| Sunday April 20th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘exploit’ Archives

Pwnie Award Nominees 2009

The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is ’s 50 Ways to Inject Your SQL. While a strong entry, it doesn’t touch last [...]

Stopgap Fix for Critical Firefox 3.5 Security Hole

Stopgap Fix for Critical Firefox 3.5 Security Hole

Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, LandoftheFreeish.com is posting instructions to help readers protect themselves from this vulnerability. The security hole has to do with a [...]

Reverse-engineering SSNs from publicly available data

Reverse-engineering SSNs from publicly available data

Computer scientists at Carnegie Mellon University have figured out how to predict Social Security numbers from publicly accessible birth data with frightening accuracy. The researchers analyzed a public information source known as the "Death Master File," which includes birth data and SSNs for people who have died. The scientists found that in [...]

Researchers Take Over Dangerous Botnet

Researchers Take Over Dangerous Botnet

A group of researchers at the University of California-Santa Barbara boldly hijacked a notorious botnet known for stealing financial information and discovered that the botnet is even more dangerous than had been thought. Researchers at the University of California at Santa Barbara have published a report (.PDF) that exposes details about how [...]

Microsoft warns of copycat Conficker worm

Microsoft warns of copycat Conficker worm

The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker’s characteristics. The worm ‘Neeris’ has been active for a few years, but has been updated to target the same Microsoft flaw MS08-067 – which Conficker exploited to become so successful. Other [...]

No User Action Required In Newly Discovered PDF Attack

No User Action Required In Newly Discovered PDF Attack

Merely storing, without opening, a malicious PDF file can trigger an attack that exploits the new, unpatched zero-day flaw in Adobe Reader, a researcher has discovered. Didier Stevens, a researcher and IT security consultant with Contrast Europe NV, today released a proof-of-concept demonstration that shows how a file infected with the Adobe [...]

HOWTO: Open keypad-access doors

HOWTO: Open keypad-access doors

Here's a fun little tip: You may open most Sentex key pad-access doors by typing in the following code: ***00000099#* The first *** are to enter into the admin mode, 000000 (six zeroes) is the factory-default password, 99# opens the door, and * exits the admin mode (make sure you press this or the access box will be left in admin mode!) I'm [...]

Running Windows viruses with Wine

Running Windows viruses with Wine

It just isn't fair that Windows users get all the viruses. I mean really, shouldn't Linux users be in on the fun as well? Well... thanks to the folks running the Wine project, Linux users can "catch the virus bug" too -- sort of. Linux just isn't user-friendly when it comes to viruses. You have to work to find and run them. It doesn't happen [...]

KTorrent Web Interface Vulnerable to Remote Takeover

KTorrent Web Interface Vulnerable to Remote Takeover

This is the beauty of open source. You can actually publish stuff like this without the fear that several black Tuesdays will pass before it's patched. Distributed under a GNU General Public license, KTorrent is a torrent client written in C++ for KDE. Feature wise, the client can compete with other popular clients, supporting protocol [...]

Four Threats For 2009 That You’ve Probably Never Heard Of (Or Even Thought About)

Four Threats For 2009 That You’ve Probably Never Heard Of (Or Even Thought About)

You're probably gearing up for the well-known security risks you've watched emerge over the past year to go front burner in the new year -- the insider threat, Web 2.0, and targeted attacks. But don't pop that champagne cork just yet: Some obscure potential threats that could be more difficult to prepare for and defend against also are looming for [...]

sslstrip: hijacking SSL in network

sslstrip: hijacking SSL in network

Last week at Black Hat DC, Moxie Marlinspike presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate [...]

New exploit targets IE 7 hole patched last week

New exploit targets IE 7 hole patched last week

Cybercriminals are exploiting a critical hole in Internet Explorer 7 that was patched a week ago by Microsoft, security firm Trend Micro warned on Tuesday. The malicious code, which Trend Micro named "XML_DLOADR.A," is hidden in a Word document. On unpatched systems, when the file is opened an ActiveX object automatically accesses a Web site to [...]

BackTrack 4 beta released

BackTrack 4 beta released

The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they [...]

MIME sniffing in Internet Explorer enables cross-site scripting attacks

MIME sniffing in Internet Explorer enables cross-site scripting attacks

Many large sites make special efforts to protect their visitors against possible JavaScript attacks, by, for example, implementing special filters that guard against active content, although most of them can't switch off their own active content – such as JavaScript, HTML code and Flash applets in profiles, blogs and forums. Most interactive [...]

All your passports are belong to us

Think of it this way: Chris Paget just did you a service by hacking your passport and stealing your identity. Using a $250 Motorola RFID reader and antenna connected to his laptop, Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found and cloned the [...]

HOWTO: Reprogram Road Signs

HOWTO: Reprogram Road Signs

Disclaimer: This "HOWTO" to posted for information only. These road signs are very common, are inherently insecure by design, and should be fixed. You should not tamper with these signs in any way, as someone might get hurt. This is the ADDCO portable sign. Today, you see what is on the inside, and briefly how they are "programmed" to display [...]

Firefox users targeted by rare piece of malware

Firefox users targeted by rare piece of malware

This is not unthinkable. There have been arbitrary-code vulnerabilities in the recent past. Ugh... Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. The malware, which BitDefender dubbed Trojan.PWS.ChromeInject.A sits in Firefox's add-ons [...]

How Dan Kaminsky broke and fixed DNS

How Dan Kaminsky broke and fixed DNS

Wired's Joshua A Davis has a great profile of Dan Kaminsky's work on discovering and then helping to fix a net-crashing DNS bug earlier this year. Davis really captures the excitement of discovering a major security flaw and the complex web of personal, professional and technical complications that come to bear when you're trying to disclose the [...]

HOWTO: Detect the Social Sites Your Visitors Use With SocialHistory.js

HOWTO: Detect the Social Sites Your Visitors Use With SocialHistory.js

One of the great things about the web is the relative ease with which one can set up a new service. In social bookmarking alone with have Del.icio.us, Digg, Facebook, Fark, Mister-Wong, Newsvine, Reddit, Technorati, Slashdot, and StumbleUpon, to name a few. That’s great for competition, and that’s great for users, but it’s not so good for [...]

Free “Trojan-Proof” Password Tool Released for Windows

Free “Trojan-Proof” Password Tool Released for Windows

A trio of German software firms claims to have developed a password system that prevents Trojans and viruses from stealing passwords from a Windows machine. The “Trojan-proof” virtual keyboard software, which was developed by Global IP Telecommunications, PMC Ciphers, and CyProtect AG, is available in a free beta version for [...]

 Page 2 of 4 « 1  2  3  4 »