CWSandbox is one of the most comprehensive and full featured platforms for automated malware analysis. In this post, we detail how a malware sample being analyzed by CWSandbox may detect and evade the monitoring functionality of CWSandbox in order to disguise its malicious activities.
Facebook’s new-fangled applications functionality seemed like a ripe opportunity for nasty cross-site scripting bugs. As it turns out, multiple XSS vulnerabilities were present in the fb:swf tag of the Facebook Markup Language.
During an independent audit, I discovered a critical vulnerability in Cosign, a web-based single sign-on (SSO) platform which is currently in use at numerous large universities.
Mozilla’s auto-update system is a feature recently added to Firefox and Thunderbird that promises to bring prompt security updates to users without manual interaction. Unfortunately, this feature contains a vulnerability allowing attackers to hijack the update process and deliver malicious updates, resulting in the victim’s host being compromised.
While arranging my class schedule at the University of Michigan, I discovered a vulnerability in Wolverine Access that allowed unrestricted access to the social security numbers, names, and addresses of every student in the University including recent alumni.
Unless stated otherwise, all material on this site is available under a Creative Commons Share-Alike license. Layout design compliments of Wouter Bolsterlee.