chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes, it was announced recently at Defcon as we read over here – Marlinspike demos MS-CHAPv2 crack. The process is as follows: Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance). Use chapcrack to parse […]
Exploits/Vulnerabilities
Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking
Just a few days back we posted about Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext, and most recently it seems someone has been going after Nvidia pretty hard. They have already had a few web properties hacked including their forum, the developer zone and their research site. The latest break in the […]
Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext
There’s been a few HUGE cases of large sites being hacked and exposing either plaintext or extremely poorly encrypted passwords, it happened to LinkedIn not that long ago – and the latest case is of Yahoo!. It wasn’t the main site, but with almost half a million username and password combos exposed – it’s a […]
Windows XML Core Services Exploit Attacked In The Wild – CVE-2012-1889
Oh look, another serious flaw in Windows – and this one is really bad because it can be exploited directly in Internet Explorer. And even worse than that, this vulnerability is actually being exploited in the wild by cybercriminals – this shows it’s no longer a theoretical attack. Plus of course the fact, it’s actually […]
MySQL 1 Liner Hack Gives Root Access Without Password
The latest news that has hit the streets is the occurence of the easiest hack ever, if you have local shell access (any user privelege level) and you can connect to MySQL – you can get root access to MySQL within a few seconds. I tried this yesterday on one of my servers on Ubuntu […]