Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them. The scale of this inciden…
.::anti-abuse.com::.
Security Revealed
Exploits/Vulnerabilities's archive
US Subway Stores POS Hacked For $3Million Dollars
Posted in December 28th, 2011
by admin in Cezar Iulian Butu, credit card hack, Exploits/Vulnerabilities, General Hacking, hack, hacking credit cards, Legal Issues, rss, stealing credit card details, subway, subway credit card fraud, subway hack, subway hacked, subway security
Comments Off
No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug
Posted in December 15th, 2011
by admin in beast, beast bug, Countermeasures, duqu, duqu bug, exploits, Exploits/Vulnerabilities, hacking microsoft, hacking-windows, Malware, microsoft, microsoft security, patch-tuesday, patches, rss, vulnerabilities, Windows Hacking, windows-security
It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the…
Comments Off
Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit
Posted in November 9th, 2011
by admin in Apple, apple-security, charlie miller, Exploits/Vulnerabilities, hacking apple, hacking ios, ios, ios code signing, ios exploit, ios flaw, ios security, ios vulnerability, Legal Issues, rss, security researcher, white hat
The latest wave in the infosec world is that Apple has banned the well known security researcher – Charlie Miller – from it’s developer program for exposing a new iOS exploit. It’s not really the smartest move as I’m prett…
Comments Off
Rec Studio 4 – Reverse Engineering Compiler & Decompiler
Posted in November 3rd, 2011
by admin in decompiler, decompiling, Exploits/Vulnerabilities, Forensics, interactive decompiler, malware analysis, Programming, REC decompiler, rec studio, Rec Studio 2, rec studio 4, reverse engineering tool, reverse-engineering, rss
REC Studio is an interactive decompiler. It reads a Windows, Linux, Mac OS X or raw executable file, and attempts to produce a C-like representation of the code and data used to build the executable file. It has been designed to read files produced for…
Comments Off
13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks
Posted in November 2nd, 2011
by admin in automated captcha cracking, captcha, captcha cracking, captcha security, cracking recaptcha, decaptcha, Exploits/Vulnerabilities, google captchac, recaptcha, recaptcha security, rss, Web Hacking, web-security
This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything. And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the …
Comments Off
Facebook Attachment Uploader Owned By A Space
Posted in October 27th, 2011
by admin in attachment parsing, Exploits/Vulnerabilities, Facebook, facebook hacking, facebook malware, facebook security, facebook virus, file attachment, file parsing, hacking-facebook, Malware, malware attachment, malware parsing, nathan power, Phishing, rss, Social Engineering, Web Hacking
Oh look – another vulnerability in Facebook! It wasn’t long ago we reported New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking. Well this time the private messaging function has been compromised, you can attach an executa…
Comments Off
THC SSL DoS/DDoS Tool Released For Download
Posted in October 24th, 2011
by admin in ddos, ddos tool, dos, dos tool, Exploits/Vulnerabilities, hacking tool, Hacking Tools, Network Hacking, network-security, rss, ssl dos attack, ssl renegotiation, ssl renegotiation bug, ssl-dos, thc, thc ddos, thc-ssl-dos, the-hackers-choice
THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it of…
Comments Off
winAUTOPWN v2.8 Released For Download – Windows Auto-Hacking Toolkit
Posted in October 18th, 2011
by admin in auto hacking, auto hacking tool, automated exploit, exploit, exploit tool, Exploits/Vulnerabilities, Hacking Tools, hacking-windows, rss, vulnerabilities, win hacking tool, winautopwn, Windows Hacking, windows-exploit
I wanted to post this a while back, but the site (and thus the download) was down again – it seems to be a common occurrence. Someone get this guy some proper hosting! winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a fr…
Comments Off
New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking
Posted in October 10th, 2011
by admin in blackhat academy, blackhat seo, cloaking urls, Exploits/Vulnerabilities, Facebook, facebook security, facebook url cloaking, facebook url scanner, hacking-facebook, link baiting, link masking, Malware, page filtering, rss, web filtering, websense
Oh look, Facebook security (or insecurity) is in the news again – not that this technique is anything revolutionary or ground-breaking. It’s basically a HTTP referer detection system for the Facebook URL scanner (the thing that generates th…
Comments Off
MySQL.com Compromised & Spreading Malware
Posted in September 27th, 2011
by admin in blackhole exploit kit, Database Hacking, Exploits/Vulnerabilities, hacking mysql, hacking mysql.com, Malware, mwjs159, mysql, mysql.com compromised, mysql.com hack, mysql.com spreading malware, mysql.com trojan, rss, sucuri security
The latest story doing the rounds is that MySQL.com got hacked and was serving malware which put it on the Google malware block list. It appears to be in the clear now though and it’s accessible again via Google. It seems to be a similar case wit…
Comments Off
Google Patches 32 Chrome Browser Bugs & Releases Version 14
Posted in September 19th, 2011
by admin in chrome, chrome bounty, chrome browser, chrome bugs, chrome exploit, chrome security, chrome v14, chrome version 15, chrome vulnerability, Countermeasures, Exploits/Vulnerabilities, google, google chrome security, google-chrome, rss
Google and their Chrome browser have really been stepping things up lately when it comes to security and browsing, we reported not along ago on Google Chrome To Protect Users Against Malicious Executables. Also since we reported on the Chrome bug bount…
Comments Off
Script Kiddies Lay Claim To NBC News Twitter Account Hack
Posted in September 13th, 2011
by admin in Exploits/Vulnerabilities, hackers, Legal Issues, NBC, nbc news, nbc news twitter account, nbc news twitter hack, nbc twitter, nbc twitter hack, privacy, rss, script kiddies, script kiddies hackers, twitter, twitter hack, twitter security
There was a bit of a buzz on the 10th anniversary of 9/11 when the NBC News Twitter account was hacking and started posting updates regarding a repeated terrorist attack against ground zero. It only lasted a few minutes but as the account has 120,000 f…
Comments Off
winAUTOPWN v2.7 Released – Windows Autohacking Tool
Posted in September 6th, 2011
by admin in auto hacking, auto hacking tool, automated exploit, exploit, exploit tool, Exploits/Vulnerabilities, Hacking Tools, hacking-windows, rss, vulnerabilities, win hacking tool, winautopwn, Windows Hacking, windows-exploit
I’ve always been skeptical about this tool, especially seen as though the first version was released on April Fools day in 2009, anyway it’s 2 years later now and it still seems to be around so I think it’s worth publishing an update….
Comments Off
Hackers Get Hold Of Wildcard Google SSL Certificate – Could Hijack Gmail Accounts
Posted in August 30th, 2011
by admin in DigiNotar, Exploits/Vulnerabilities, gmail mitm, gmail security, gmail-hacking, google, google mitm, google ssl cert, google wildcard cert, hacking-gmail, how to hack gmail, Legal Issues, man-in-the-middle, mitm, privacy, rss
One of the big discussions points this week is about a wildcard cert for Google that has leaked out from a Dutch company called DigiNotar. The certificate is good for all Google domains – it’s a *.google.com cert. This is bad news and appar…
Comments Off
Android Phones (Possibly) Hacked At Defcon On CDMA & 4G (HSPA)
Posted in August 12th, 2011
by admin in android, android security, anon, anonymous, beast, def con, def con 19, defcon, defcon 19, defcon hack, defcon phone hack, Exploits/Vulnerabilities, hacking android, LulzSec, privacy, rio, rss
It seems like some major ownage was layed down at Defcon, I was very interested by the thread coderman posted in Full Disclosure earlier: DEF CON 19 – hackers get hacked! Especially when some people did chime in with supporting opinions and agree…
Comments Off
Zero-day Vulnerability In TimThumb Image Utility Threatens Many WordPress Sites
Posted in August 3rd, 2011
by admin in Exploits/Vulnerabilities, hacking-wordpress, lfi, local file inclusion, php file upload, rss, timthumb, timthumb exploit, timthumb security, timthumb.php, Web Hacking, wordpress, wordpress 0day, wordpress zero-day, wordpress-security
This is pretty apt after we wrote about WebsiteDefender – Ensure Your Website Security on Monday, a platform for securing web applications with a focus on WordPress. Today a zero-day in a very commonly used WordPress library hit quite a few news site…
Comments Off
Facebook To Start Paying Bug Bounties
Posted in July 29th, 2011
by admin in bug bounty, Exploits/Vulnerabilities, Facebook, facebook bounty, facebook bug bounty, facebook exploit, facebook pays hackers, facebook security, facebook vulnerability, General Hacking, hacking-facebook, hacking-for-money, rss
We’ve covered various stories about companies offering hackers and security researchers bounties for giving them working exploits for their software/website etc. Early runners in the game were – Google Willing To Pay Bounty For Chrome Brows…
Comments Off
exploitdbee.py – Easily Search For Exploits In BackTrack’s Exploitdb (files.csv).
Posted in July 20th, 2011
by admin in backtrack, exploit search, exploitdb, exploitdbee, exploitdbee.py, Exploits/Vulnerabilities, Hacking Tools, python, python hacking tools, python script, rss, search backtrack exploit database, search exploits
This is a simple Python tool to help you search for exploits in the BackTrack Exploit Database. Features Search the exploitdb archive Case sensitive & insensitive Change output mode Automatically copy your exploits Requirements python (tested with…
Comments Off
Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild
Posted in July 11th, 2011
by admin in Apple, apple-security, charlie miller, exploit, Exploits/Vulnerabilities, hacking apple, hacking ipad, hacking iphone, ipad hacking, ipad jailbreak, ipad2 jailbreak, iphone jailbreak, iphone pdf, jailbreakme, pdf jailbreak, rss, vulnerability
Well everyone has been waiting for a Jailbreak for the iPad 2 with the latest version of iOS – it happened and only hours later the malformed PDF files that were used in the exploit were circulating the Internet. It’s not the first time thi…
Comments Off
Metasploitable – Test Your Metasploit Against A Vulnerable Host
Posted in June 28th, 2011
by admin in Exploits/Vulnerabilities, hacking with metasploit, metasploit, Programming, rss, test metasploit, use metasploit, vulnerable host, vulnerable vm, vulnerable vmware, vulnerable vmware image, vulnerable web application, Web Hacking
Ok so you’ve got Metasploit loaded up, you’ve read the Metasploit Tutorials & Watched the Videos – but you’ve still got no idea what to do next and don’t have anything to test against. It’s not exactly new, but …
Comments Off
Hackers Exploiting Latest Adobe Flash Bug On Large Scale
Posted in June 21st, 2011
by admin in Adobe, adobe flash, adobe flash security, adobe flash vulnerability, Exploits/Vulnerabilities, flash, flash exploit, flash patch, flash security, flash vulnerability, hacking adobe flash, hacking-flash, out of band patch, rss
It’s very out of character for Adobe – but they’ve actually released two out of band patches in the last week or so. They’ve had to patch 4 times in the past 2 months – that’s a total of 6 times in 2011 so far –…
Comments Off
IMF (International Monetary Fund) Suffer Major Breach In Sophisticated Cyberattack
Posted in June 13th, 2011
by admin in bank hack, Exploits/Vulnerabilities, General Hacking, hacking banks, hacking imf, imf, imf breach, imf hack, imf hacked, imf security breach, international monentary fund, Legal Issues, rss, world bank
Oh dear, another big organization has fallen foul to the whole RSA SecurID hack – it seems that way anyway. In combination with a Spear Phishing attack (similar to the one carried out on high level US officials via Gmail recently) hackers have bu…
Comments Off
RSA Finally Admits 40 Million SecurID Tokens Have Been Compromised
Posted in June 7th, 2011
by admin in Cryptography, Exploits/Vulnerabilities, Legal Issues, rsa, rsa hack, rsa hacked, rsa securid, rsa securid compromise, rsa securid hacked, rsa security, rss, SecurID, securid hacked, securid token, securid token compromised, securid token replacement
Well we did say assume SecurID was broken back in March when we wrote – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken. With the recent news Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach and another U…
Comments Off
Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach
Posted in May 31st, 2011
by admin in Cryptography, Exploits/Vulnerabilities, homeland-security, Legal Issues, Lockheed Martin, lockheed martin compromise, lockheed martin hack, rsa, rsa securid, rsa securid breach, rsa securid hack, rss, SecurID, us military leak, us-military
You all probably remember the big kerfuffle that occurred after RSA got hacked, it was widely assumed that the SecurID system was compromised somehow and could not be relied on. We reported about it in the article – RSA Silent About Compromise Fo…
Comments Off
Sony PlayStation Network (PSN) Reopens In Asia
Posted in May 27th, 2011
by admin in Exploits/Vulnerabilities, Legal Issues, rss, Sony, sony asia, sony hack, sony playstation network, sony psn, sony psn asia, sony security
Finally! My friends over in this hemisphere can finally stop whining and get back on PSN! We’ve been covering this whole Sony Hack quite extensively over the past few weeks and this should be the final part of the network coming back online. Asia…
Comments Off
Hotmail Exploit Has Been Silently Stealing E-mail
Posted in May 24th, 2011
by admin in Exploits/Vulnerabilities, hacking hotmail, hotmail, hotmail exploit, hotmail hacked, hotmail privacy, hotmail security, hotmail vulnerability, privacy, rss, trend micro, Web Hacking
We haven’t reported a whole lot about Hotmail over the years, probably because since Gmail took over – Hotmail has mostly taken a backseat. The most recent report we had was about SSL and how Hotmail Always-On Encryption Breaks Microsoft’…
Comments Off
VUPEN Whitehats Claim To Have Broken Chrome Sandbox
Posted in May 10th, 2011
by admin in chrome security, Exploits/Vulnerabilities, General Hacking, google, google chrome security, google-chrome, hacking chrome, hacking google chrome, rss, vupen, vupen security
The big news recently is that someone has finally managed to pop the formidable Chrome browser, as we know from following Pwn2Own – it’s been safe for 3 years in a row. It has a sandbox, ASLR and DEP and that’s a pretty heavy combinat…
Comments Off
sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly
Posted in May 2nd, 2011
by admin in Cryptography, dump live session keys, dump ssh keys, dump ssl keys, Exploits/Vulnerabilities, hacking openssh, hacking ssh, hacking ssl, Network Hacking, openssh, openssh security, rss, sniffing ssh, snoop ssh, snoop ssl, ssh security, ssl, ssl security
sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the…
Comments Off
Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit
Posted in April 28th, 2011
by admin in Exploits/Vulnerabilities, Legal Issues, playstation network, playstation network hack, privacy, ps3, ps3 security, psn, psn hack, qriocity, rss, Security, Sony, sony hack, sony hacked, sony playstation network, sony psn, sony security
So after our report on Monday – Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far – news had been spilling out about this whole thing pretty much non-stop. It appears the network is still down and there was some serious data …
Comments Off
BodgeIt Store – Vulnerable Web Application For Penetration Testing
Posted in April 19th, 2011
by admin in bodgeit, bodgeit store, Exploits/Vulnerabilities, insecure web app, insecure web application, learn pen testing, learn penetration testing, learn web application security testing, learn web hacking, Programming, rss, vulnerable web application, Web Hacking, web-application-security
There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web applic…
Comments Off
Advertisments
Popular Tags
Recent Entries
- Introducing Comice OS 4: Mac-Looking Linux
- Over 3 Years Later, "Deleted" Facebook Photos Are Still Online
- Spamvertised ‘Tax Information Needed Urgently’ Emails Lead To Malware
- ManageEngine ADManager Plus 5.2 Cross Site Scripting
- Batavi 1.1.2 SQL Injection
- Cyberoam Central Console 2.00.2 Local File Inclusion
- Rice University And OpenStax Announce First Open-Source Textbooks
- Easily Create Impressive Presentations From PDF Files Or Images
- Infocon: green
- DIY Solid State Tesla Coil
Recent Comments
- Keine Kommentare vorhanden.
Social Network
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jan | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
Subscribes
Meta
Archives
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- August 2005
- July 2005
- June 2005
- May 2005
- January 2005
- November 2004
- October 2004
- September 2004
- October 2002
- December 2001
- January 1970
- December 1969
Also
rss
- SANS Internet Storm Center, InfoCON: green
- SANS Internet Storm Center, InfoCON: green
- (IN)SECURE Magazine Notifications RSS
- 0DayCar
- A Day in the Life of an Information Security Investigator
- Advisory Files ≈ Packet Storm
- Advisory Files ≈ Packet Storm
- All about Linux
- All about Linux
- AlterNet.org
- AlterNet.org
- Astalavista.net – Directory
- Astalavista.net – Exploits
- cmw.me blogs
- Confessions of a Penetration Tester
- Darknet – The Darkside
- Darknet – The Darkside
- Debian GNU/Linux System Administration Resources
- Debian GNU/Linux System Administration Resources
- DesktopLinux.com
- DesktopLinux.com
- Exploit Files ≈ Packet Storm
- Exploit Files ≈ Packet Storm
- F-Secure Antivirus Research Weblog
- F-Secure Antivirus Research Weblog
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Got Root Articles
- Got Root Articles
- Got Root Blogs
- Got Root Blogs
- Got Root Library and Wiki
- Got Root Library and Wiki
- Hack a Day
- Hack a Day
- HowtoForge – Linux Howtos and Tutorials –
- HowtoForge – Linux Howtos and Tutorials –
- izik
- izik
- Joomla! powered Site
- kaos.theory: fractal blog
- kaos.theory: fractal blog
- Latest Secunia Advisories
- Librenix.com | Linux Sysadmin Central
- Librenix.com | Linux Sysadmin Central
- Linux Gazette
- Linux Gazette
- Linux Journal – The Original Magazine of the Linux Community
- Linux Journal – The Original Magazine of the Linux Community
- Linux.com :: Feature
- Linux.com :: Feature
- LXer Linux News
- LXer Linux News
- milw0rm.com
- milw0rm.com
- News ≈ Packet Storm
- News ≈ Packet Storm
- nixCraft Linux Sys Admin Blog
- nixCraft Linux Sys Admin Blog
- Open Source Networking
- Open Source Networking
- Own-the.net – Web application security and SEO
- RootPrompt — Nothing but Unix
- RootPrompt — Nothing but Unix
- Rootsecure.net
- Rootsecure.net
- SecuriTeam
- SecuriTeam
- Security Tool Files ≈ Packet Storm
- Security Tool Files ≈ Packet Storm
- SecurityDocs
- SecurityDOT Articles
- SecurityDOT Articles
- SecurityDOT Exploits
- SecurityDOT Exploits
- SecurityDot News
- SecurityDot News
- SecurityDot Vulnerabilities
- SecurityDot Vulnerabilities
- SecurityFocus News
- SecurityFocus News
- SecurityFocus Vulnerabilities
- SecurityFocus Vulnerabilities
- SpiderLabs Anterior
- SpiderLabs Anterior
- Spyware Warrior
- Spyware Warrior
- TaoSecurity
- TaoSecurity
- TechCrunch
- The Ethical Hacker Network RSS News Feed
- The Ethical Hacker Network RSS News Feed
- The most recent articles from vnunet.com
- The most recent articles from vnunet.com
- US-CERT Cyber Security Alerts
- US-CERT Cyber Security Alerts
- US-CERT Cyber Security Bulletins
- US-CERT Cyber Security Bulletins
- US-CERT Cyber Security Tips
- US-CERT Cyber Security Tips
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- VulnWatch
- VulnWatch
- XSSed syndication
- XSSed syndication
- XSSed syndication
- XSSed syndication