Deciphering the PHP-Nuke Captcha

Monday, April 21st, 2008

The Captcha used in the current version 8.1 of PHP Nuke can be deciphered with 100% accuracy. more information can be found here: http://www.rooksecurity.com/blog/?p=6 Exploit Code: http://www.rooksecurity.com/exploits/php_nuke_captcha.zip What is so interesting about this captcha is that it is incredibly wide spread. Variants of this captcha are being used by big names like Paypal. ...

The Snare Of Unauthorized Requests

Monday, April 21st, 2008

Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...

Details of privilege escalation hole in Windows

Monday, April 21st, 2008

In a security alert last week, Microsoft reported a vulnerability which allows local users and users signed on with access to an Internet Information Server (IIS) or MS SQL server to escalate their privileges. Server operators such as hosting providers who allow user code to be executed, for example on ...

Vulnerability in Windows Could Allow Elevation of Privilege

Friday, April 18th, 2008

Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run ...

SANS solves mystery of mass Web site infections

Thursday, April 17th, 2008

The SANS Institute has uncovered what they've termed a "rare gem" as far as computer security investigations go that sheds new light on how up to 20,000 Web sites have been hacked since January. They found a sneaky software tool that uses Google's search engine to hunt for Web sites running ...