TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... DVLabs and our Zero Day Initiative were credited with discovering 17 Microsoft vulnerabilities in 2006 alone.

DoS and DDoS Yesterday and Today

Over the course of the last six months we at HP DVLabs have received numerous requests for advice, consultation and protection against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.   It should come as no to surprise to any watching the current events of the day that DoS and DDoS attacks are seen ...


Obfuscated Attacks: What You Can't See Will Hurt You

Introduction Obfuscation is the new ‘sexy’ in all things having to do with security these days.  Thank God for that, as I thought people would never stop talking about PCI ...


Network Forensics: A New Era of Visibility

Historic Justification for Forensics Forensics is not a new science nor is it a new discipline within the information security continuum.  Though it is not new we are experiencing an exciting renaissance related to this science that is long overdue.   Forensics as a science has its roots in Rome (like so many amazing things including the author of this blog ...


Slaying The Dragon: An Analysis of the 'Night Dragon' Attack

Introduction: It should come as no surprise for those keeping a watchful eye on the media, the Internet Threat Landscape and certain social media outlets such as Twitter that McAfee, Inc. release ...


ZDI Public Disclosure: EMC

These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010. ZDI-CAN-614 Title: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability Advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Cli ...


ZDI Public Disclosure: Novell

These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010. ZDI-CAN-445 Title: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability Advisory: This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in ...


ZDI Public Disclosure: CA

These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010. ZDI-CAN-342 Title: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability Advisory: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates ...


ZDI Public Disclosure: SCO

These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010. ZDI-CAN-407 Title: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability Advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP dae ...


ZDI Public Disclosure: HP

These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010. ZDI-CAN-418 Title: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability Advisory: This vulnerability allows an attacker to execute remote code on vulnerable installations of the Hewlett-Packar ...


ZDI Public Disclosure: IBM

These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010. ZDI-CAN-374 Title: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability Advisory: This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations o ...


ZDI Public Disclosure: Microsoft

These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010. ZDI-CAN-811 Title: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability Advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. ...


Announcing Pwn2Own 2011

It's that time of year again and the Zero Day Initiative (ZDI) team here at HP TippingPoint is proud to announce the 5th annual Pwn2Own competition is back. We have some exciting additions this year including the first ever vendor sponsorship, new attack surfaces, and even more prizes for competitors. If you're unfamiliar with the contest you can take a look at the archived blog posts from ...