Month: June 2005

  • Reverse Engineering Microsoft Patches in 20 Minutes

    [This was originally published on the OSVDB blog.] Halvar posted to the DailyDave mail list today showing a brief flash based demonstration of some of his reverse engineering tools. The presentation shows how one can reverse engineer a Microsoft patch using binary diff analysis, and figure out exactly what the vulnerability is, down to the…

  • Second-Order Symlink Vulnerabilities

    [This was originally published on the OSVDB blog.] While symlink vulnerabilities are not new, Steven Christey from CVE points out a recent trend in “second-order symlink” vulnerabilities. Based on the recent examples published, there is a strong chance many applications have been vulnerable to such attacks in the past.

  • Vulnerabilities and Stock Value

    [This was originally published on the OSVDB blog.] Study: Flaw disclosure hurts software maker’s stockRobert Lemos, SecurityFocus 2005-06-06 The study analyzed the release of 146 vulnerabilities and found that a software company’s stock price decreased 0.63 percent compared to the tech-heavy NASDAQ on the day a flaw in the firm’s product is announced. The study…