FBI is increasing pressure on suspects in Stuxnet inquiry
Federal investigators looking into disclosures of classified information about a cyberoperation that targeted Iran’s nuclear program have increased pressure on current and former senior government...
View ArticleEntering into Out of Memory Condition
n this blog post I'm describing an approach to force the execution flow to enter into out of memory (OOM) error conditions when the amount of memory to allocate is not controlled by the attacker as in...
View ArticleWindowsAndroid Is A Working Effort To Run Android Natively Within Windows
I have no problem admitting that I see absolutely no practical use in running Android on a desktop PC. Still, I have to give credit where credit is due – WindowsAndroid is just downright neat. In a...
View ArticleDissecting a mobile malware
The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have...
View ArticlePhpYellow Pro Edition XSS/SQLi Vulnerabilities
########################################### Exploit Title: PhpYellow Pro Edition XSS/SQL Injection Vulnerabilities# Date: 2013-1-27# Author: DaOne aka Mocking Bird# Software Link:...
View ArticlePhysical Penetration Testing Toolkit
Most penetration testing companies provide and physical penetration testing as part of their services.Some of them are taking this service more seriously than others as they are spending part of their...
View Article5 Months old XSS vulnerability in AOL and DMoz still not fixed
An Indian Security Researcher , Suriya has discovered A reflected xss vulnerability in the AOL website, an American global brand company that develops, grows, and invests in brands and web sites....
View ArticleFile Upload XSS Vulnerability in Mediafire
A Information Security Researcher , Mahadev Subedi, from coolpokharacity.com has claimed to have discovered a Persistent Cross site scripting vulnerability in the Mediafire website(mediafire.com)read...
View ArticleCoolPlayerPlusPortable 2.19.4 (M3U File) Stack Buffer Overflow
# Greeting To : r0073r / KedAns-Dz / All DZ Hackerzrequire 'msf/core'class Metasploit3 < Msf::Exploit::RemoteRank = GreatRankinginclude Msf::Exploit::FILEFORMATdef initialize(info =...
View ArticleClik here to view.
Memories of the Slammer worm - ten years later
Ten years ago to the day, we published an FAQ about a computer worm called Slammer.If you were involved in IT back in 2003, whether you had anything to do with computer security or not, I'm sure you...
View ArticleJoomla 1.5.x (Token) Remote Admin Change Password Vulnerability
#Exploit Title: Joomla 1.5.x (Token) Remote Admin Change Password Vulnerability (perl)#Date: 27/01/2013#Exploit Author: D35m0nd142#Vendor Homepage: http://www.joomla.org/#CVE: 2008-3681#Thanks to...
View ArticleWhy You Should Use a Right to Audit Clause
A Tale of Two ViewpointsWhen I was responsible for information security and privacy at a large financial and healthcare organization throughout the 1990’s I had literally hundreds of business partner...
View ArticleTrojan Horse Using Sender Policy Framework
It is important for malware authors to keep a solid network connection between their malware on compromised computers and their own servers so that the malware can receive commands and be updated....
View ArticleLate Yesterday's NIST CVE Issuance's For Vulns In The TripAdvisor app,...
Click on the underlined CVE for additional vuln specific infoCVE-2012-4917Summary: The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive...
View ArticleSelection of Future Cryptographic Standards
Abstract The Advanced Encryption Standard (AES) is extensively used and is widely believed to provide security that is more than adequate. Several other cipher designs have been proposed for use...
View ArticleWireless "Deauth" Attack using Aireplay-ng, Python, and Scapy
A couple of days ago I received my order of a nifty Alfa AWUS036H and decided it'd be a perfect time to explore a few common wireless attacks. This post will explore how to perform a common...
View ArticleSlackware security patcher (swsp)
Slackware security patcher (swsp)This is a tool to keep your Slackware Linux installation up-to-date withsecurity patches.- What? - A tool to keep your Slackware Linux installation up-to-date with...
View Articlestring decryption with dex2jar
i have been getting a lot of questions about string decryption lately, so let's talk.let's say you have an app and notice encrypted strings. strings are an easy way to get a basic idea of what code is...
View ArticleClik here to view.
PCI DSS WEBINAR "PCI Data Security Standard Implementation Challenges - An...
Join us on February 26, 2013 from 1:00 – 2:00 pm EST for a free webinar presented by Gene Geiger, A-lign DirectorGene GeigerTampa, FL (PRWEB) January 28, 2013A-lign™ will host a webinar "PCI Data...
View Article