Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

Acknowledgements, bounties, citations, credits, kudos, references, rewards and thanks

Thomas Claburn; The Register; 2018-10-08
Intel's commitment to making its stuff secure is called into question
Security Advisory; Intel Extreme Tuning Utility; 2018-09-11
Intel® Extreme Tuning Utility Privilege Escalation Vulnerability
Thomas Claburn; The Register; 2018-08-22
Microsoft Visual Studio C++ Runtime installers were built to fail
Security Researcher Acknowledgments for Microsoft Online Services – Current Month; Microsoft; 2018-06
June 2018 Security Researchers
Security Advisory; Intel Processor Diagnostic Tool; 2018-06-27
Intel® Processor Diagnostic Tool Privilege Escalation Vulnerability
Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2018-04
April 2018 Security Researchers
Contributors; cURL; 2018-03-14
[RELEASE] curl and libcurl 7.59.0
Gilbert Kallenbach; 01net.com; 2018-02-20
Pourquoi il faut se méfier de Skype et de ses programmes d‘installation
Adrian Branco; 01net.com; 2018-02-19
Microsoft distribue ses mises à jour de sécurité via des liens… non sécurisés
Woody Leonhard; Computerworld; 2018-02-16
Microsoft is distributing security patches through insecure HTTP links
Rene Millman; PC & Tech Authority; 2018-02-15
Skype security flaw 'ignored' by Microsoft could let hackers into your computer
Zack Whittacker; ZDNet; 2018-02-12
Skype can't fix a nasty security bug without a massive code rewrite
Security Advisory; QNAP; 2017-12-08
Security Advisory for DLL Hijacking vulnerability in Qsync for Windows (exe)
Security Advisory; Cisco; 2017-11-15
Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
Catalin Cimpanu; Bleeping Computer; 2017-10-27
Hackers Can Steal Windows Login Credentials Without User Interaction
Acknowledgments – October 2017; Microsoft; 2017-10-10
Defense-in-depth (ADV170017)
The MSRC Top 100 Security Researchers; Microsoft; 2017-08-07
The MSRC Top 100 Security Researchers
Security Advisory; Intel SSD Toolbox; 2017-05-30
Elevation of Privilege in Intel® Solid State Drive Toolbox
Akila Srinivasan, Microsoft Security Response Center; Microsoft; 2016-10-27
The inner workings of the Microsoft Bounty Program: Top 100 Finders for 2016
Security Advisory; Apache OpenOffice; 2016-10-11
Windows Installer Execution of Arbitrary Code with Elevated Privileges
Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2016-09
September & October 2016 Security Researchers
Security Advisory; VMware; 2016-09-13
VMSA-2016-0014
VMSA-2016-0014
Contribute & Reference list; MITRE; 2016-07-29
Contribute – ATT&CK
Reference list – ATT&CK
Catalin Cimpanu; Softpedia; 2016-07-26
Windows 10 Disk Cleanup Utility Abused to Bypass UAC
Contributors; cURL; 2016-07-21
[RELEASE] curl and libcurl 7.50.0
Thanks; cURL; 2016-07-21
cURL – THANKS
Vulnerability note; PuTTY; 2016-07-19
PuTTY vulnerability vuln-indirect-dll-hijack
Security Bulletin; Adobe; 2016-07-12
Adobe Security Bulletin APSB16-25
Will Dormann; CERT/CC; 2016-06-30
Bypassing Application Whitelisting
Security Advisory; cURL; 2016-05-30
cURL – Windows DLL hijacking
iTunes security; Apple; 2016-05-16
About the security content of iTunes 12.4
Security Bulletin; Adobe; 2016-04-07
Adobe Security Bulletin APSB16-10
Comodo Internet Security Release Notes; Comodo; 2016-03-22
Comodo Internet Security Release Notes
Vulnerability Reward Program Hall of Fame; F-Secure; 2016
2016 – Hall of Fame
Customer Advisory; ESET; 2016-02-19
ESET Customer Advisory: Mitigations for vulnerabilities in ESET’s EXE installers
Check Point response to ZoneAlarm DLL injection; Check Point; 2016-02-18
Check Point response to ZoneAlarm DLL injection
ComputerBild; 2016-02-10
Java-Patchday: Oracle bringt außerplanmäßiges Java-Update
Catalin Cimpanu; Softpedia; 2016-02-08
DLL Hijacking Issue Plagues Products like Firefox, Chrome, iTunes, OpenOffice
Eduard Kovacs; SecurityWeek; 2016-02-08
Oracle Patches Java Installer Vulnerability
Richard Chirgwin; The Register; 2016-02-08
Oracle issues emergency patch for Java on Windows
Oracle Security Alert; Oracle; 2016-02-05
Oracle Security Alert for CVE-2016-0603
WiX v3.10.2 released; FireGiant; 2016-01-21
WiX v3.10.2 released
Oracle Critical Patch Update Advisory – January 2016; Oracle; 2016-01-19
Oracle Critical Patch Update Advisory – January 2016
Release Notes; VeraCrypt; 2016-01-18
Release Notes, 1.17-BETA17 (January 18th, 2016)
Changelog CloneBD Blu-ray Media Converter; Elaborate Bytes; 2016-01-14
Changelog CloneBD Blu-ray Media Converter
Acknowledgments – 2016; Microsoft; 2016-01-12
MS16-007 (DLL Loading Elevation of Privilege Vulnerability)
MS16-007 (DLL Loading Elevation of Privilege Vulnerability)
Security Advisory; VeraCrypt Team, Mounir IDRASSI; 2016-01-11
CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
Vulnerability report; Emsisoft; 2016-01-08
Vulnerability report – emsisoft.de
Vulnerability Report: List of Advisories; Kaspersky Lab; 2015-12-23
Advisory issued on 23th December, 2015
Information Security; Rapid7; 2015-12-21
ScanNow DLL Search Order Hijacking Vulnerability and Deprecation
Vulnerability Reward Program Hall of Fame; F-Secure; 2015
2015 – Honorable Mentions
Security Advisory; F-Secure; 2015-12-17
FSC-2015-4: DLL pre-loading attack in Online Scanner
Security Bulletin; Intel; 2015-12-14
Intel Security – Security Bulletin: Security patch for several McAfee installers and uninstallers
Change log; Nmap; 2015-12-09
Nmap Changelog
Security Advisory; Gpg4win; 2015-11-25
Security Advisory Gpg4win 2015-11-25
Richard Chirgwin; The Register; 2015-11-03
Dev to Mozilla: Please dump ancient Windows install processes
Jason Shirk, Microsoft Security Response Center; Microsoft; 2015-10-20
Microsoft Bounty Program: Making it to the MSRC Top 100
Threat Intelligence Database; scip AG; 2015-09-18
Apple iTunes up to 12.2 buffer overflow [CVE-2010-3190]
iTunes security; Apple; 2015-09-11
About the security content of iTunes 12.3
Catalin Cimpanu; Softpedia; 2015-08-05
Mozilla Thunderbird 38+ Poses Security Risk via Its Lightning Extension
Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2015-06
June & July 2015 Security Researchers
Acknowledgments – 2014; Microsoft; 2014-08-12
MS14-049 (Defense-in-depth changes)
Security Bulletin; Microsoft; 2014-08-12
Microsoft Security Bulletin MS14-049 – Important
Microsoft Security Bulletin Summary for August 2014
Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2014-05
May 2014 Security Researchers
Threat Intelligence Database; scip AG; 2014-05-22
HP HP OfficeJet 6700 Driver Installer privilege escalation
Threat Intelligence Database; scip AG; 2014-04-09
Microsoft Windows up to 2012 R2 Batch File Handler CreateProcess() buffer overflow
Acknowledgments – 2014; Microsoft; 2014-04-08
MS14-019 (Windows File Handling Vulnerability)
Security Bulletin; Microsoft; 2014-04-08
Microsoft Security Bulletin MS14-019 – Critical
Microsoft Security Bulletin Summary for April 2014
Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau; Northwestern Journal of Technology & Intellectual Property, Volume 12 Issue 1 (2014); 2014-04-08
Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet
Charalampos harkaz Kazakos; 2013-09-09
Welcome to Windows XP Service Pack 4
Threat Intelligence Database; scip AG; 2013-08-28
Mozilla Firefox/Thunderbird prior 23.0 on Windows Path Handler UninstallString privilege escalation
Threat Intelligence Database; scip AG; 2013-05-13
Microsoft Security Essentials up to 4.1 Registry buffer overflow
Cal Leeming; 2013-05-10
Analysis of Cisco 7940, SIP ALG and NAT traversal problems
Bojan Zdrnja; Internet Storm Center; 2010-08-23
DLL hijacking vulnerabilities
Security Bulletin; Microsoft; 2010-08-02
Microsoft Security Bulletin MS10-046 – Critical
Microsoft Security Bulletin Summary for August 2010
Ray Johnston; Ghostscript; 2010-02-01
History of Ghostscript versions 8.xx
Detailed History of Ghostscript versions 8.xx
Holger Klemm; Multimedia4Linux; 2009-01-03
DVD-RAM Howto
Olof Lagerkvist; LTR Data; 2008-05-28
Tools and utilities for Windows
Ken Kato; VM Back; 2008-02-06
Virtual Floppy Drive 2.1: vulnerable zlib
Virtual Floppy Drive 2.1: vulnerable zlib
Jürgen Schmidt; The H Security; 2007-12-21
Antivirus software as a malware gateway
Mike Barwise; The H Security; 2007-10-22
BitDefender, GSView and cURL are vulnerable due to obsolete compression library
Linux Weekly News; 2005-06-27
ClamAV: denial of service
Paul Whittaker; Diet-PC; 2004-11-07
Configuring Windows 2000/2003 for Etherboot
Ralph Briel; Outlook Express FAQ; 2003
3.23 Wie kann ich das Euro-Währungssymbol korrekt verschicken?
Johann Ebend; Windows 2000 FAQ; 2002
Windows 2000 FAQ
Mariusz Zynel; Multi-booting Solaris and other operating systems; 2001-11-11
I.1 Preface
I.4 History
Andrew Clausen; GNU parted; 2000-02-23
parted-3.2/THANKS

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, errors, inaccuracies, omissions, vulnerabilities or weaknesses, …:
don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Notes: I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname!
Emails in weird formats and without a proper sender name are likely to be discarded.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

Data Protection Declaration

This web page records no data and sets no cookies.

The service provider for *.homepage.t-online.de, Deutsche Telekom AG,


Copyright © 1995–2018 • Stefan Kanthak • <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>