Improving Security with URL Rewriting

Thursday, April 9th, 2009

Most web application security experts frown on the practice of passing session or authentication tokens in a URL through the use of URL rewriting. Usually these tokens are passed between the server and the browser through HTTP cookies, but in cases where users configure their browsers to not accept cookies, ...

Windows AUTOPWN (winAUTOPWN)

Wednesday, April 1st, 2009

Autohack your targets with least possible interaction. Features : - Contains already custom-compiled executables of famous and effective exploits alongwith a few original exploits. - No need to debug, script or compile the source codes. - Scans all ports 1 - 65535 after taking the IP address and tries all possible exploits according to ...

Flaw in Conficker Worm May Aid Cleanup Effort

Monday, March 30th, 2009

Experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide. The security community is treading lightly with this news, because while the discovery could make it easier to isolate infected ...

Mozilla Firefox XSL Parsing ‘root’ XML Tag Remote Memory Corruption Vulnerability

Thursday, March 26th, 2009

Mozilla Firefox is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition. The following proof of concept is available: http://www.securityfocus.com/data/vulnerabilities/exploits/2009-ffox-poc.tar.gz

Compromised Site: Peugeot

Wednesday, March 25th, 2009

Websense Security Labs ThreatSeeker Network has discovered that the official Web site of Peugeot in Romania has been compromised and is infecting the machines of site visitors with malicious code. Malicious code has been inserted onto the reported page of the site via iframes. These iframes redirect to the pages ...