New analysis method discovers eleven security flaws in popular Internet browsers

“It is time for the Internet community to start addressing the more difficult, deeper security problems,” says Wenke Lee, professor in the School of Computer Science and an adviser to the team. “The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on ‘stack overflow’ and ‘heap overflow’ bugs, but these have now become relatively easy problems. Our work studied the much harder and deeper bugs — in particular ‘use-after-free’ and ‘bad casting’. Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions. (Science Daily)

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks)

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. Using KillerBee tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the KillerBee framework, you can build your own tools, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more. (Toolwar)

Automated voice imitation can defeat voice-recognition security

People often leave traces of their voices in many different scenarios. They may talk out loud while socializing in restaurants, giving public presentations or making phone calls, or leave voice samples online. Using an off-the-shelf voice-morphing tool, the researchers developed a voice impersonation attack to attempt to penetrate automated and human verification systems. (Hoomeland Security News Wire)

(jatkuu..)