Author Archives: Slippery Slim

What to do about the compromise of digital certificates?

I have no answers for the question, just examples and other questions. If you’ve been living under a rock the last year, malware writers have been finding holes to use digital certificates to slip in to computers. What are digital certificates? From Webopedia: An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. http://www.webopedia.com/TERM/D/digital_certificate.html The Certificate Authority(CA) issues an encrypted message with a digital public key along with other information. The implication above …

Continue reading

Posted in Thoughts.

Researchers Warn of New Windows 7 Vulnerability

Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim’s machine. “A vulnerability has been discovered in Microsoft Windows 7, which can be exploited by malicious people to …

Continue reading

Posted in Thoughts.