Sunday, January 4th, 2009
Efrain Torres just committed an improvement to the Metasploit source tree that allows the framework to be used as a SSL certificate scanner. This provides a simple way to identify SSL certificates in use that were signed with the MD5 algorithm and need to re-issued. To use the new module, ...
Posted in Internet, Privacy, Security | No Comments
Saturday, January 3rd, 2009
There's a scam spreading through Twitter. Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, "hey! check out this funny blog about you..." The URL in the message then redirects to a page that looks like the Twitter ...
Posted in Internet, Privacy, Security | No Comments
Saturday, January 3rd, 2009
DaiMon has once more discovered a new critical cross-site scripting vulnerability which affects the Facebook "Reset Password" page. Malicious users can inject code to phish credentials and other sensitive personal information from millions of Facebook members.
We hope that this serious flaw gets fixed quickly as is usually the case with ...
Posted in Coding, Internet, Privacy, Security | 3 Comments
Friday, January 2nd, 2009
This Firefox plugin was first created back during the Debian/OpenSSL scare about 6 months ago where the key pairs that were generated from an affected machine were easily guessable. Marton Anka created this plugin to help users find these bad certificates:
On 12/31/2008, Marton updated this plugin to detect the ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
Wednesday, December 31st, 2008
By now, most of us are aware of the potential privacy risks posed by Web cookies. But according to a new paper published by security consultancy iSec Partners, traditional browser-based cookies aren't the only technology used to store user data anymore. A number of browser plug-ins offer similar capabilities -- ...
Posted in Coding, Internet, Privacy, Security | No Comments