| Wednesday July 23rd 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘vulnerabilities’ Archives

SQL injection countermeasure failures

Cute article about sanitizing form input... ...found this next snippet in the authentication code for the project he'd been assigned to. // The following string is an SQL comment, and could // blank out the check for password in our SQL statement // if used in the username! if (username.indexOf("';--")!=-1) { throw new [...]

A “hacker” broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia

A “hacker” broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia

WASHINGTON - A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom [...]

DEFCON 16 – The Tools

DEFCON 16 – The Tools

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique. I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at [...]

Attacks Continue on Retail Stores and Restaurants

Attacks Continue on Retail Stores and Restaurants

Attacks on local retail establishments continue to net criminals large volumes of personal data, despite the recent arrest and indictment of a large group of criminals using the same attack vector. Authorities late last week acknowledged that a ring of cyber-thieves has stolen tens of thousands of credit card numbers from Louisiana and [...]

Mozilla Releases Firefox 3.0.1

Mozilla has released Firefox 3.0.1 to address three vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey. Two of these vulnerabilities were previously fixed in Firefox 2.0.0.16 as [...]

The Ugliest Facebook Profile Picture Ever

The Ugliest Facebook Profile Picture Ever

You must be logged into Facebook to view it: Clicky Clicky Don't you agree? UPDATE: This "vulnerability" has been fixed

Denial-of-coffee attacks affect networked coffee maker

Denial-of-coffee attacks affect networked coffee maker

Now this is just funny... If you own a Jura F90 Coffee Maker, you can also buy a Jura Internet Connection Kit, which lets you program and set your coffee prefs via the network: however, its got a bunch of vulnerabilities that allow for remote denial-of-coffee attacks: Guess what - it can not be patched as far as I can tell ;) It also has a few [...]

Scan for SQL/XSS Injection Vulnerabilities Using “Exploit-Me” Firefox Add-on Suite

Scan for SQL/XSS Injection Vulnerabilities Using “Exploit-Me” Firefox Add-on Suite

So you have been coding a new CMS for your site... making every effort to make sure any/all user inputted data is escaped properly, but you still would like to remain paranoid and scan for vulnerabilities. We don't blame you. sqlmap has been around for awhile, but now there are other choices. Take a look at SQL Inject-Me from the Exploit-Me [...]

Macbook Air Hacked in 2 mintues

Macbook Air Hacked in 2 mintues

San Francisco - It may be the quickest $10,000 Charlie Miller ever earned. He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest. Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, [...]

VLC Player Vulnerable to Remote Hijack

VLC Player Vulnerable to Remote Hijack

VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available.Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to [...]

Local root exploit in kernels 2.6.17 to 2.6.24.1

There is a new local root exploit found in linux kernels 2.6.17 to 2.6.24.1. Here's a proof-of-concept, which basically works as a "passwordless su". I have tested the exploit on a few systems I manage, and it just plain works on a number of them. The distros I have around that are vulnerable are: Fedora 8 CentOS 5/5.1 (and therefore [...]

HOWTO: Defeat Sealed PDFs, A DRM Nightmare

HOWTO: Defeat Sealed PDFs, A DRM Nightmare

Have you ever heard of a "sealed" PDF? I don't mean password-protected or branded with your name (as some eBook sellers do). This is a different beast. Let me introduce a company called SealedMedia. Their business is protecting electronic documents (PDFs), a form of Digital Rights Management (DRM) which has always been a topic of ongoing debate. [...]

ICANN Moves To Disable Domain Tasting

"Following Google's crackdown on 'domain tasters', ICANN has voted unanimously to eliminate the free period that many domain buyers have been taking advantage of. At the same meeting they also discussed Network Solutions' front running but took no action on it." Source ICANN's Release

500,000 private Myspace pictures leaked and available for download

500,000 private Myspace pictures leaked and available for download

Sorry for the typical and tredy "myspace pic" above. This is an article from Wired Magazine. It might be the largest "security breach" in awhile but what on earth would anyone do with 17gb of random Myspace teenagers? A 17-gigabyte file purporting to contain more than half a million images lifted from private MySpace profiles has shown up on [...]

The Meanest Thing Gizmodo Did at CES

The Meanest Thing Gizmodo Did at CES

Long story shorts now banned from attending CES. They walked around and turned off people's tvs during presentations. Sucks to be a gadget blog banned from CES. Click the link below to view the video Gizmodo made of their mischief. CES has no shortage of displays. And when MAKE offered us some TV-B-Gone clickers to bring to the show, we [...]

Attackers target unpatched QuickTime flaw that affects Windows & Macs

Attackers target unpatched QuickTime flaw that affects Windows & Macs

The vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first disclosed on Nov. 23rd and still remains unpatched. The vulnerability can be exploited through Internet Explorer, Firefox, Opera, and Safari and effects both Windows and Mac users. First observed on Saturday, the attacks [...]

 Page 2 of 2 « 1  2