Entries by Shearwater

MS15-034 – HTTP.sys Advisory

By Mark Hofman, Terry Darling, and Simon Treadaway 1- MS15-034 – HTTP.sys Advisory (CVE CVE-2015-1635) Microsoft earlier this week released a patch for both servers and workstations, MS15-034. This patch addresses an issue in the file http.sys. The http.sys file is used by the operating system to accept and process HTTP and HTTPS requests. At […]

GHOST Vulnerability Advisory

By Terry Dolbey and Matt Stiles 1- Background on GHOST Vulnerability CVE-2015-0235 GNU C Library (glibc) is the implementation of the C library used by the GNU project. This library provides the core functionality to Unix and Linux (Nix) based Operating Systems and access to common functions used by applications installed on the Operating Systems. […]

Heartbleed Advisory

Background on CVE-2014-0160 (Heartbleed) Secure Sockets Layer (SSL), and Transport Layer Security (TLS) are cryptographic protocols that are used to provide secure communications between a client and a server, and is most often used to encrypt HTTP traffic. SSL and TLS can also be used to secure other communications protocols including those used by email […]

Discovering information leakage in files

[NOTE: All information was gathered from public websites] Discovering information leakage in files and why it’s important? During the build-up to our recent product launch of “phriendlyphishing.com”, Shearwater Ethical Hacking team (SEH) conducted hefty amounts of research into phishing attacks, and how they are being used to compromise countless individuals, corporations and governments every day. […]