Cross-Site Request Forgery is a term you’ve properly heard in the context of web security or web hacking, but do you really know what it means? The OWASP definition is as follows: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re […]
It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the highest profile one being a patch for the zero-day vulnerability exploited by Duqu. The […]
It’s been a long time since we’ve heard about a problem with FreeBSD, partially because the mass of people using it isn’t that large and secondly because BSD tends to be pretty secure as operating systems go. It’s a pretty serious flaw this time with root escalation, thankfully it’s only a local exploit though and […]
Apache.org has been hacked quite a number of this times, last week it happened again and the whole infrastructure was down for a few hours while they sorted out what had happened and how to remedy it. Apparently one the remote SSH keys was compromised allowed attacked to upload code, the scary part is they […]
Ah it’s WordPress again, sometimes I wonder how many holes there are in WordPress. I guess a dedicated attacker could find some serious ones with the complexity of the code base. It’s suspected some of the recent high profile breaches have come from WordPress exploits. The latest one to become public is a simple but […]
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security. Vulnerabilities SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote […]
Tags: damn vulnerable web app, exploits, hacking-websites, lfi, mysql, PHP, php mysql, practise web hacking, rfi, vulnerabilities, vulnerable web app, vulnerable web application, Web Hacking, web-application-security, web-security
Posted in: Exploits/Vulnerabilities, Programming, Web Hacking | Add a Comment
BugSpy is an interesting web site I came across recently, put together using a Python Framework (django) it aggregates bugs from as many open source projects as it can find. Preferably critical bugs. You can search by tag (e.g java, email or php ) or by product name (e.g Ubuntu, Typo3 or Samba). http://bugspy.net/
Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues. It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one. This time it’s a zero-day just […]
To continue with some software targeted towards security and self-protection after posting about Microsoft Baseline Security Analyzer (MBSA) and Microsoft Security Assessment Tool (MSAT) we continue with one more – Secunia Personal Software Inspector. We did write about this software way back when Secunia first came out with their Secunia Software Inspector. There’s now 3 […]
Tags: computer-security, Countermeasures, data-security, desktop security, desktop vulnerability scanner, exploits, personal software inspector, personal software security, protection, psi, secunia, Security Software, vulnerabilities
Posted in: Countermeasures, Exploits/Vulnerabilities, Security Software | Add a Comment
This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not? For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s […]
Tags: asm, assembly language, developing exploit, exploit coding, exploit-development, exploits, hacking, hacking code, learn assembly, learn assembly language, pc assembly language, pen-testing, shellode, vulnerabilities, writing shellcode, x86
Posted in: Exploits/Vulnerabilities, Programming | Add a Comment
