Microsoft uncovered more than 1,800 bugs in Office 2010 by tapping into the unused computing horsepower of idling PCs, a company security engineer said today.
Office developers found the bugs by running millions of “fuzzing” tests, said Tom Gallagher, senior security test lead with Microsoft’s Trustworthy Computing group.
View full post on Security Central – Infoworld
The 29 Central Florida men arrested in a seven-week cybercrime investigation include a military police officer, a hospital administrator and a Tampa man authorities say was abusing the two young daughters of a woman he molested when she was a child.
Product Description
48PORT 10/100 SWITCH 2GIG PERP2SFP LAYER 3 STACKABLE POE… More >>
Linksys by Cisco SFE2010P 48-port 10/100 Ethernet Switch – PoE
Didier Stevens, who probably knows the PDF format better then most and has written some great PDF analysis tools, published a very interesting and concerning blog post [1].
In this post, he outlines how PDFs can be used to execute code. Nothing new you may say… plenty of exploits have done this in the past. This is different: He is not using a vulnerability, but a feature. Evidently, PDFs have the ability to execute code by design. Since this is not an implementation, but a design problem, various PDF readers are vulnerable. In his blog, Didier show a video of the exploit using Adobe’s PDF reader. Adobe’s reader will show a warning and ask the user for permission. However, the wording of this warning may be changed by the attacker. Foxit, a popular alternative to Adobe’s reader, will show no warning.
At this point, Didier does not provide a public PoC exploit. However, he says he is in contact with vendors.
[1] http://blog.didierstevens.com
——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
View full post on SANS Internet Storm Center, InfoCON: green
