Archive

2010年2月 的Archive

CVE-2010-0188, APSB10-07 PDF Exploit demonstration

2010年2月24日 Mars 1 則評論

Adobe Reader has been recently updated to version 9.3.1, fixing a vulnerability for LibTiff  "TIFFReadDirectory" function.

This vulnerability originated from  CVE-2006-3459 was reported by Tavis Ormandy, Google Security Team. Adobe just fixed AcroForm.api file ,but ImageConversion.api still have a vulnerability too.

When program load or insert a crafted TIFF image file,the stack of return-addr and SEH can be overflowed by bad fetching data operation.
閱讀全文…

Categories: Exploits Tags:

Chip and PIN is Broken

2010年2月15日 Mars 1 則評論
Pin and Chip bypass the pin code
Pin and Chip bypass the pin code

EMV is the dominant protocol used for smart card
payments worldwide, with over 730 million cards in circulation.
Known to bank customers as “Chip and PIN”, it is used in
Europe; it is being introduced in Canada; and there is pressure
from banks to introduce it in the USA too. EMV secures
credit and debit card transactions by authenticating both the
card and the customer presenting it through a combination of
cryptographic authentication codes, digital signatures, and the
entry of a PIN. In the following paper  that describe and demonstrate a
protocol flaw which allows criminals to use a genuine card
to make a payment without knowing the card’s PIN, and
to remain undetected even when the merchant has an online
connection to the banking network. The fraudster performs a
man-in-the-middle attack to trick the terminal into believing
the PIN verified correctly, while telling the issuing bank that
no PIN was entered at all.

Research Paper from Cambridge .UK
Categories: General Discuss Tags: