Archive | Exploits/Vulnerabilities


28 December 2011 | 11,973 views

US Subway Stores POS Hacked For $3Million Dollars

Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them. The scale of this incident somehow reminds me of the whole TJ MAXX fiasco a few years back. [...]

Continue Reading


15 December 2011 | 8,078 views

No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug

It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the highest profile one being a patch for the zero-day vulnerability exploited by Duqu. The [...]

Continue Reading


09 November 2011 | 8,953 views

Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit

The latest wave in the infosec world is that Apple has banned the well known security researcher – Charlie Miller – from it’s developer program for exposing a new iOS exploit. It’s not really the smartest move as I’m pretty sure anyone as smart as Charlie Miller still has plenty of options – use another [...]

Continue Reading


03 November 2011 | 13,242 views

Rec Studio 4 – Reverse Engineering Compiler & Decompiler

REC Studio is an interactive decompiler. It reads a Windows, Linux, Mac OS X or raw executable file, and attempts to produce a C-like representation of the code and data used to build the executable file. It has been designed to read files produced for many different targets, and it has been compiled on several [...]

Continue Reading


02 November 2011 | 9,148 views

13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks

This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything. And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the fail the automated attempts) to India for a few dollars. It does [...]

Continue Reading


27 October 2011 | 11,170 views

Facebook Attachment Uploader Owned By A Space

Oh look – another vulnerability in Facebook! It wasn’t long ago we reported New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking. Well this time the private messaging function has been compromised, you can attach an executable and send it to anyone as long as you put a space after the filename. It’s not [...]

Continue Reading


24 October 2011 | 25,428 views

THC SSL DoS/DDoS Tool Released For Download

THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this [...]

Continue Reading


18 October 2011 | 21,816 views

winAUTOPWN v2.8 Released For Download – Windows Auto-Hacking Toolkit

I wanted to post this a while back, but the site (and thus the download) was down again – it seems to be a common occurrence. Someone get this guy some proper hosting! winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP [...]

Continue Reading


10 October 2011 | 16,956 views

New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking

Oh look, Facebook security (or insecurity) is in the news again – not that this technique is anything revolutionary or ground-breaking. It’s basically a HTTP referer detection system for the Facebook URL scanner (the thing that generates the preview/thumbnail etc for links posted to Facebook). By detecting it, you can feed it something benign – [...]

Continue Reading


27 September 2011 | 8,556 views

MySQL.com Compromised & Spreading Malware

The latest story doing the rounds is that MySQL.com got hacked and was serving malware which put it on the Google malware block list. It appears to be in the clear now though and it’s accessible again via Google. It seems to be a similar case with that of the recent Linux.com and Kernel.org hacks [...]

Continue Reading