Netragard’s SNOsoft Research Team discovered an exploitable buffer overflow vulnerability in Apple’s Core Image Fun House version <= 2.0 on OS X. Netragard notified apple and released a formal advisory that can be found here. Proof of concept is included in the advisory.
I realize that it has been a while since I’ve written anything to our blog and I assure you its because our team has been busy. With that said, we’ve been sitting on a few vulnerabilities that were discovered a while ago waiting for the vendor to release patches. Those vulnerabilities are going to be…Details
Back in early 2000, Kevin Finisterre and I were talking about HackerSafe and the risks that it posed to its customers. Primarly, if hackers monitor all HackerSafe websites they will know when to attack a site based on the presence of the HackerSafe logo. Another issue that we have with HackerSafe like services is that…Details
For quite some time I’ve been giving speeches and talking about the physical damages that malicious hackers could cause with a well crafted cyber attack. I’ve discussed how vulnerable our (the world’s) core infrastructure is and how easily it could be disabled. As a result many people have called me a conspiracy theorist, or accused…Details
Netragard’s CTO was quoted in the following article titled “2007: How was it for Apple”. Here’s the article and here’s the quote: Adriel Desautels, chief technology officer for security company Netragard and founder of the SNOSoft research team, said: “If OS X had the same installed base as Windows, Linux and other systems, it would…Details
Netragard’s SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. The first vulnerability discovered is a command injection vulnerability that affects several of the default Stored Procedures. Specifically, it is possible to execute system commands as the root user by inserting a series of…Details
When legitimate security researchers notify technology vendors about security flaws in their technology, the best thing that the vendor can do is to welcome the information with open arms. When a vendor reacts with hostility it appears as if the vendor is attempting quash the security research instead of resolving the vulnerabilities identified by the…Details