Monday, April 28th, 2008
Microsoft has provided security advice to web developers using its products after many such sites were compromised. Last week, hundreds of thousands of web pages were infected with a malicious iframe which tries to infect visitors with a trojan. Many high profile sites including the United Nations (un.org), the UK ...
Posted in Internet, Security | No Comments
Thursday, April 24th, 2008
There's another round of mass SQL injections going on which has infected hundreds of thousands of websites.
Performing a Google search results in over 510,000 modified pages.
Posted in Coding, Internet, Security | No Comments
Wednesday, April 23rd, 2008
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our ...
Posted in Coding, Linux, Security, Windows | No Comments
Monday, April 21st, 2008
The Captcha used in the current version 8.1 of PHP Nuke can be deciphered with 100% accuracy. more information can be found here:
http://www.rooksecurity.com/blog/?p=6
Exploit Code: http://www.rooksecurity.com/exploits/php_nuke_captcha.zip
What is so interesting about this captcha is that it is incredibly wide spread. Variants of this captcha are being used by big names like Paypal. ...
Posted in Coding, Internet, Security, Software | No Comments
Friday, April 18th, 2008
A demonstration of a security hole in the Microsoft Works Image Server (WkImgSrv.dll) ActiveX module contained in the Microsoft Works office suite has appeared on the Bugtraq mailing list. The demo appears to only cause a system crash. McAfee, however, has already found fully functional exploits which allow attackers to ...
Posted in Coding, Security, Windows | No Comments
