| Thursday April 24th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘exploit’ Archives

Today’s Script kiddies have awesome tools

Today’s Script kiddies have awesome tools

Interesting writeup from an Admin that found an exploit installed in a Wordpress blog installation. I have found these before, but beware - a lot of experienced crackers will upload this kind of stuff into an install folder of Phpmyadmin or Wordpress so that you become convinced the culprit of your attack was a flaw in the popular software when, [...]

Nintendo’s Homebrew-Blocking Update Hacked

Nintendo’s Homebrew-Blocking Update Hacked

Team Twiizers, the group behind almost all of the Wii Homebrew scene, has released an update to the Homebrew Channel (and installer) that allows for installation on a Wii with the most recent update installed. While the team still recommends against installing the Nintendo update, those who accidentally updated or purchase games that require the [...]

Hackers working on cracking the Googlephone’s firmware

Hackers working on cracking the Googlephone’s firmware

T-Mobile's new Google Android phone, the G1, is not as open as you'd hope -- all the good hardware is sandboxed off from the development environment and requires a signature to run. But hackers are already working to crack open the firmware. From the #android channel on Freenode: I hacked my camera's firmware manually by using an exploit to cause [...]

Russians use NVIDIA card to crack WPA/WPA2 security: WiFi is insecure again.

Russians use NVIDIA card to crack WPA/WPA2 security: WiFi is insecure again.

WiFi is no longer secure enough to protect wireless data. Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi ‘password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless [...]

Metasploit 3.2 Offers More “Evil Deeds”

Metasploit 3.2 Offers More “Evil Deeds”

Hacking into systems (albeit for testing purposes) is apparently getting easier with the upcoming open source Metasploit 3.2 framework, according to its creator. During a packed presentation at that SecTor conference here yesterday, Metasploit creator H. D. Moore detailed some of the new features in the upcoming Metasploit 3.2 release. They [...]

HOWTO: Bybass Windows 98 ‘s elite security system

HOWTO: Bybass Windows 98 ‘s elite security system

Clickjacking: Researchers raise alert for scary new cross-browser exploit

Clickjacking: Researchers raise alert for scary new cross-browser exploit

Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash. The threat, called Clickjacking, was to be discussed at the OWASP NYC AppSec 2008 Conference but, at the request [...]

SQL injection countermeasure failures

Cute article about sanitizing form input... ...found this next snippet in the authentication code for the project he'd been assigned to. // The following string is an SQL comment, and could // blank out the check for password in our SQL statement // if used in the username! if (username.indexOf("';--")!=-1) { throw new [...]

DEFCON 16 – The Tools

DEFCON 16 – The Tools

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique. I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at [...]

Judge refuses to lift gag order on MIT students in Boston subway-hack case

Judge refuses to lift gag order on MIT students in Boston subway-hack case

Lulz, if you guys think Boston's MTA cards are easy to hack you should take a swipe at Philly's SEPTA cards... Ohh and here's the DefCon Subway Presentation for all you lazy people. "A federal judge in Boston today refused to lift a temporary restraining order preventing three MIT students from publicly discussing details of several security [...]

Vista’s Security Rendered Completely Useless by New Exploit

Vista’s Security Rendered Completely Useless by New Exploit

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft [...]

More Defcon Madness: Massachusetts transit authority sues subway hackers

More Defcon Madness: Massachusetts transit authority sues subway hackers

Las Vegas (NV) – Three MIT students probably won’t be giving their scheduled Defcon speech on getting free subway rides.  The Massachusetts Bay Transit Authority – the agency in charge of the Boston T subway – sued the trio for computer fraud and requested a temporary restraining order to prevent them from presenting [...]

E-Passports Can Be Hacked and Cloned in Minutes

E-Passports Can Be Hacked and Cloned in Minutes

Tests conducted for the UK's Times Online have concluded that the new high-tech e-passports being distributed around the world can be hacked and cloned within minutes. A computer researcher proved it by cloning the chips in two British passports and then implanting digital images of Osama bin Laden and a suicide bomber. Both passports passed as [...]

The Ugliest Facebook Profile Picture Ever

The Ugliest Facebook Profile Picture Ever

You must be logged into Facebook to view it: Clicky Clicky Don't you agree? UPDATE: This "vulnerability" has been fixed

HOWTO: Use The Private Photobucket Exploit

HOWTO: Use The Private Photobucket Exploit

Here's a quick little (albeit limited) HOW TO using the mobile Photobucket pages. If you want to see the pics in, say, "test"s album, you have to start with a filename you already know is in the album, say, pic074.jpg. The universal URL is: http://m301.photobucket.com/albumview/albums/*/*.html? you then insert the album username and image [...]

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

Last week's dramatic rescue of 15 hostages held by the guerrilla organization FARC was the result of months of intricate deception on the part of the Colombian government. At the center was a classic man-in-the-middle attack. In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're [...]

Metasploit Hacking Tool Site Hacked But Not “Owned”

Metasploit Hacking Tool Site Hacked But Not “Owned”

An attack this week targeting the Metasploit Website redirected visitors to a phony page proclaiming the hack -- but the hacking tool site’s servers remained intact. HD Moore, creator of Metasploit and director of security research for BreakingPoint Systems, says the attack didn’t actually touch the Metasploit servers themselves. [...]

Universal XSS In PDF

Universal XSS In PDF

More XSS (Cross-site Scripting) fun! After yesterday's post I realized that not everyone reads hacker blogs so I feel it as my duty to post it here. Stefano Di Paola and Giorgio Fedon have found a universal XSS in PDF. RSnake found also a vulnerability on local PDF file execution. This is bad people; Every server in this universe that host PDF [...]

Prevent XSS and SQL Injection

Prevent XSS and SQL Injection

Today I was toying with Apache and made a .htaccess for all of you; that prevents most used XSS and SQL injection vectors in the request uri. It looks at the request uri and sends the malicious user to a log file which sends an e-mail to the webmaster with all his information and what happened when this user was trying to punk with some scripts. I [...]

Ohh, the irony… Microsoft says “Safari isn’t safe on Windows”

Ohh, the irony… Microsoft says “Safari isn’t safe on Windows”

This is bad news for all eleven Safari-on-Windows users... Apple's been making hay in its Mac vs. PC ads about Windows' security and malware problems. But now that Apple's playing in Microsoft's sandbox with a Windows version of the Safari Web browser, the worm has turned. The Windows version of Safari has a bug that's been dubbed the "carpet [...]

 Page 3 of 4 « 1  2  3  4 »