Restraining order remains in place until Aug. 19; judge requests more info from students.

Filed under: defcon, exploit, hax, politics | No Comments »

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.
Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into [...]

Filed under: exploit, micro$oft, pwned, security | No Comments »

Las Vegas (NV) – Three MIT students probably won’t be giving their scheduled Defcon speech on getting free subway rides.  The Massachusetts Bay Transit Authority – the agency in charge of the Boston T subway – sued the trio for computer fraud and requested a temporary restraining order to prevent them from presenting the talk.
Zack [...]

Filed under: cool, defcon, exploit, hax | No Comments »

Tests conducted for the UK’s Times Online have concluded that the new high-tech e-passports being distributed around the world can be hacked and cloned within minutes. A computer researcher proved it by cloning the chips in two British passports and then implanting digital images of Osama bin Laden and a suicide bomber. Both passports passed [...]

Filed under: exploit, hax, privacy, security, ugh | No Comments »

You must be logged into Facebook to view it:
Clicky Clicky
Don’t you agree?

Filed under: exploit, lulz, offtopic | No Comments »

Here’s a quick little (albeit limited) HOW TO using the mobile Photobucket pages. If you want to see the pics in, say, “test”s album, you have to start with a filename you already know is in the album, say, pic074.jpg. The universal URL is:
http://m301.photobucket.com/albumview/albums/*/*.html?
you then insert the album username and image filename into this address [...]

Filed under: exploit, howto | 1 Comment »

Last week’s dramatic rescue of 15 hostages held by the guerrilla organization FARC was the result of months of intricate deception on the part of the Colombian government. At the center was a classic man-in-the-middle attack.
In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they’re talking to each other, and [...]

Filed under: exploit, security | No Comments »

An attack this week targeting the Metasploit Website redirected visitors to a phony page proclaiming the hack — but the hacking tool site’s servers remained intact.
HD Moore, creator of Metasploit and director of security research for BreakingPoint Systems, says the attack didn’t actually touch the Metasploit servers themselves. The attacker or attackers instead infected another [...]

Filed under: exploit, hax, security | No Comments »

More XSS (Cross-site Scripting) fun! After yesterday’s post I realized that not everyone reads hacker blogs so I feel it as my duty to post it here. Stefano Di Paola and Giorgio Fedon have found a universal XSS in PDF. RSnake found also a vulnerability on local PDF file execution. This is bad people; Every [...]

Filed under: exploit, hax, security | No Comments »

Today I was toying with Apache and made a .htaccess for all of you; that prevents most used XSS and SQL injection vectors in the request uri. It looks at the request uri and sends the malicious user to a log file which sends an e-mail to the webmaster with all his information and what [...]

Filed under: b3st pract1c3s, codemonkey, exploit, security | No Comments »

This is bad news for all eleven Safari-on-Windows users… Apple’s been making hay in its Mac vs. PC ads about Windows’ security and malware problems. But now that Apple’s playing in Microsoft’s sandbox with a Windows version of the Safari Web browser, the worm has turned.
The Windows version of Safari has a bug that’s been [...]

Filed under: apple, exploit, malware, micro$oft | 1 Comment »