‘Kill Zeus’ removes rival software from PCs, giving Spy Eye access to usernames, passwords.

Filed under: exploit, hax, malware, security | No Comments »

Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim’s physical location via smartphone’s GPS.

Filed under: crackberry, exploit, hax | No Comments »

Brian Krebs continues to scare the pants off the public with his ongoing series on sophisticated ATM skimmers (devices that capture your card number, working with a hidden camera to catch your PIN). His slideshow of next-gen skimmers has me convinced that there’s no way I’d notice a skimmer on an ATM that I was [...]

Filed under: con, exploit | No Comments »

Just to clarify, that’s Windows NT 3.1, not the old 16-bit Windows 3.1. I was wondering how the hell you could have a privilege escalation bug on an OS with only one level of privilege.
The problem is caused by flaws in the Virtual DOS Machine (VDM) introduced in 1993 to support 16-bit applications (real mode [...]

Filed under: exploit, micro$oft | No Comments »

Although its name suggests perhaps even grander capabilities, Windows enthusiasts are excited over the discovery of a hidden “GodMode” feature that lets users access all of the operating system’s control panels from within a single folder.
To enter “GodMode,” one need only create a new folder and then rename the folder to the following:
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Once that is [...]

Filed under: cool, exploit, micro$oft | No Comments »

In a blog post last Wednesday, Bountii.com co-founder Samir Meghani outlined what he described as “an obvious flaw.”

Filed under: exploit, micro$oft | No Comments »

Microsoft has acknowledged that they slipped the .NET Framework Assistant plugin into Firefox via Windows Update this past February, and that it has poked a “critical” hole in the browser’s security (effectively bringing Firefox down to IE’s level).
Microsoft has deemed the hole to be a “critical” security threat, as it gives webmasters the ability to [...]

Filed under: exploit, micro$oft | No Comments »

Bad guys have created a botnet of Linux Web servers. In a way, that’s even more frightening than regular botnets of compromised Windows PCs. Bloggers ask if this is the end for Linux’s claim to be more secure than Windows; or is it just a load of old hokum?
Your humble blogwatcher selected these bloggy morsels [...]

Filed under: exploit, linux, security, ugh, vulnerabilities | No Comments »

Remember the good old days of the 1990s, when you could teardrop attack any Windows user who’d annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks.
IV. PROOF OF CONCEPT
#!/usr/bin/python
# When SMB2.0 recieve a “&” char in the “Process Id High” SMB header field [...]

Filed under: exploit, micro$oft, pwned, vulnerabilities | No Comments »

US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards.

Filed under: con, exploit, privacy, security | No Comments »

On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.

Filed under: apple, exploit, malware, pwned, security | No Comments »

The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is [Paco Hope]’s 50 Ways to Inject Your SQL. While a [...]

Filed under: exploit, hax, pwned | No Comments »

Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla’s new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, LandoftheFreeish.com is posting instructions to help readers protect themselves from this vulnerability.
The security hole has to do with a flaw in the [...]

Filed under: exploit, firefox, malware, security, vulnerabilities | No Comments »

Computer scientists at Carnegie Mellon University have figured out how to predict Social Security numbers from publicly accessible birth data with frightening accuracy. The researchers analyzed a public information source known as the “Death Master File,” which includes birth data and SSNs for people who have died. The scientists found that in many instances, if [...]

Filed under: b3st pract1c3s, exploit, privacy, pwned, ugh, vulnerabilities | No Comments »

Computer scientists at the University of California-Santa Barbara expose details of infamous botnet known for stealing financial data after temporarily wresting control of it.

Filed under: exploit, privacy, security | No Comments »

The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker’s characteristics.
The worm ‘Neeris’ has been active for a few years, but has been updated to target the same Microsoft flaw MS08-067 – which Conficker exploited to become so successful.
Other similarities between [...]

Filed under: exploit, malware, micro$oft, security | No Comments »

Malicious PDF sitting on hard drive can generate attacks exploiting unpatched Adobe Reader and Acrobat flaw, researcher finds.

Filed under: exploit, security | No Comments »

Here’s a fun little tip: You may open most Sentex key pad-access doors by typing in the following code:
***00000099#*
The first *** are to enter into the admin mode, 000000 (six zeroes) is the factory-default password, 99# opens the door, and * exits the admin mode (make sure you press this or the access box will [...]

Filed under: cool, exploit, howto, offtopic | No Comments »

It just isn’t fair that Windows users get all the viruses. I mean really, shouldn’t Linux users be in on the fun as well? Well… thanks to the folks running the Wine project, Linux users can “catch the virus bug” too — sort of.
Linux just isn’t user-friendly when it comes to viruses. You have to [...]

Filed under: exploit, free open source software, linux, security | No Comments »

Two vulnerabilities have been discovered in the web interface plugin for the KDE BitTorrent client, KTorrent. A malicious attacker sending specially crafted parameters to the interface could enable both remote code execution and arbitrary torrent uploads.

Filed under: exploit, free open source software, linux, vulnerabilities | No Comments »