How to Fix America's Harmful Hacking Laws
Many technology-law experts feel there's too much leeway for prosecutors under the 1986 Computer Fraud and Abuse Act, allowing prosecutors to rack up serious charges for what may seem like minor...
View ArticleFacebook Graph Search a great tool for phishing attacks
Graph Search makes it easier for cyber criminals to gather relevant details that can be used to target phishing attacks more effectivelyFacebook shook the tech world's foundation a bit with the...
View ArticleComodo 2013 Internet Security Includes Default Deny Protection
Comodo, one of the leading certificate authorities and Internet security organizations, recently announced the release of its Internet Security 2013 software. Comodo® Internet Security 2013 (CIS 2013)...
View ArticleHacked E-mails and Web Sites Pushing Weight Loss Drug Spam, Round 2
Six months ago, in July 2012, I wrote about "Hacked E-mails and Web Sites Pushing Weight Loss Drug Spam."Now in January 2013, hackers and scammers are up to the same tricks.(If you believe you may have...
View ArticleBinMode: Parsing Java *.idx files
One of the Windows artifacts that I talk about in my training courses is application log files, and I tend to sort of gloss over this topic, simply because there are so many different kinds of log...
View ArticleAndroid Encryption and PBKDF2
There is an interesting bug in the Android OS posted late last year.http://code.google.com/p/android/issues/detail?id=40578The BugThe bug poses a vulnerability in the way a password is translated into...
View ArticleClik here to view.
A Dive into the Water Hole
Today, let's get our hands dirty by analyzing an "interesting" sample that I found in-the-wild earlier today. There are multiple interesting parts of this sample; the first one is that they don’t...
View ArticleToday's NIST CVE Issuance's For Vulns In PHP, Cisco NX-OS on Nexus And The...
Click on the underline CVE for additional vuln specific infoCVE-2012-6113Summary: The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain...
View ArticleAloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation...
Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation VulnerabilityVendor: Aloaha Software - Wrocklage Intermedia GmbHProduct web page: http://www.aloaha.comAffected version:...
View Articlehs-tls: Basic constraints vulnerability
For hs-tls (TLS/SSL implementation in haskell) it was announced the followingadvisory[0]:----cut---------cut---------cut---------cut---------cut---------cut-----Hi cafe,this is a security advisory for...
View ArticleIran beefing up cyber-warfare capabilities after Stuxnet, top US general warns
The suspected US-Israeli 2010 Stuxnet cyber-attack on Iran’s nuclear facilities has sparked a buildup of the latter’s cyber-warfare capabilities, and this will make Tehran a "force to be reckoned with"...
View ArticleCategorizing values in JavaScript
This post examines four ways in which values can be categorized in JavaScript: via the hidden property [[Class]], via the typeof operator, via the instanceof operator and via the function...
View ArticleClassified Ultra ScriptsGenie XSS / SQLi Vulnerabilities
# Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities# Date; 20/1/13# Author; 3spi0n# Script Vendor or Software Link;http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/#...
View ArticleAdobe Experience XSS Vulnerability
----------------------------------------------------------------------------------------------------Title : Adobe Experience Delivers reflected Cross-site Scripting (XSS) vulnerabilityVendor :...
View ArticleGoogle working on physical passwords
Google is testing the secure log-in mechanisms through YubiKey cryptographic USB cardGoogle is reportedly working on developing physical passwords which could be embeded in USB keys, mobile phones and...
View ArticleClik here to view.
Red October - Indicators of compromise
Since our announcement about "Red October", we've received a lot of questions on how to quickly identify compromised systems.That's why together with our partner Alienvault we've decided to put...
View ArticleThrowing Some Light on APT Hacktools
In our 2013 predictions, we noted how malware would only gradually evolve without much in the way of significant change. This can be seen in the use of some (otherwise legitimate) hacking tools in APT...
View Article[SECURITY] [DSA 2611-1] movabletype-opensource security update
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-2611-1...
View ArticleClik here to view.
[0 Day] XSS Persistent in Blogspot of Google
Hi all, I'm ANTRAX from Argentina, and I'm owner of www.underc0de.orgToday, I going to share with you an XSS in blogger. This is a verysimple, but isn´t fixed yet..This bug could be exploited by...
View ArticleClik here to view.
Nagios Enterprises Extends Product Line with Launch of Nagios Incident Manager
Nagios Enterprises is extending their product line by releasing Nagios Incident Manager (IM). Incident Manager is a lightweight ticketing and incident management system that allows internal and...
View Article