How Attackers Use Your Metadata Against You

Saturday, February 14th, 2009

To steal your identity, a cybercriminal doesn't have to have direct access to your bank account or other personal information. Often, he collects information about you from a variety of seemingly innocuous sources, then uses that data to map out a strategy to crack your online defenses and drain your ...

BackTrack 4 Beta Released

Wednesday, February 11th, 2009

This is it!  After many months of effort from the Remote Exploit Dev team, BackTrack 4 Beta is ready and available.  I thought I'd post up some "getting started" notes, to help people out with the first surge of questions. Default password to BackTrack 4 hasn't changed, still root / toor. KDE ...

Internet Explorer executes code in pictures

Wednesday, February 11th, 2009

A feature in Internet Explorer, which checked the type of file before presenting it to the user, has been found to allow execution of JavaScript embedded in an image. The MIME sniffing functionality was originally meant to compensate for web servers sending out the wrong content type information when they ...

phpBB Downtime and Server Compromise

Tuesday, February 3rd, 2009

As you may already be aware from the message on phpBB.com or the topic in the #phpBB channel on Freenode, we have recently been attacked via a vulnerability in an outdated PHPList installation. The initial attack was performed well before a new version of the software was released or a ...

Windows RunAs Password Length Vulnerability

Monday, January 26th, 2009

The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths. A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords. An attacker requires local, ...