[ad] This is not the first time Apache.org has been hacked, it was comprised back in September 2009 using SSH keys. This time another targeted attack against the site was successful and allowed the attackers to capture the passwords of users logging into the bug-tracking service. It also exposed the entire password list, which sadly […]
Exploits/Vulnerabilities
Serious Java Bug Exposes Users To Code Execution
[ad] Once again a different attack vector, seems to the creative season for discovering bugs. I guess it’s partially due to the fact this time of year tends to be pretty quiet business wise so researchers have plenty of downtime to look at nifty ways to break things. This might be a tough one to […]
Mozilla Beats Apple & Microsoft to Pwn2Own Patch For Firefox
[ad] Seems like Pwn2Own is getting a reputation for uncovering some pretty nasty browser based vulnerabilities, once again this year Firefox, Safari and IE8 were all broken wide open. The latest development is Mozilla has beaten both Microsoft and Apple to the punch and released Firefox 3.6.3 patching the vulnerability. Again it was a critical […]
Website Auto-complete Leaks Data Even Over Encrypted Link
I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms […]
Vicnum – Lightweight Vulnerable Web Application
[ad] Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework […]