[ad] Technika was developed for the computer security professionals to automate common exploitative task from the browser. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page just like Greasemonkey (spawn processes, unrestricted XMLHttpRequest connections and sockets). You can autorun bookmarklets and perform safe operations on the […]
Exploits/Vulnerabilities
WordPress Download Server Compromised (2.1.1) – Get 2.1.2 NOW!
[ad] Some sneaky hacker got into the WordPress download server and placed a backdoor in the latest available version (2.1.1). Luckily within a day someone reported the exploit to the WordPress team and they took the site down to investigate. This morning we received a note to our security mailing address about unusual and highly […]
Serious XSS Flaw in Google Desktop Allows Data Theft
[ad] Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs. A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application […]
Another 0-day MySpace XSS Exploit
[ad] This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought). Once again an XSS flaw shows up in MySpace. digi7al64 found yet another hole in myspace using […]
0-day Vulnerability Effects Solaris – Disable Telnet NOW!
[ad] Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994. Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS. The following will give you root on a lot of Solaris systems:
1 |
telnet -l "-froot" [hostname] |
Cool eh? The Internet Storm Center is urging system administrators to disable […]