Saturday, January 30th, 2010
I just wanted to show a quick example of using Incognito to impersonate user tokens on a compromised system. You can think of tokens as a web "cookie" which is just an object that holds your security information for the entire login process so that you don't have to re-authenticate ...
Posted in Internet, Networking, Privacy, Security, Windows | 2 Comments
Sunday, January 17th, 2010
While I was updating my VMs today with the final version of BackTrack 4 I decided to jump in and take a look at the new IE 0day exploit that was added to MetaSploit a couple of days ago. It works surprisingly well. I had 100% success rate with IE6. ...
Posted in Coding, Internet, Security, Software, Windows | 1 Comment
Tuesday, December 29th, 2009
Websense Security Labs ThreatSeeker Network has detected that the Fox Sports site has been compromised and injected with malicious code. Fox Sports is a division of the Fox Broadcasting Company. It specializes in the latest sports news and world sports updates. Fox Sports has an Alexa ranking of 330.
Our research ...
Posted in Internet, Security | No Comments
Tuesday, December 29th, 2009
Microsoft has confirmed the security hole in its IIS web server, but hasn't disclosed which versions of the product are affected. According to the finder of the "semi-colon bug", versions up to and including version 6 are vulnerable. The hole allows attackers, for instance, to camouflage executable ASP files as ...
Posted in Internet, Security | 1 Comment
Tuesday, December 15th, 2009
Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs ...
Posted in Internet, Security | No Comments
