Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Sunday, June 1st, 2008
The videos from ShmooCon 2008 have hit the shelves. Go download them at:
http://www.shmoocon.org/2008/videos/
EDIT: As of the time of this post, some of the videos are incorrectly named. Here is the 1-> 1:
Correctly Named:
21st Century Shellcode for Solaris
Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to SPIKE land
Backtrack ...
Posted in General BS, Security | No Comments
Tuesday, May 20th, 2008
This may seem painfully obvious to some people, but I looked around and couldn’t find a reference to it, so I apologize ahead of time for anyone who already knew this. When we normally think of how attackers use proxies they are almost always just trying to hide their IP ...
Posted in Coding, Hardware, Internet, Networking, Privacy, Security | No Comments
Tuesday, May 20th, 2008
My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and ...
Posted in Coding, Internet, Privacy, Security | No Comments
Friday, May 16th, 2008
A new attack on PayPal could have allowed users who thought they were on a trusted page to access a fraudulent page and possibly expose personal information. On Friday, Finnish researcher Harry Sintonen reported the vulnerability on an IRC chat room.
In an interview with Netcraft, Sintonen said the issue was ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, May 14th, 2008
Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.
Client-based attacks, especially targeting web clients, are becoming ...
Posted in Internet, Privacy, Security, Software | No Comments
Tuesday, April 29th, 2008
The latest versions of fgdump and pwdump have been released by the foofus.net team. Looks like the most important change is that both tools support 64-bit targets. Here is the official announcement:
"The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number ...
Posted in Coding, Linux, Privacy, Security | No Comments
Saturday, April 26th, 2008
WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...
Posted in Coding, Internet, Privacy, Security, Software | 1 Comment
Friday, April 25th, 2008
Opera 9.5 Beta 2 has stepped up its security game. The browser has added fraud protection and support for EV SSL (Extended Validation Secure Sockets Layer) certificates to help prevent identity theft.
Opera’s move to join the EV SSL crowd leaves Safari as the only browser without anti-phishing protection. As you ...
Posted in Internet, Software | No Comments
Thursday, April 24th, 2008
AVG Technologies, a leading provider of Internet security software, will tomorrow release AVG Anti-Virus Free 8.0, the latest version of the company’s popular and widely-used free security software, which now incorporates protection against spyware through a new combined anti-virus and anti-spyware engine.
AVG Free provides basic protection against viruses and spyware, ...
Posted in Internet, Security, Software | No Comments
