tavisormandy
Latest
Blizzard games were vulnerable to a remote hijacking exploit
Fans of Blizzard games might have dodged a bullet. Google security researcher Tavis Ormandy has revealed that virtually all the developer's titles (including Overwatch and World of Warcraft) were vulnerable to a DNS rebinding flaw that let sites hijack the Blizzard Update Agent for their own purposes. Intruders had to do little more than create a hostname their site was authorized to communicate with, make that resolve to the target of their choice (such as the victim's PC) and send requests to the agent. From there, they could install malicious files, use network drives or otherwise create havoc.
Critical security flaws found in LastPass on Chrome, Firefox (updated)
Last year Google Project Zero researcher Tavis Ormandy quickly found some "obvious" security problems in the popular password manager LastPass, and now he's done it again. Last week Ormandy mentioned finding an exploit in one version of its extension for Firefox, before following that up with a new bug that affected both Chrome and Firefox, and finally a third vulnerability that could allow "stealing passwords for any domain."
Google engineer finds holes in three 'secure' browsers
It appears no anti-virus or security software is safe from Google Project Zero researcher Tavis Ormandy. After recently exposing holes in products from Trend Micro and AVG, the bug hunter has recently gone public with three issues found in software offered by security firms Avast, Comodo and Malwarebytes that allow attackers to access unsuspecting users' PCs.
Ancient DOS bug gets squashed
What can we say about you, DOS? You've rocked the personal computer world and changed the way we all feel about white on black console screens. Your retirement is a well deserved one and... wait, you're getting a patch? Amazingly, Microsoft is fixing a bug that has existed in the Windows Virtual DOS Machine (VDM) subsystem since it was added to Windows NT way back in the simple days of 1993, when flannels were everywhere and 32 bits were more than we knew what to do with. Google engineer Tavis Ormandy found the exploit a few weeks ago, which grants an attacker the ability to run code in kernel mode, and a critical update has been issued to fix this most aged of vulnerabilities. Perhaps now, DOS, your work is finally done.