255434 Bullies, 4367 online  
  • Register
Our Sponsors:

Results 1 to 7 of 7
Sponsored Links Spacer Image
  1. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    7,056

    Posted On:
    4/25/2015 1:14am

    Join us... or die
     Style: BJJ, FMA, JKD, Pankration

    3
    Hell yeah! Hell no!

    Info/Op sec thread

    I have noticed enough interest on this site by a few fairly active posters so I am starting a new thread where I can drop the various articles I come across.

    The first one up

    http://www.computerworld.com/article...ampaign=buffer

    Credit card terminals have used same password since 1990s
    Not actually all that surprising I see a lot of laxed standards when I do IT work in the retail sector. In fact not that long ago I did a network fix to get a places credit cards machines working again. So I got my hands on one of these machines and got to play around with some config settings. While having that access certainly makes the machine more vulnerable to data theft, it would take a bit more effort than just getting into the settings.
    Anyways its always fun to see the lack of security consciousness a lot of device makers are.
    Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
    –George Silver, Paradoxes of Defence
  2. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    7,056

    Posted On:
    4/28/2015 9:07pm

    Join us... or die
     Style: BJJ, FMA, JKD, Pankration

    1
    Hell yeah! Hell no!
    Next up
    http://thehackernews.com/2015/04/nfc...k-android.html

    Hacker implants his hand with a NFC (Near Field Communications) chip.

    This is interesting, makes me want to watch Johnny Mnemonic.
    On the plus side it would make for an interesting sneaker net.
    People running around with solid state chips implanted in them to transfer highly sensitive data instead of over the wire.
    Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
    –George Silver, Paradoxes of Defence
  3. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    7,056

    Posted On:
    4/30/2015 2:30am

    Join us... or die
     Style: BJJ, FMA, JKD, Pankration

    --
    Hell yeah! Hell no!
    Next up
    http://fossbytes.com/how-a-hacker-ha...vulnerability/
    Hacker Hacked PayPal by Remote Code Execution Vulnerability

    This vulnerability in PayPal is detected on the Java Debug Wire Protocol (JDWP) of the web-application server. This vulnerability was detected by a security researcher Milan A Solanki. He is an independent security researcher and his discovery has been rated Critical with a CVSS count of 9.3 by Vulnerability Lab.

    Java Debug Wire Protocol is used for making a link between a Java virtual machine and a PayPal debugger. This doesn’t use any authentication and permissions, but could be exploited by hackers.

    He has reported the flaw to the PayPal team and they have fixed the flaw.


    WOW that was a pretty big over site. Surprised it wasn't picked up earlier you would think that they of all people get hit with port scanners a whole bunch which should expose the fact that they left port 8000 open much earlier.
    Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
    –George Silver, Paradoxes of Defence
  4. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    7,056

    Posted On:
    5/05/2015 2:31pm

    Join us... or die
     Style: BJJ, FMA, JKD, Pankration

    --
    Hell yeah! Hell no!
    http://www.extremetech.com/computing...br-if-detected

    WOW that is one nasty little git! Basically if it finds out it is in a VM it tries and nuke your MBR.
    Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
    –George Silver, Paradoxes of Defence
  5. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    7,056

    Posted On:
    5/05/2015 2:45pm

    Join us... or die
     Style: BJJ, FMA, JKD, Pankration

    --
    Hell yeah! Hell no!
    From InfoSec Institute


    Alerting All Skype Users - Block these IPs now. Here's how.



    Skype has discovered to be vulnerable today via redirecting to SMB from within its ads interface. This post contains a proof of concept video from the security researcher that discovered the flaw, as well as some easy steps to secure your Skype installation.

    Because Skype uses Internet Explorer to display ads, a malicious attacker can redirect you unwittingly to SMB. Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password.

    Russian security researcher Canis Majoris demonstrates this attack in the following youtube video:



    The best way to protect yourself from this vulnerability is to block ad serving from Skype ad servers. This also has the handy side effect of preventing ads in Skype, which is good to do regardless. You can block these servers by appending the following to your hosts file:

    127.0.0.1 rad.msn.com
    127.0.0.1 live.rads.msn.com
    127.0.0.1 ads1.msn.com
    127.0.0.1 static.2mdn.net
    127.0.0.1 g.msn.com
    127.0.0.1 a.ads2.msads.net
    127.0.0.1 b.ads2.msads.net
    127.0.0.1 ac3.msn.com

    If you dont know how to edit your hosts file, here are some instructions for most popular operating systems: http://www.rackspace.com/knowledge_c...-my-hosts-file
    Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
    –George Silver, Paradoxes of Defence
  6. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    7,056

    Posted On:
    5/05/2015 9:24pm

    Join us... or die
     Style: BJJ, FMA, JKD, Pankration

    --
    Hell yeah! Hell no!
    SQLassie: A database Firewall That Detects And Prevents SQL Injection Attacks At Runtime.

    http://blog.hackersonlineclub.com/20...t-detects.html

    Very nice little defense against SQL Injection!
    Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
    –George Silver, Paradoxes of Defence
  7. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    7,056

    Posted On:
    6/11/2015 1:35pm

    Join us... or die
     Style: BJJ, FMA, JKD, Pankration

    1
    Hell yeah! Hell no!
    Its been a while but this one is big
    Kaspersky lab hacked
    http://www.techworm.net/2015/06/kasp...e-network.html
    Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
    –George Silver, Paradoxes of Defence

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Powered by vBulletin™© contact@vbulletin.com vBulletin Solutions, Inc. 2011 All rights reserved.
Single Sign On provided by vBSSO