Views: 16,386 Now this is a really neat bit of hardware hacking, it’s been a while since we’ve reported on any kind of ATM Skimming or ATM Hacking stories. You may remember back in November 2010 – European Banks Seeing New Wave Of ATM Skimming or way back in 2008 when Pro ATM Hacker ‘Chao’ […]
michal-zalewski
cross_fuzz – A Cross-Document DOM Binding Fuzzer
Views: 11,061 cross_fuzz is an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market – many of said bugs exploitable – and it is still finding more. The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of DOM […]
Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
Views: 10,022 First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, […]
Stompy – The Web Application Session Analyzer Tool
Views: 8,253 A new tool dealing with web sessions was recently announced, it’s called stompy, a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they’re predictable or simply vulnerable to brute-force attacks, we do have […]