Security Labs

Websense.com / Security Labs / Blogs / March 2009

Blog

Blogs

The Websense Security Labs Blog delivers the most current information about breaking security research topics and today's advanced Internet threats.  Websense Security Labs investigates and publishes information about outbreaks, new threats and other relevant Web security topics to protect organizations from converging risks to their data from Web, email and user based attacks.

Go to the new Security Labs Blog

This Month in the Threat Webscape

03.11.2009 - 6:30 PM

Month of February 2009

This month brings us more malvertising incidents placed on reputable news sites where the threat lurks within the revolving third-party ad network. Also this month, a ton of major browser exploits (an IE exploit was reverse-engineered from Microsoft's patch), a severe Adobe PDF Acrobat/Reader zero-day (be careful when opening that PDF!), and just about a million other security incidents scattered across the globe, once again illustrating just how dangerous the 2.0-Web can be.


Read more »

Malcrafted SWF Threat in the Wild

03.10.2009 - 4:40 PM
Websense Security Labs has seen a new SWF threat thriving in the wild recently. SWF files have become increasingly popular in the 'net world. A great many Web sites use SWF files to show wonderful content to customers. Because SWF files can do a lot, they leave openings for the bad guys. Recently, we have noticed a trend showing the bad guys using SWF files to redirect users. What's amazing to us is that traditional antivirus software is showing zero detection of this problem.
Read more »

Who redirected us to the shellcode?

03.10.2009 - 11:25 AM
Whenever we find Web sites, pdfs, Microsoft Office files, or Flash files that host exploits based on a heap spray, we get the question: How can I determine which module and which assembly command redirected the execution to the shellcode? The answer can often be found in a fairly simple way: Do a call stack review! Let's walk through an example showing this type of investigation with my favorite 32-bit user-mode debugger: OllyDbg
Read more »

Three Major Attack Papers of 2008

03.02.2009 - 8:00 AM
My name is Erik Buchanan, and I recently joined the Websense® Security Labs™. For the last two years I've been a masters student at UC San Diego, focusing on computer security in systems and networks in the Systems and Networking Group. Because there is often a gap between academic research and industry, I'm going to be issuing a few blogs highlighting academic security papers I found to be interesting, and from which I think members of the security community would benefit.

Here I will focus on some of the major attack papers of 2008. The first is one of the biggest ancient vulnerabilities announced in 2008 - the design flaw in the mechanism in DNS that keeps malicious hosts from associating their IP address with a target domain name. The second paper is from Princeton, and the compressed air and liquid nitrogen are what make it cool. Finally, a paper from my alma matter shows creativity in interdisciplinary security research.


Read more »

Previous Posts

March 2009

03.11.2009 This Month in the Threat Webscape »
03.10.2009 Malcrafted SWF Threat in the Wild »
03.10.2009 Who redirected us to the shellcode? »
03.02.2009 Three Major Attack Papers of 2008 »

Archives

+ February 2009
+ January 2009
+ December 2008
+ November 2008
+ October 2008