Our founder, Adriel Desautels, comments about purchasing exploits in this Forbes article. The article also outlines a new business called WabiSabiLabi that is attempting to gain traction in the exploit market by using an e-bay like bidding structure. While this seems like a good idea at first glance the idea will face significant trust problems…
SNOsoft has discovered a high risk vulnerability in Maia Mailguard version 1.0.2 that makes it possible for an attacker to execute arbitrary commands on the affected system. The advisory will be published on Netragard’s website shortly. Until then users of the Maia Mailguard web application should suspend use or add .htaccess capabilities to the web…
For those of you that are participating in our Exploit Acquisition Program please contact [email protected] for information on how to access our new Secure Internet Live Conferencing (SILC) server for discussing your research in a secure way. Don’t try scanning for the server yourself because you won’t find it and your IP address will be…
We’ve started focusing on the security of appliances that are installed in corporate and government networks. To our amazement most of these appliances are more insecure than the operating systems and software that we’ve (being the security industry) been picking on so aggressively. In fact, we are looking at one appliance right now that is…
Adriel Desautels, Netragard’s CTO was interviewed by ZDNET with regards to his opinion on the security of Apple OSX. Click here to read the interview.
Netragard has released another vulnerability. This time it is a local root compromise using McAfee VirusScan for Mac. Granted this isn’t all that exciting but if you’re at all interested it can be found here.
http://www.netragard.com/pdfs/research/NETRAGARD-20070220.txt
Kevin Finisterre found a FrontBase Database <= 4.2.7. buffer overflow vulnerabilitiy that was recently released by SNOsoft on Netragard's website. This particular vulnerability enables an attacker to gain remote access to a system. The official advisory (that contains working Proof of Concept) can be found here.
The SNOsoft Research Team recently performed a light weight security assessment of the @Mail Webmail product. @Mail is very much like OWA with respect to look, feel and functionality. The result of this research project was the discovery of two bugs in the product. These bugs were released as formal advisories by Netragard and can…
Inspired by Kevin at digitalmunitions who also happens to be the Chief Research Officer at Netragard L.L.C., one of the original founders of SNOsoft, and his current Month of Apple Bugs (MOAB), SNOsoft will be working to produce the Month of Web Application Bugs (MOWAB). Any researchers interested in participating should email me directly at…
