Posted On:4/25/2015 1:14am
Style: BJJ, FMA, JKD, Pankration
I have noticed enough interest on this site by a few fairly active posters so I am starting a new thread where I can drop the various articles I come across.
The first one up
Credit card terminals have used same password since 1990s
Not actually all that surprising I see a lot of laxed standards when I do IT work in the retail sector. In fact not that long ago I did a network fix to get a places credit cards machines working again. So I got my hands on one of these machines and got to play around with some config settings. While having that access certainly makes the machine more vulnerable to data theft, it would take a bit more effort than just getting into the settings.
Anyways its always fun to see the lack of security consciousness a lot of device makers are.
Of the single rapier fight between valiant men, having both skill, he that is the best wrestler, or if neither of them can wrestle, the strongest man most commonly kills the other, or leaves him at his mercy.
–George Silver, Paradoxes of Defence
Posted On:4/28/2015 9:07pm
Hacker implants his hand with a NFC (Near Field Communications) chip.
This is interesting, makes me want to watch Johnny Mnemonic.
On the plus side it would make for an interesting sneaker net.
People running around with solid state chips implanted in them to transfer highly sensitive data instead of over the wire.
Posted On:4/30/2015 2:30am
Hacker Hacked PayPal by Remote Code Execution Vulnerability
This vulnerability in PayPal is detected on the Java Debug Wire Protocol (JDWP) of the web-application server. This vulnerability was detected by a security researcher Milan A Solanki. He is an independent security researcher and his discovery has been rated Critical with a CVSS count of 9.3 by Vulnerability Lab.
Java Debug Wire Protocol is used for making a link between a Java virtual machine and a PayPal debugger. This doesn’t use any authentication and permissions, but could be exploited by hackers.
He has reported the flaw to the PayPal team and they have fixed the flaw.
WOW that was a pretty big over site. Surprised it wasn't picked up earlier you would think that they of all people get hit with port scanners a whole bunch which should expose the fact that they left port 8000 open much earlier.
Posted On:5/05/2015 2:31pm
WOW that is one nasty little git! Basically if it finds out it is in a VM it tries and nuke your MBR.
Posted On:5/05/2015 2:45pm
From InfoSec Institute
Alerting All Skype Users - Block these IPs now. Here's how.
Skype has discovered to be vulnerable today via redirecting to SMB from within its ads interface. This post contains a proof of concept video from the security researcher that discovered the flaw, as well as some easy steps to secure your Skype installation.
Because Skype uses Internet Explorer to display ads, a malicious attacker can redirect you unwittingly to SMB. Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password.
Russian security researcher Canis Majoris demonstrates this attack in the following youtube video:
The best way to protect yourself from this vulnerability is to block ad serving from Skype ad servers. This also has the handy side effect of preventing ads in Skype, which is good to do regardless. You can block these servers by appending the following to your hosts file:
If you dont know how to edit your hosts file, here are some instructions for most popular operating systems: http://www.rackspace.com/knowledge_c...-my-hosts-file
Posted On:5/05/2015 9:24pm
SQLassie: A database Firewall That Detects And Prevents SQL Injection Attacks At Runtime.
Very nice little defense against SQL Injection!
Posted On:6/11/2015 1:35pm
Its been a while but this one is big
Kaspersky lab hacked
Articles and Reviews
Tools and Info