A worm is currently spreading on jailbroken iPhones, exploiting the hardcoded root account exposed by the SSH server. Jailbreaking an iPhone (or an iPod Touch) consists in getting out of the sandbox the user and his applications normally run into, […]

An email which seems to come from the Facebook team has been circulating for a few days. Its attachment is yet another variant of the Bredolab downloader, already known for installing other malware (Waledac, Daurso, Koobface, etc). Here is an […]

Two weeks ago, Microsoft fixed (Ref Lexsi 12420) a flaw disclosed at the Black Hat by Moxie MarlinSpike in late July regarding X.509 certificates which did not get a big attention. The flaw itself is simple: most libraries handling X.509 […]

Microsoft has just released its security bulletins for September. Eight vulnerabilities have been fixed, all rated critical. The 0-day affecting IIS has not been fixed. MS09-045: vulnerability in the Windows JScript scripting engine (Ref Lexsi 12234) MS09-046: vulnerability in the […]

Yesterday, a vulnerability (Lexsi Ref. 12225) announced as a remote denial of service affecting Microsoft Windows Vista, Seven and 2008 has been published by a security researcher. It affects the driver for the SMBv2 protocol, a new version of the […]