Windows PHP Socket Hijack Toolset

Friday, June 6th, 2008

Due to a problem in the way Apache binds itself to port 80 on Windows machines allows the PHP environment running under Apache to gain access to the information being sent to port 80, which in turn can be leveraged to preform man-in-the-middle attacks. This problem is exploited by the PHP ...

Kaspersky driver bug allows privilege escalation

Thursday, June 5th, 2008

A flaw in a kernel driver used by Kaspersky Anti-Virus 6.0 and 7.0, Kaspersky Internet Security 6.0 and 7.0, and Kaspersky Anti-Virus 6.0 for Windows Workstations can be exploited by uers with restricted rights to get admin rights to a system, or by malware to execute with system privileges. The cause ...

What you need to know about HTTP Verb Tampering

Wednesday, June 4th, 2008

Recently Arshan Dabirsiaghi, Director of Research of Aspect Security, published a white paper entitled “Bypassing URL Authentication and Authorization with HTTP Verb Tampering”. Initially there was a lot of confusion about what exactly was being explained or claimed. Including, is it real? Is it novel? Is it dangerous? What is ...

A Tour of Risky Web Sites

Wednesday, June 4th, 2008

Just over 4% of all Web sites are dangerous, according to a new report. But all bad sites aren’t created equal: Cyber bad guys are more likely to build their sites where it’s easy to do so. The report out today from McAfee, a tech-security company that’s trying to position itself ...

Goosh, a Google Command Line

Tuesday, June 3rd, 2008

Goosh.org hosts an unofficial Google interface which “behaves similar to a unix-shell,” as the author Stefan Grothkopp explains. For instance, entering n disney will result in a Google News search for the keyword “disney”. Type help to see some of the other available commands, like lucky (an “I’m feeling lucky” ...