| Friday October 31st 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘vulnerabilities’ Archives

VeriFone vs Square

VeriFone vs Square

VeriFone, a huge provider of credit card processing systems that's been around since time immemorial, has taken a huge swipe at upstart Square today, branding its free, headphone jack-based credit card readers "skimming devices" and demanding their immediate removal from the market. Crazy, right? Let me explain how easy it is to exploit the [...]

Bunnie explains the technical intricacies and legalities of Xbox hacking

Bunnie explains the technical intricacies and legalities of Xbox hacking

Andrew "bunnie" Huang, who literally wrote the book on hacking Xboxes, was to be a witness in last week's first-of-its-kind trial for Xbox modding. However, the government prosecutor bungled his case so badly that he was forced to withdraw the charge and walk away, leaving the defendant unscathed. However, Bunnie had already prepared an [...]

Microsoft’s DRM makes your computer vulnerable to attack

Microsoft’s DRM makes your computer vulnerable to attack

The msnetobj.dll library is an ActiveX control used by Microsoft's DRM; it is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer's owner from disabling it or interfering with it. As if that wasn't bad enough, it is also vulnerable to three separate [...]

Typhoid adware hijacks LAN, inserts ads into uninfected computers’ browsers

Typhoid adware hijacks LAN, inserts ads into uninfected computers’ browsers

Security researchers at the University of Calgary have identified a new malware they call "Typhoid." Typhoid impersonates the wireless router on your local network, effecting a man-in-the-middle attack that allows it to insert ads into the browsing sessions of all the other, uninfected users on the LAN. Typically, adware authors install their [...]

Linux botnet discovery worry

Linux botnet discovery worry

Bad guys have created a botnet of Linux Web servers. In a way, that's even more frightening than regular botnets of compromised Windows PCs. Bloggers ask if this is the end for Linux's claim to be more secure than Windows; or is it just a load of old hokum? Your humble blogwatcher selected these bloggy morsels for your enjoyment. Not to mention [...]

Time to party like its Windows 95!

Remember the good old days of the 1990s, when you could teardrop attack any Windows user who'd annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks. IV. PROOF OF CONCEPT #!/usr/bin/python # When SMB2.0 recieve a "&" char in the "Process Id High" SMB header [...]

“Open Source Twitter” proposed as antidote to Twitter’s DDOS vulnerability

“Open Source Twitter” proposed as antidote to Twitter’s DDOS vulnerability

Twitter and Facebook were paralyzed this past week by DDOS (distributed denial of service) attacks. As I understand it, those attacks are still ongoing. In this Wired Epicenter blog post by Eliot Van Buskirk, open source advocates propose that the only real solution to this vulnerability is to engage in another DDOS: "distributed delivery of [...]

Stopgap Fix for Critical Firefox 3.5 Security Hole

Stopgap Fix for Critical Firefox 3.5 Security Hole

Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, LandoftheFreeish.com is posting instructions to help readers protect themselves from this vulnerability. The security hole has to do with a [...]

Reverse-engineering SSNs from publicly available data

Reverse-engineering SSNs from publicly available data

Computer scientists at Carnegie Mellon University have figured out how to predict Social Security numbers from publicly accessible birth data with frightening accuracy. The researchers analyzed a public information source known as the "Death Master File," which includes birth data and SSNs for people who have died. The scientists found that in [...]

Bugs and inaccurate readings found in breathalyzer source code

Bugs and inaccurate readings found in breathalyzer source code

After a long legal wrangle, some defendant-side attorneys have audited the source-code of Alcotest, the breathalyzer used in New Jersey DUI stops. Turns out it was programmed by muppets who don't know how to calculate an average and who throw out error messages by the dozen. Like voting-machine vendors, breathlyzer vendors go crazy when [...]

Man finds card skimmer on ATM

Man finds card skimmer on ATM

Dan says over the weekend he discovered a card skimmer attached to the ATM at his local WaMu branch. He pulled it off and took photos of it. This past weekend I went to use the local WaMu ATM to get some cash money. When I walked up to the ATM something struck me as funny…I couldn't quite put my finger on it but the card reader didn't look [...]

KTorrent Web Interface Vulnerable to Remote Takeover

KTorrent Web Interface Vulnerable to Remote Takeover

This is the beauty of open source. You can actually publish stuff like this without the fear that several black Tuesdays will pass before it's patched. Distributed under a GNU General Public license, KTorrent is a torrent client written in C++ for KDE. Feature wise, the client can compete with other popular clients, supporting protocol [...]

Four Threats For 2009 That You’ve Probably Never Heard Of (Or Even Thought About)

Four Threats For 2009 That You’ve Probably Never Heard Of (Or Even Thought About)

You're probably gearing up for the well-known security risks you've watched emerge over the past year to go front burner in the new year -- the insider threat, Web 2.0, and targeted attacks. But don't pop that champagne cork just yet: Some obscure potential threats that could be more difficult to prepare for and defend against also are looming for [...]

Forget your photo ID for your EasyJet flight? Just go print one up!

Forget your photo ID for your EasyJet flight? Just go print one up!

Don't worry if you show up for your domestic UK EasyJet flight without the mandatory photo ID the airline now requires; the helpful check-in clerks will direct you to the nearby train station where they'll make you up a free photo-card to go with a rail-pass, should you ever decide to buy one. Ah, security. "They suggested I go to the railway [...]

HOWTO: Exploit Bluetooth Headsets

Here's a pretty basic "how to" on connecting your PC to Bluetooth devices. When connected, you may send sound files to the Bluetooth device and/or record anything said into a bt headset. Neat for a Linux beginner.

All your passports are belong to us

Think of it this way: Chris Paget just did you a service by hacking your passport and stealing your identity. Using a $250 Motorola RFID reader and antenna connected to his laptop, Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found and cloned the [...]

Ubuntu Linux kernel vulnerabilities

Ubuntu Linux kernel vulnerabilities

A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. A local attacker could exploit this to cause a system [...]

Researchers Point Out XSS Flaws On American Express Website

Researchers Point Out XSS Flaws On American Express Website

American Express has been wrestling for more than a week with cross-site scripting vulnerabilities that could jeopardize the personal information of its customers, according to security researchers. Researchers have been reporting vulnerabilities on the Amex site since April, when the first of several cross-site scripting (XSS) flaws was [...]

Metasploit 3.2 Offers More “Evil Deeds”

Metasploit 3.2 Offers More “Evil Deeds”

Hacking into systems (albeit for testing purposes) is apparently getting easier with the upcoming open source Metasploit 3.2 framework, according to its creator. During a packed presentation at that SecTor conference here yesterday, Metasploit creator H. D. Moore detailed some of the new features in the upcoming Metasploit 3.2 release. They [...]

“Fakeproof” e-passport is cloned in minutes

“Fakeproof” e-passport is cloned in minutes

New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports. Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws [...]

 Page 1 of 2  1  2 »