Why Common Vulnerability Scanning Practice is Useless?

I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful!  Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional […]

The Only Reason A System Has Not Been Hacked!

Real hackers do not randomly find a flaw in a system. There is a systematic approach to hack a system! Regardless of size and type of an online entity and its online presence, a giant company with ten thousand of employee, or a home user of the Net, the only reason a system (may) have […]

Microsoft Windows Huge Text Processing Instability

SECURE TARGET (Security Advisory October 17, 2004) Topic: Microsoft Windows Huge Text Processing Instability Discovery Date: October 14, 2004Original Advisory External Links: VULDB, Full-Disclosure, BugTraq, SICHERHEITSLüCKEN, Addict3d, Ls, Der Keiler, Seifried, NetSys, Mail Archive, SecLists, Neohapsis, Checksum, Network Security, Virus, DoddsNet, ReadList, Mega Security, Security Trap, Virovvch, DevArchives Affected applications and platforms: Notepad, NotePad2 and […]

PerfectNav Crashes IE

Secure Target Network (Security Advisory February 25, 2004) Topic: PerfectNav Crashes IE Discovery Date: February 24, 2004 Original Advisory External: Full-Disclosure, BugTraq, Security Tracker, xforce, SANS Affected applications and platforms: Microsoft Internet Explorer 6 Service Pack 1 and older versions Introduction: PerfectNav is designed to redirect your URL typing errors to PerfectNav’s web page. Bundled […]

New IE Thread crashes by WU

Secure Target Network (Security Advisory December 31, 2003) Topic: New IE Thread crashes by WU Discovery Date: December 30, 2003 Original Advisory External: Full-Disclosure Affected applications and platforms: Microsoft Internet Explorer 6 Service Pack 1 Introduction: Any time you open your Windows Update (WU / wupdmgr.exe) and go to “Scan for Updates”; it takes a […]

Microsoft Outlook PST Exposure

Secure Target Network (Security Advisory August 31, 2003) Topic: Microsoft Outlook PST Exposure Discovery Date: August 28, 2003 Original Advisory External: Zone-h, Security Tracker, openwall, Full-Disclosure Affected applications and platforms: All versions of Outlook on any Windows platform Introduction: everyone work with .pst files, storing and managing his/her Outlook Data transparently under Microsoft Outlook. A […]

Recycle Bin Unavailability of Service

Secure Target Network (Security Advisory July 24, 2003) Topic: Recycle Bin Unavailability of Service Discovery Date: July 24, 2003Original Advisory External: VulnDiscuss, List, openwall —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 Secure Target Network (Security Advisory August 04, 2003) Topic: Recycle Bin Unavailability of Service Discovery date: July 24, 2003 Affected applications and platforms: Windows XP […]

OE DBX Exposure

Secure Target Network (Security Advisory October 27, 2002) Topic: OE DBX Exposure Discovery date: October 02, 2002 Discovered by: Kaveh Mofidi External: Security Tracker, Bugtraq, Secunia Affected applications and platforms: All versions of Outlook Express on any Windows platform Introduction You already worked with .dbx files, storing and managing your messages under OE. A default […]