[LACNIC/Seguridad] Adobe Shockwave Vulnerabilities

[Rodrigo Rubira Branco (BSDaemon)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I'm happy to announce that I released 3 new vulnerabilities in Adobe
Shockwave Player (CVE-2012-2029, CVE-2012-2030 e CVE-2012-2031)...

In the past year, I've been one of the researchers to release more
vulnerabilities in Adobe products and I was honored with a gift from
Adobe for that.

Already for this year's period, I released vulnerabilities in Adobe
Reader (CVE-2011-2098) and also in Shockwave (CVE-2011-2115).

Another good news is that my talk was approved for Blackhat this year,
exactly about malware analysis.  It is related a system I announced
past year, totally free for researchers to use.  It helps them to have
access to millions of samples and give them the capacity to analyze it
(since Qualys sponsors it and we have the hardware potential for that).

Interesting to note that all the vulnerabilities I always related have
been previously coordinated with the affected vendors (in the case,
Adobe), but if I wanted I had a great opportunity to make lots of
money using it in crimes, which I NEVER did.  I'm very sad in knowing
some institutions made of COWARDS never replied my emails to clarify
something they are talking about myself on my back.  Apparently they
are not aware that ACCUSING people from things they never did without
proofs are not only illegal, but also immoral.



Best Regards,



Rodrigo.
http://www.twitter.com/bsdaemon
http://www.kernelhacking.com/rodrigo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+qqVsACgkQRpuC3B/O3qEp7QCfTeaYejIY4tNGzvJILLcTfKqX
LZcAnA8PuYNjlT+LnMDU3GcFZRNlePhG
=8v0j
-----END PGP SIGNATURE-----