[ad] Now you think they’d know better than having Autorun enabled in the International Space Station? But no, they obviously didn’t and they got owned by some fairly innocuous thumb drive auto-spreader. It wouldn’t really be news if anyone else got infected, but come on this is supposed to the pinnacle of security or something? […]
Archives for September 2008
PorkBind v1.3 – Nameserver (DNS) Security Scanner
[ad] This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each. Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread. Changes for v1.3 Wrote in-a-bind […]
CSRF Vulnerability in Twitter Allows Forced Following
[ad] I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform, there also seems to be an auto follow vulnerability that spammers would love. Do you remember Myspace and samy with 900,000 friends? Now we have johng77536 on Twitter! Last week, TechCrunch’s Jason Kincaid […]
reDuh – TCP Redirection over HTTP
What Does reDuh Do? reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests. Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially What is it for? a) Bob.Hacker has the ability […]
Google Releases New Browser Chrome – Vulnerabilities on First Day
[ad] So as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser. It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up […]