Quick update
Here is my short update. I was playing around with the ‘nice’ modem and I found 2 vulnerability
1) Remote code execution
2) DoS
Tested on Firmware Version : 2.10.5.0(UE0.C2C)3.7.6.1
I’m looking forward to play around with Riger Corporation’s modem that came with “Enhanced by TM R&D Malaysia” label on it 
:: Quick update ::
Today, I’ve been working on a video on the Aurora IE 0day exploit PoC that really mimics the original Aurora’s exploit on Google.
However, the original exploit gonna fail if you enable DEP on the machine.
A few minutes back, someone ping and inform me on the new PoC that gonna bypass the DEP. If true, enabling DEP wont protect IE users anymore 
But you are still safe if you disable Active Script / JavaScript support for your IE
Here is how you can disable the Active Shit/JavaShit Active Script / JavaScript support in your IE: Advisory
I’ve received the ‘feed’ regarding the IIS vulnerability on the 23rd December, but due to busy (preparing for examination) week, the advisory for the vulnerability is still pending.
From my observation, IIS 7 and IIS 7.5 are not vulnerable to the bug.. I already have a few working workaround for the 0day and all of them will be compiled in my upcoming advisory.. soon.. 
cheers!
** [Updated on Tue Dec 29 01:26:39 MYT 2009]
Done! Sent to webmaster. Waiting to be published
** [Updated on Tue Dec 29 21:33:20 MYT 2009]
Published
Nothing much but YES to agree with Didier Stevens with his statement:
PDF + JS = OMG
Yerp.. there is another vulnerability (CVE-2009-3459) in Adobe Reader and Acrobat today (GMT +8) and so far it is still 0 day..
*panic panic* What to do?
The critical memory corruption vulnerability has finally fixed in Mozilla Firefox 3.5.1. Beside security issues, several stability issues and issue that was making Firefox take a long time to load on some Windows systems were also fixed in this release. The complete changelog is HERE
