Month: June 2005

Reverse Engineering Microsoft Patches in 20 Minutes

[This was originally published on the OSVDB blog.] Halvar posted to the DailyDave mail list today showing a brief flash based demonstration of some of his reverse engineering tools. The presentation shows how one can reverse engineer a Microsoft patch using binary diff analysis, and figure out exactly what the vulnerability is, down to the…

June 24, 2005
Second-Order Symlink Vulnerabilities

[This was originally published on the OSVDB blog.] http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0060.html While symlink vulnerabilities are not new, Steven Christey from CVE points out a recent trend in “second-order symlink” vulnerabilities. Based on the recent examples published, there is a strong chance many applications have been vulnerable to such attacks in the past.

June 8, 2005
Vulnerabilities and Stock Value

[This was originally published on the OSVDB blog.] Study: Flaw disclosure hurts software maker’s stockRobert Lemos, SecurityFocus 2005-06-06http://securityfocus.com/news/11197 The study analyzed the release of 146 vulnerabilities and found that a software company’s stock price decreased 0.63 percent compared to the tech-heavy NASDAQ on the day a flaw in the firm’s product is announced. The study…

June 6, 2005