«
Expand/Collapse
22 items tagged "cache"
Related tags:
zero day [+],
zero [+],
usa [+],
type safety [+],
internet explorer user [+],
day [+],
corruption [+],
cakephp [+],
vulnerabilities [+],
sendfile [+],
security advisory [+],
search [+],
ram [+],
proof of concept [+],
privilege [+],
poisoning [+],
manipulations [+],
google cache [+],
google [+],
gentoo linux security [+],
freebsd [+],
cpu cache [+],
cpu [+],
concept implementation [+],
chaos communication congress [+],
caches [+],
blackhat [+],
bind [+],
vulnerability [+],
txt [+],
tool [+],
timing [+],
tgz [+],
slides [+],
sensepost [+],
perl [+],
open [+],
nonmanagedconnectionfactory [+],
marco slaviero [+],
malaysia [+],
local privilege escalation [+],
local information [+],
jboss [+],
information disclosure vulnerability [+],
hack in the box [+],
gold [+],
finding gold [+],
federal agencies [+],
federal [+],
exploit [+],
escalation [+],
delivery [+],
cache cache [+],
bugtraq [+],
browser cache [+],
browser [+],
black hat [+],
authors [+]
-
-
![Permalink for '[Video] FrozenCache'](/themes/lilina/web//media/mark_off.gif)
21:42
»
SecDocs
Authors:
Juergen Pabel Tags:
forensic Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Cold boot attacks are a major risk for the protection that Full-Disk-Encryption solutions provide. FrozenCache is a general-purpose solution to this attack for x86 based systems that employs a special CPU cache mode known as "Cache-as-RAM". Switching the CPU cache into a special mode forces data to held exclusively in the CPU cache and not to be written to the backing RAM locations, thus safeguarding data from being obtained from RAM by means of cold boot attacks. A Proof-of-Concept implementation for Linux will be demonstrated and implementation details discussed.
-
-
21:37
»
SecDocs
Authors:
Juergen Pabel Tags:
forensic Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Cold boot attacks are a major risk for the protection that Full-Disk-Encryption solutions provide. FrozenCache is a general-purpose solution to this attack for x86 based systems that employs a special CPU cache mode known as "Cache-as-RAM". Switching the CPU cache into a special mode forces data to held exclusively in the CPU cache and not to be written to the backing RAM locations, thus safeguarding data from being obtained from RAM by means of cold boot attacks. A Proof-of-Concept implementation for Linux will be demonstrated and implementation details discussed.
-
-
16:50
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.
-
16:50
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.
-
16:50
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.
-
-
22:01
»
Packet Storm Security Tools
go-derper.rb is a tool for hacking memcached servers, released as part of our BlackHat USA. It uses elements of the memcached protocol to derive full lists of keys stored on the memcached server, and can therefore extract the contents of the cache. In addition, it also supports basic searching of retrieved data via user-configurable regular expressions, fingerprinting of multiple caches, monitoring usage in caches as well as basic cache content manipulations such as value insertion, overwrites and deletion.
-
14:53
»
Packet Storm Security Tools
go-derper.rb is a tool for hacking memcached servers, released as part of our BlackHat USA. It uses elements of the memcached protocol to derive full lists of keys stored on the memcached server, and can therefore extract the contents of the cache. In addition, it also supports basic searching of retrieved data via user-configurable regular expressions, fingerprinting of multiple caches, monitoring usage in caches as well as basic cache content manipulations such as value insertion, overwrites and deletion.
-
-
20:00
»
Packet Storm Security Exploits
FreeBSD mbufs() sendfile cache poisoning local privilege escalation exploit that throws a setuid shell in /tmp. Works on 7.x and 8.x builds prior to 12Jul2010.
-
-
21:03
»
Packet Storm Security Tools
Download Indexed Cache is a proof of concept script that implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the Search Engine Reconnaissance section of the OWASP Testing Guide version 3.
-
21:02
»
Packet Storm Security Recent Files
Download Indexed Cache is a proof of concept script that implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the Search Engine Reconnaissance section of the OWASP Testing Guide version 3.
-
-
22:00
»
Packet Storm Security Recent Files
Gentoo Linux Security Advisory 201006-11 - Several cache poisoning vulnerabilities have been found in BIND. Multiple cache poisoning vulnerabilities were discovered in BIND. Versions less than 9.4.3_p5 are affected.
-
22:00
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201006-11 - Several cache poisoning vulnerabilities have been found in BIND. Multiple cache poisoning vulnerabilities were discovered in BIND. Versions less than 9.4.3_p5 are affected.
-
-
12:00
»
Packet Storm Security Advisories
Perl Cache-Cache version 1.06 suffers from an insecure permission vulnerability.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution