You all probably remember the big kerfuffle that occurred after RSA got hacked, it was widely assumed that the SecurID system was compromised somehow and could not be relied on. We reported about it in the article – RSA Silent About Compromise Fo…
.::anti-abuse.com::.
Security Revealed
Exploits/Vulnerabilities's archive
Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach
Posted in May 31st, 2011
by admin in Cryptography, Exploits/Vulnerabilities, homeland-security, Legal Issues, Lockheed Martin, lockheed martin compromise, lockheed martin hack, rsa, rsa securid, rsa securid breach, rsa securid hack, rss, SecurID, us military leak, us-military
Comments Off
Sony PlayStation Network (PSN) Reopens In Asia
Posted in May 27th, 2011
by admin in Exploits/Vulnerabilities, Legal Issues, rss, Sony, sony asia, sony hack, sony playstation network, sony psn, sony psn asia, sony security
Finally! My friends over in this hemisphere can finally stop whining and get back on PSN! We’ve been covering this whole Sony Hack quite extensively over the past few weeks and this should be the final part of the network coming back online. Asia…
Comments Off
Hotmail Exploit Has Been Silently Stealing E-mail
Posted in May 24th, 2011
by admin in Exploits/Vulnerabilities, hacking hotmail, hotmail, hotmail exploit, hotmail hacked, hotmail privacy, hotmail security, hotmail vulnerability, privacy, rss, trend micro, Web Hacking
We haven’t reported a whole lot about Hotmail over the years, probably because since Gmail took over – Hotmail has mostly taken a backseat. The most recent report we had was about SSL and how Hotmail Always-On Encryption Breaks Microsoft’…
Comments Off
VUPEN Whitehats Claim To Have Broken Chrome Sandbox
Posted in May 10th, 2011
by admin in chrome security, Exploits/Vulnerabilities, General Hacking, google, google chrome security, google-chrome, hacking chrome, hacking google chrome, rss, vupen, vupen security
The big news recently is that someone has finally managed to pop the formidable Chrome browser, as we know from following Pwn2Own – it’s been safe for 3 years in a row. It has a sandbox, ASLR and DEP and that’s a pretty heavy combinat…
Comments Off
sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly
Posted in May 2nd, 2011
by admin in Cryptography, dump live session keys, dump ssh keys, dump ssl keys, Exploits/Vulnerabilities, hacking openssh, hacking ssh, hacking ssl, Network Hacking, openssh, openssh security, rss, sniffing ssh, snoop ssh, snoop ssl, ssh security, ssl, ssl security
sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the…
Comments Off
Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit
Posted in April 28th, 2011
by admin in Exploits/Vulnerabilities, Legal Issues, playstation network, playstation network hack, privacy, ps3, ps3 security, psn, psn hack, qriocity, rss, Security, Sony, sony hack, sony hacked, sony playstation network, sony psn, sony security
So after our report on Monday – Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far – news had been spilling out about this whole thing pretty much non-stop. It appears the network is still down and there was some serious data …
Comments Off
BodgeIt Store – Vulnerable Web Application For Penetration Testing
Posted in April 19th, 2011
by admin in bodgeit, bodgeit store, Exploits/Vulnerabilities, insecure web app, insecure web application, learn pen testing, learn penetration testing, learn web application security testing, learn web hacking, Programming, rss, vulnerable web application, Web Hacking, web-application-security
There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web applic…
Comments Off
Adobe Patches Latest Flash Zero Day Vulnerability
Posted in April 18th, 2011
by admin in Adobe, adobe flash, adobe flash player, adobe flash security, adobe security, browser-security, Exploits/Vulnerabilities, flash, flash 0day, flash exploit, flash player 0day, flash player exploit, flash player zero day, flash vulnerability, flash zero day, General Hacking, hacking-flash, rss
There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious. They don…
Comments Off
Microsoft Unleashes Record Breaking Patch Tuesday – April 2011
Posted in April 13th, 2011
by admin in april 2011 patch tuesday, black tuesday, Countermeasures, Exploits/Vulnerabilities, microsoft, microsoft patch tuesday, microsoft patches, microsoft security, patch-tuesday, rss, Security Software, windows 0day, Windows Hacking, windows zero day, windows zeroday, windows-exploits, windows-security
We all love Patch Tuesday – no doubt about that right? Well Microsoft has blessed us this month with the biggest Patch Tuesday in the history of the program. That’s a good thing because it’s had some horribly effective vulnerabilities…
Comments Off
NASA Systems At Risk From Hacking Attacks
Posted in March 30th, 2011
by admin in Exploits/Vulnerabilities, hacking nasa networks, hacking-nasa, Legal Issues, nasa, nasa hack, nasa hacking attacks, nasa network audit, nasa network security, nasa networks, nasa security, nasa security audit, privacy, rss
It’s not surprising really, when I learned that the recently retired NASA space shuttle was still using 5.25″ floppy drives – I suspected that much of the NASA IT architecture was probably antiquated. Also the recent SCADA related sec…
Comments Off
RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken
Posted in March 25th, 2011
by admin in Cryptography, Exploits/Vulnerabilities, rsa, rsa compromise, rsa compromised, rsa hack, rsa hacked, rsa safety, rsa securid, rsa securid compromised, rsa securid hacked, rsa securid security, rsa security, rss, SecurID
About a week ago we tweeted about the “Open Letter” from RSA to customers, a rather vague letter. If you haven’t read it yet, you can do so here. To summarise, they basically said “Recently, our security systems identified an ex…
Comments Off
Exploits For Popular SCADA Programs Made Public
Posted in March 23rd, 2011
by admin in datac, Exploits/Vulnerabilities, factory software, hacking scada, Hardware Hacking, iconics, industrial control systems, rss, SCADA, scada exploits, scada hacking, scada security, scada vulnerabilities, siemens
SCADA is not something we’ve mentioned before, we have covered related areas with articles such as – Industrial Control Systems Safe? I Think Not. Plus the whole Stuxnet thing which was able to attack nuclear plants. In a way I find it iron…
Comments Off
Adobe Promises Patch For Flash 0-day Being Used In Targeted Attacks
Posted in March 15th, 2011
by admin in 0-day, 0day, Adobe, adobe flash, adobe flash security, adobe security, Exploits/Vulnerabilities, flash 0-day, flash exploit, flash security, flash vulnerability, flash zero day, General News, hacking-flash, out of band patch, rss, zero-day
With all the new vulnerabilities with working exploits pouring out of Pwn2Own, I can’t say I expected to see another 0-day in Adobe Flash outside of the contest. It wasn’t that long ago (back in October 2010) when there was another Critical…
Comments Off
Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari
Posted in March 10th, 2011
by admin in Apple, chaouki bekrar, charlie miller, Exploits/Vulnerabilities, hacking apple, hacking macbook, IE, internet explorer hack, Internet-Explorer, pwn2own, return oriented programming, rss, safari, safari-exploit, safari-security, use-after-free flaw, vulnerability, Windows Hacking
Well it’s March again and well we love March because it’s Pwn2Own time! Every year around this time we get some goodies to discuss way back since: 2008 – Mac owned on 2nd day of Pwn2Own hack contest 2009 – Charlie Miller Does It…
Comments Off
Google Removes ‘DroidDream’ Malware From Android Devices
Posted in March 7th, 2011
by admin in android, android malware, android security, dreamdroid, dreamdroid malware, droiddream, droiddream malware, Exploits/Vulnerabilities, google, google android, google android security, Linux Hacking, Malware, rss
Android must be getting popular! It’s always a test of a new platform or OS, when does it start getting serious malware targeting it? It seems like the time for Android is now, the news lately has been buzzing about the DroidDream malware that ha…
Comments Off
Microsoft Attack Surface Analyzer – Test Software Vulnerabilities
Posted in March 3rd, 2011
by admin in attack surface, attack surface analyzer, Countermeasures, Exploits/Vulnerabilities, manage attack surface, microsoft, microsoft asa, microsoft attack surface analyzer, microsoft security, risk-management, rss, security audit tool, security management, Security Software, security-audit, Windows, Windows Hacking, windows-security
Attack Surface Analyzer is developed by the Security Engineering group, building on the work of our Security Science team. It is the same tool used by Microsoft’s internal product groups to catalogue changes made to operating system attack surfac…
Comments Off
JBoss Autopwn – JSP Hacking Tool For JBoss AS Server
Posted in February 28th, 2011
by admin in Exploits/Vulnerabilities, hacking jboss, Hacking Tools, jboss, jboss autopwn, jboss exploit, jboss hacking tool, jboss security, metasploit, rss, spider labs, spiderlabs, Web Hacking, web-application-security, web-security
This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session. Features Multiplatform support – tested on Windows, Linux and Mac t…
Comments Off
Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements
Posted in February 23rd, 2011
by admin in acunetix, acunetix review, acunetix scanner review, acunetix wvs, acunetix wvs review, acusensor, AJAX-Security, blind-sql-injection, cross-site-scripting, Database Hacking, Exploits/Vulnerabilities, Hacking Tools, http fuzzer, Network Hacking, penetration-testing, rss, sql-injection, Web Hacking, web vulnerability scanner, web-application-security, wvs
We wrote our first review of Acunetix WVS 6 back in January 2009 and published an update about the release of Acunetix Web Vulnerability Scanner (WVS) 6.5 in June 2009. The team over at Acunetix have been working hard on version 7 for quite some time a…
Comments Off
Apple Adds greenpois0n Jailbreak Detection to iBooks Software
Posted in February 16th, 2011
by admin in Apple, apple ibooks, apple ios, Exploits/Vulnerabilities, General Hacking, greenpois0n, ibooks, ios, ios 4.2.1 jailbreak, ios ibooks, iphone 4 jailbreak, jail break, jailbreak, jailbreak detection, rss, untethered jailbreak
Apple has pulled out some new tricks in it’s war against the unstoppable jailbreak machine, this time leveraging on the iBooks application. It’s quite a neat implementation, it appears the new iOS update with iBooks dropped an un-signed app…
Comments Off
Canadian Dating Site PlentyofFish.com Hacked
Posted in February 7th, 2011
by admin in brian krebs, chris russo, dating site security, dating sites, Exploits/Vulnerabilities, hacking-websites, information disclosure, Legal Issues, markus frind, plenty of fish, plenty of fish security, PlentyofFish, plentyoffish.com, pof, privacy, privacy disclosure, rss, sql-injection, web hack, Web Hacking, web-application-security, web-security
Something which caused some kind of stir last week was the hacking of the Canadian dating site Plenty of Fish (sometimes known as PoF) which rose to fame on the Webmaster forums for SEO due to a picture of Markus Frind holding an Adsense cheque for $13…
Comments Off
Happy New Year Geohot – Court Orders Seizure Of PS3 Hacker’s Computers
Posted in January 28th, 2011
by admin in Cryptography, dmca, Exploits/Vulnerabilities, fail0verflow, geohot, goerge hotz, Hardware Hacking, playstation 3, playstation 3 jailbreak, ps3, ps3 jailbreak, ps3 security, rooting playstation 3, rooting ps3, rss, sony lawsuit, sony tro
We published the story about the Playstation 3 (PS3) Finally Hacked & Exploit Released back in January 2010. The exploit of course developed by the very prolific hacker and jailbreaker extraordinaire Geohot. He became notorious way back in 2007 by…
Comments Off
Inguma Is Back – The Penetration Testing & Vulnerability Research Toolkit
Posted in January 18th, 2011
by admin in Database Hacking, Exploits/Vulnerabilities, Hacking Tools, inguma, Network Hacking, pen testing tools, pen-testing, pen-testing-toolkit, penetration testing toolkit, penetration-testing, rss, vulnerability research, vulnerability testing, vulnerability-assessment
Inguma is back and being actively developed again. It’s been quite a long time, far too long in fact. We first reported about Inguma way back in 2007 and our latest mention of it was in March 2008. A new version has just been released almost 3 ye…
Comments Off
Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
Posted in January 4th, 2011
by admin in 0day, breakaaspecial, breakcircularmemoryreferences, cross_fuzz, Exploits/Vulnerabilities, IE, ie 0day, ie zero day, IE-exploit, IE-vulnerability, internet explorer 0day, internet-explorer-exploit, lcamtuf, michal-zalewski, rss, Windows Hacking, zalewski, zero-day
First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr vers…
Comments Off
IOCTL Fuzzer v1.2 – Fuzzing Tool For Windows Kernel Drivers
Posted in December 29th, 2010
by admin in Exploits/Vulnerabilities, fuzzer, fuzzer tool, fuzzing, fuzzing ioctl, fuzzing windows, fuzzing windows kernel, fuzzing-tool, ioctl, ioctl exploit, ioctl fuzzer, ioctl vulnerability, Programming, reverse-engineering, ring 0, rss, Windows Hacking, windows kernel driver fuzzing, windows kernel fuzzing tool
IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. The fuzzer’s own driver hooks NtDeviceIoControlFile in order to take control of all IOCTL requests throughou…
Comments Off
Car Immobilisers Using Weak Encryption Schemes
Posted in December 23rd, 2010
by admin in 128-bit aes, aes, car immobiliser security, car jacking, carjacking, Cryptography, Exploits/Vulnerabilities, Hardware Hacking, jacking car immobiliser signal, karsten nohl, proprietary algorithm, rss, security research labs, texas instruments, ti
Another case of a certain industry lagging behind, I mean come-on – who seriously still using proprietary cryptography algorithms in 2010? Especially only 40 or 48-bit protocols, with the processing power available on hand now and new techniques …
Comments Off
WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation
Posted in December 22nd, 2010
by admin in Exploits/Vulnerabilities, how to learn hacking, learn hacking, learn pen testing, learn vulnerability scanning, learn web hacking, penetration-testing, Programming, rss, test web application security scanner, testing vulnerability scanner, vulnerable web app, vulnerable web application, wackopicko, Web Hacking
There are various vulnerable web applications out there to hone your skills or test the latest web vulnerability scanner you downloaded, one such package would be Damn Vulnerable Web App – Learn & Practise Web Hacking. There are others such as: …
Comments Off
Honggfuzz – Simple Command Line Software Fuzzing Tool
Posted in December 16th, 2010
by admin in command line fuzzer, command line fuzzing tool, Exploits/Vulnerabilities, fuzzer, fuzzing, fuzzing-tool, hongg fuzz, honggfuzz, Programming, rss, software fuzzing, software fuzzing tool
Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes. Basically it’s a simple, eas…
Comments Off
FBI Investigating Gawker Media User Database Password Ownage
Posted in December 15th, 2010
by admin in 4chan, anonymous, Exploits/Vulnerabilities, FBI, Gawker, gawker hack, Gawker Media, gawker media hack, gawker media passwords, gawker passwords, gnosis, hacker news, Legal Issues, privacy, rss, Web Hacking, Y-Combinator
After the non-stop action with WikiLeaks last week, the big news this week is the hack carried out on Gawker Media which exposed their users e-mail addresses and passwords. More than 200,000 password hashes (very lightly encrypted with DES) and e-mail …
Comments Off
LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)
Posted in December 3rd, 2010
by admin in detect lfi, detect local file inclusion, Exploits/Vulnerabilities, find lfi, Hacking Tools, lfi, lfi map, lfi mapping, lfi scanner, local file inclusion, rss, Web Hacking, web security tools, web-application-security, web-hacking-tools, web-security
There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI). A new simp…
Comments Off
Armitage – Cyber Attack Management & GUI For Metasploit
Posted in December 1st, 2010
by admin in armitage, Exploits/Vulnerabilities, gui for metasploit, hacking tool, Hacking Tools, learn hacking, learn metasploit, learn to hacking, metasploit, metasploit cyber attack management, metasploit gui, metasploit manager, rss
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who unders…
Comments Off
Advertisments
Popular Tags
Recent Entries
- Mandriva Linux released to Community
- Infocon: green
- Mandriva Becomes A Community Distribution
- ISC StormCast for Monday, May 21st 2012 http://isc.sans.edu/podcastdetail.html?id=2548, (Mon, May 21st)
- Ubuntu more “commercial”, but always free …
- The Story Behind Payment Disruptor Stripe.com And Its Founder Patrick Collison
- Lightspark For Open Flash Inches Forward
- TC/Gadgets Webcast: Live From Disrupt NYC
- Silicon Valley Can Do Better Than Facebook
- The pi pad
Recent Comments
- Keine Kommentare vorhanden.
Social Network
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Apr | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
Subscribes
Meta
Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- August 2005
- July 2005
- June 2005
- May 2005
- January 2005
- November 2004
- October 2004
- September 2004
- October 2002
- December 2001
- January 1970
- December 1969
Also
rss
- SANS Internet Storm Center, InfoCON: green
- SANS Internet Storm Center, InfoCON: green
- (IN)SECURE Magazine Notifications RSS
- 0DayCar
- A Day in the Life of an Information Security Investigator
- Advisory Files ≈ Packet Storm
- Advisory Files ≈ Packet Storm
- All about Linux
- All about Linux
- AlterNet.org
- AlterNet.org
- Astalavista.net – Directory
- Astalavista.net – Exploits
- cmw.me blogs
- Confessions of a Penetration Tester
- Darknet – The Darkside
- Darknet – The Darkside
- Debian GNU/Linux System Administration Resources
- Debian GNU/Linux System Administration Resources
- DesktopLinux.com
- DesktopLinux.com
- Exploit Files ≈ Packet Storm
- Exploit Files ≈ Packet Storm
- F-Secure Antivirus Research Weblog
- F-Secure Antivirus Research Weblog
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Got Root Articles
- Got Root Articles
- Got Root Blogs
- Got Root Blogs
- Got Root Library and Wiki
- Got Root Library and Wiki
- Hack a Day
- Hack a Day
- HowtoForge – Linux Howtos and Tutorials –
- HowtoForge – Linux Howtos and Tutorials –
- izik
- izik
- Joomla! powered Site
- kaos.theory: fractal blog
- kaos.theory: fractal blog
- Latest Secunia Advisories
- Librenix.com | Linux Sysadmin Central
- Librenix.com | Linux Sysadmin Central
- Linux Gazette
- Linux Gazette
- Linux Journal – The Original Magazine of the Linux Community
- Linux Journal – The Original Magazine of the Linux Community
- Linux.com :: Feature
- Linux.com :: Feature
- LXer Linux News
- LXer Linux News
- milw0rm.com
- milw0rm.com
- News ≈ Packet Storm
- News ≈ Packet Storm
- nixCraft Linux Sys Admin Blog
- nixCraft Linux Sys Admin Blog
- Open Source Networking
- Open Source Networking
- Own-the.net – Web application security and SEO
- RootPrompt — Nothing but Unix
- RootPrompt — Nothing but Unix
- Rootsecure.net
- Rootsecure.net
- SecuriTeam
- SecuriTeam
- Security Tool Files ≈ Packet Storm
- Security Tool Files ≈ Packet Storm
- SecurityDocs
- SecurityDOT Articles
- SecurityDOT Articles
- SecurityDOT Exploits
- SecurityDOT Exploits
- SecurityDot News
- SecurityDot News
- SecurityDot Vulnerabilities
- SecurityDot Vulnerabilities
- SecurityFocus News
- SecurityFocus News
- SecurityFocus Vulnerabilities
- SecurityFocus Vulnerabilities
- SpiderLabs Anterior
- SpiderLabs Anterior
- Spyware Warrior
- Spyware Warrior
- TaoSecurity
- TaoSecurity
- TechCrunch
- The Ethical Hacker Network RSS News Feed
- The Ethical Hacker Network RSS News Feed
- The most recent articles from vnunet.com
- The most recent articles from vnunet.com
- US-CERT Bulletins
- US-CERT Bulletins
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Tips
- US-CERT Tips
- VulnWatch
- VulnWatch
- XSSed syndication
- XSSed syndication
- XSSed syndication
- XSSed syndication