarily designed as a complete system (everyday usage – office, internet etc..) and can be used in pentesting purposes, which is a big advantage because you do not need to have a dual boot or use a virtual machine to run the system for pentest.”
Try it … link.

]]> http://blog.vijatov.com/2010/01/15/ubuntu-pentest-edition/feed/ 0 Sinergija 09 http://blog.vijatov.com/2009/10/11/sinergija-09/ http://blog.vijatov.com/2009/10/11/sinergija-09/#comments Sun, 11 Oct 2009 20:57:11 +0000 Nenad Vijatov http://blog.vijatov.com/?p=110 I will have a technical speak at Sinergija 09 about BitLocker & BitLocker to Go in Windows 7.
Title of presentation is Fighting stealers with BitLocker.

]]> http://blog.vijatov.com/2009/10/11/sinergija-09/feed/ 0 Security Researcher Acknowledgments for Microsoft Online Services http://blog.vijatov.com/2009/09/01/security-researcher-acknowledgments-for-microsoft-online-services-4/ http://blog.vijatov.com/2009/09/01/security-researcher-acknowledgments-for-microsoft-online-services-4/#comments Tue, 01 Sep 2009 06:40:32 +0000 Nenad Vijatov http://blog.vijatov.com/?p=106 … for July and August.
Thanks to Microsoft Security Response Center.

]]> http://blog.vijatov.com/2009/09/01/security-researcher-acknowledgments-for-microsoft-online-services-4/feed/ 0 Security Researcher Acknowledgment http://blog.vijatov.com/2009/07/16/security-researcher-acknowledgment/ http://blog.vijatov.com/2009/07/16/security-researcher-acknowledgment/#comments Thu, 16 Jul 2009 13:18:23 +0000 Nenad Vijatov http://blog.vijatov.com/?p=104 … for June 2009.

http://technet.microsoft.com/en-us/security/cc308589.aspx

]]> http://blog.vijatov.com/2009/07/16/security-researcher-acknowledgment/feed/ 0 NetFlow Analyzer 7 Cross-Site Scripting Vulnerabilities http://blog.vijatov.com/2009/07/16/netflow-analyzer-7-cross-site-scripting-vulnerabilities/ http://blog.vijatov.com/2009/07/16/netflow-analyzer-7-cross-site-scripting-vulnerabilities/#comments Thu, 16 Jul 2009 13:14:01 +0000 Nenad Vijatov http://blog.vijatov.com/2009/07/16/netflow-analyzer-7-cross-site-scripting-vulnerabilities/ I’ve discovered some XSS vulnerabilities in NetFlow Analyzer 7.

Link to Secunia SA.

]]> http://blog.vijatov.com/2009/07/16/netflow-analyzer-7-cross-site-scripting-vulnerabilities/feed/ 0 PSCS VPOP3 Email Server Cross-Site Scripting Vulnerabilities http://blog.vijatov.com/2009/03/25/pscs-vpop3-email-server-cross-site-scripting-vulnerabilities/ http://blog.vijatov.com/2009/03/25/pscs-vpop3-email-server-cross-site-scripting-vulnerabilities/#comments Wed, 25 Mar 2009 18:24:44 +0000 Nenad Vijatov http://blog.vijatov.com/?p=64 I’ve discovered new XSS vulnerabilities in PSCS VPOP3 Enterprise Email server, exactly on Web Mail interface. Vulnerability version is 2.6.0j. Vendor is informed but isn’t published fix for this vulnerabilities yet, so for solution use a proxy or IPS to filter malicious characters.

Secunia confirmed and published this vulnerability.

]]> http://blog.vijatov.com/2009/03/25/pscs-vpop3-email-server-cross-site-scripting-vulnerabilities/feed/ 0 Pwn2Own 2009 http://blog.vijatov.com/2009/03/22/pwn2own-2009/ http://blog.vijatov.com/2009/03/22/pwn2own-2009/#comments Sat, 21 Mar 2009 23:11:07 +0000 Nenad Vijatov http://blog.vijatov.com/?p=62 This years Pwn2Own uncover 4 new never seen before critical vulnerabilities affecting the IE8, Safari and FireFox.
More about this contest you can read at DVLabs Blog.

]]> http://blog.vijatov.com/2009/03/22/pwn2own-2009/feed/ 0 Analysis of Conficker http://blog.vijatov.com/2009/03/10/analysis-of-conficker/ http://blog.vijatov.com/2009/03/10/analysis-of-conficker/#comments Tue, 10 Mar 2009 12:02:45 +0000 Nenad Vijatov http://blog.vijatov.com/?p=60 Guys from the SRI International were made really good analysis on the currently most active Virus/Worm, Conficker, also known as Downup, Downadup and Kido.

Analysis can be found at http://mtc.sri.com/Conficker/.

]]> http://blog.vijatov.com/2009/03/10/analysis-of-conficker/feed/ 0 ESET Remote Administrator Script Insertion Vulnerability http://blog.vijatov.com/2009/02/05/eset-remote-administrator-script-insertion-vulnerability/ http://blog.vijatov.com/2009/02/05/eset-remote-administrator-script-insertion-vulnerability/#comments Thu, 05 Feb 2009 16:01:17 +0000 Nenad Vijatov http://blog.vijatov.com/?p=51 Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x  and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.

Secunia confirmed this vulnerability.

Here is CVE ID: 2009-0548.

]]> http://blog.vijatov.com/2009/02/05/eset-remote-administrator-script-insertion-vulnerability/feed/ 0 PSCS VPOP3 Email Server Script Insertion Vulnerability http://blog.vijatov.com/2009/02/02/pscs-vpop3-email-server-script-insertion-vulnerability/ http://blog.vijatov.com/2009/02/02/pscs-vpop3-email-server-script-insertion-vulnerability/#comments Mon, 02 Feb 2009 17:00:17 +0000 Nenad Vijatov http://blog.vijatov.com/?p=49 I found vulnerability in VPOP3 Email server which allows script insertion.
Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability.

Secunia confirmed vulnerability.

]]> http://blog.vijatov.com/2009/02/02/pscs-vpop3-email-server-script-insertion-vulnerability/feed/ 0