Anti-virus is dead?
Anti-virus or Anti-malware is not dead; it is one of the defense mechanism in a defense-in-depth strategy. Here is the…
Comments Off on Anti-virus is dead?
December 27, 2013
The Saner Journey – some random moments
It took us close to nine months to translate our idea into reality. We had debated the idea (for ANCOR,…
Comments Off on The Saner Journey – some random moments
December 5, 2013
Security is a process
There is no “magic box” security. I can’t buy a device in the market that can be plugged in somewhere…
Comments Off on Security is a process
June 15, 2013
Attacks are real, it would be naïve to think otherwise
All human beings have a part of the good and the bad. At times, bad takes over the good and…
Comments Off on Attacks are real, it would be naïve to think otherwise
May 29, 2013
What are we doing wrong in safeguarding our computer systems?
1. Naïve Belief: Who is interested in my system? Nobody is going to attack me. I haven’t done anything bad…
Comments Off on What are we doing wrong in safeguarding our computer systems?
May 24, 2013
Too much of an expectation?
Is it too much to expect an appropriate answer from Computer Science Engineering graduates for these questions, - What does…
Comments Off on Too much of an expectation?
April 22, 2013
PowerZip Insecure Library Loading Vulnerability
Folks, SecPod Research Team member (Karthik N.) has found a DLL Insecure Loading vulnerability in PowerZip application, which can be…
Comments Off on PowerZip Insecure Library Loading Vulnerability
January 4, 2011
CUPS IPP Use-After-Free Denial of Service Vulnerability Proof of Concept [CVE-2010-2941]
Fellas,
SecPod Research Team member “Veerendra GG” has written a valid working POC to crash CUPS Service. The POC is written based on the information provided in RedHat Bugzilla (CVE-2010-2941) which sends a malformed IPP (Internet Printing Protocol) packets over TCP. For more information on this vulnerability, you can refer here. You can manage these Vulnerabilities with the help of a good Vulnerability Management Tool. Well, inline comments inside the Python script can help you more to figure out how the bug was reproduced to crash the service. The Vulnerability Management System can resolve these issues and keep your infrastructures safe. For brevity, the poc is posted below as well. (more…)
November 17, 2010
Openengine LFI and XSS Vulnerability [0day]
Folks, SecPod Research Team has found one LFI (Local File Inclusion) and XSS flaw in Openengine CMS, which can be…
November 16, 2010
Pecio CMS Cross-Site scripting Vulnerability
Folks, SecPod Research Team member (Antu Sanadi) found persistent XSS flaw in Pecio CMS, which can be used to gain…
Comments Off on Pecio CMS Cross-Site scripting Vulnerability
September 28, 2010