«
Expand/Collapse
108 items tagged "interface"
Related tags:
information disclosure vulnerability [+],
BackTrack [+],
script [+],
ruby [+],
forgery [+],
badass [+],
xss [+],
asterisk [+],
service daemon [+],
scheduler [+],
mandriva linux [+],
localization data [+],
arduino [+],
txt [+],
sap [+],
quot [+],
phpmyadmin [+],
manager interface [+],
manager [+],
kinect [+],
home [+],
chaos communication congress [+],
Software [+],
x cups [+],
wicd [+],
webkit [+],
user interface [+],
unspecified [+],
tokens [+],
stateless address autoconfiguration [+],
smart card readers [+],
setup [+],
security advisory [+],
router [+],
problem [+],
privacy [+],
openct [+],
navigator interface [+],
mobile interface [+],
midi [+],
method [+],
memory [+],
matrix [+],
manageability [+],
linux [+],
ive [+],
interface identifier [+],
interface design problems [+],
hacking [+],
freepbx [+],
fly by wire [+],
facebook [+],
design [+],
debutant [+],
computer [+],
command execution [+],
code [+],
classic [+],
card [+],
bernd sieker [+],
arbitrary command [+],
apple mac os x [+],
apple mac os [+],
api interface [+],
andrew [+],
administrative interface [+],
accident [+],
Related [+],
Issues [+],
Hardware [+],
Espace [+],
web [+],
zte zxdsl [+],
wrvs [+],
wiznet [+],
wireless 2200bg [+],
wifi [+],
whitepaper [+],
wes brown [+],
watering [+],
vortex [+],
visual cue [+],
virus scan [+],
virus [+],
vice [+],
user [+],
usb wireless [+],
usa [+],
universal remote control [+],
universal path [+],
type interface [+],
twsl [+],
tutorial [+],
touchscreen keyboards [+],
touch interface [+],
touch [+],
tool [+],
tone matrix [+],
tone [+],
toaster [+],
time [+],
thompson [+],
thermal printers [+],
teach [+],
tactile [+],
tablet keyboard [+],
steve [+],
someone [+],
softap [+],
simon [+],
shell commands [+],
servos [+],
service vulnerability [+],
serial communication [+],
sergio [+],
sequencer [+],
security interface [+],
security [+],
safer use [+],
rseau [+],
root shell [+],
robertson [+],
rf interface [+],
resident [+],
report style [+],
redeye [+],
recording [+],
read [+],
radiation detector [+],
programming interface [+],
programmable gate array [+],
probleme [+],
printer interface [+],
printer [+],
pre [+],
placa [+],
pjl [+],
ping statistics [+],
pin interface [+],
phone [+],
pdf [+],
pc. his [+],
password hashes [+],
password [+],
parallel ports [+],
ordinateur hp [+],
ophcrack [+],
ohmmeter [+],
nintendo ds [+],
nintendo [+],
netwaver [+],
musical [+],
music player [+],
music [+],
motorola c168i [+],
motion detection [+],
modem wireless [+],
misc [+],
mill [+],
midi synthesizer [+],
midi sequencer [+],
microsoft [+],
microcontrollers [+],
message [+],
memory trade [+],
matt evans [+],
management interface [+],
mac os x [+],
logiciel [+],
line [+],
led matrix [+],
led [+],
lancement [+],
lan [+],
keyboard shortcuts [+],
jtag [+],
jetdirect [+],
jake von slatt [+],
jake [+],
ir receiver [+],
ipv [+],
internet [+],
internal ip address [+],
interface technology [+],
interface improvements [+],
interface code [+],
integration work [+],
input matrix [+],
improvements [+],
ieee [+],
htc phone [+],
hp jetdirect [+],
hp calculators [+],
how to [+],
hola [+],
heidi [+],
hardware interface [+],
hardware hacking [+],
hardware assistance [+],
gsm [+],
gesture recognition [+],
gesture interface [+],
gerix [+],
geiger counter [+],
geiger [+],
game boy [+],
fpga [+],
forensics [+],
force reload [+],
flexible web [+],
field programmable gate array [+],
fall [+],
external memory interface [+],
exploits [+],
execution [+],
entertainment [+],
emulator [+],
elastix [+],
ds. for [+],
dotdefender [+],
domain spoofing [+],
dns [+],
dieter spaar [+],
dhcpd [+],
denial of service [+],
debug [+],
debbi [+],
dd wrt [+],
database [+],
cross platform [+],
credentials [+],
craig heffner [+],
cracking password [+],
counter [+],
couch [+],
correct ip [+],
control interface [+],
control [+],
configuration interface [+],
compaq presario [+],
compaq [+],
communication [+],
command line interface [+],
command [+],
colombia [+],
code execution [+],
cl [+],
cisco rvs [+],
cellphones [+],
cell [+],
carte [+],
carlos anzola [+],
browser interface [+],
browser [+],
bridgeport mill [+],
bridgeport [+],
brian [+],
bonjour [+],
bogot [+],
beta [+],
beef 2 [+],
atheros communications inc [+],
arbitrary code execution [+],
applicure [+],
android [+],
andrew jenner [+],
alex [+],
aachen university [+],
Tools [+],
Support [+],
Soporte [+],
Programming [+],
Newbie [+],
IPv6 [+],
French [+],
Final [+],
Community [+],
Area [+],
web interface [+],
hacks [+],
network interface [+],
network [+],
ndp [+],
logging [+],
interface events [+],
cups [+],
vulnerability [+]
-
-
![Permalink for '[Audio] "Spoilers, Reverse Green, DECEL!" or "What's it doing now?"'](/themes/lilina/web//media/mark_off.gif)
21:48
»
SecDocs
Authors:
Bernd Sieker Tags:
science Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Getting the interfaces right to computers controlling complex and dangerous machines such as commercial airliners is crucial. I will present a successful accident analysis method and talk about interface design problems, ideas for solutions, methods for understanding causal control flow. There will be some spectacular aviation accident videos and stories of bad luck, bad design, bad decisions, and a hero that managed to turn a near-catastrophe into an accident without fatalities. Getting the Interface right can be crucial. So does an understanding of the underlying logic, and knowledge of correct procedures when operating complex devices. Modern airliners are incredibly complex machines, no person can fully understand what is going on. This starts at simple things like fuel systems (e. g. the B777 has only two engines and three fuel tanks, how complicated can that be? Surprisingly so.) and goes on to autopilots, autothrottle systems, FADECs (Full Authority Digital Engine Control), Flight Management, Guidance and Envelope Computers (FMGEC), digital fly-by-wire systems, weight computations etc. Apart from the largely unsolved problems of how to create software for these systems that is demonstrably extremely reliable (in commercial aviation we're talking about probablities of dangerous failures of 1 in a billion flight hours: testing just won't do), there is the underrated question of getting the interface right. What to annunciate to the crew and when, and in which form? Some accidents and incidents are directly related to a flight crew being confused by the annunciations, or didn't know how to react properly to seemingly unrelated warnings. At other times, a pertinent and important warning is suppressed because another, ostensibly more important warning inhibited the other one. I'll be talking about some accidents that we have analysed using Why-Because-Analysis (see http://www.rvs.uni-bielefeld.de/research/WBA/) in which the interface and the automation played a role. I will also be talking about some design principles to guide interface design and interactive safety.
-
21:48
»
SecDocs
Authors:
Bernd Sieker Tags:
science Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Getting the interfaces right to computers controlling complex and dangerous machines such as commercial airliners is crucial. I will present a successful accident analysis method and talk about interface design problems, ideas for solutions, methods for understanding causal control flow. There will be some spectacular aviation accident videos and stories of bad luck, bad design, bad decisions, and a hero that managed to turn a near-catastrophe into an accident without fatalities. Getting the Interface right can be crucial. So does an understanding of the underlying logic, and knowledge of correct procedures when operating complex devices. Modern airliners are incredibly complex machines, no person can fully understand what is going on. This starts at simple things like fuel systems (e. g. the B777 has only two engines and three fuel tanks, how complicated can that be? Surprisingly so.) and goes on to autopilots, autothrottle systems, FADECs (Full Authority Digital Engine Control), Flight Management, Guidance and Envelope Computers (FMGEC), digital fly-by-wire systems, weight computations etc. Apart from the largely unsolved problems of how to create software for these systems that is demonstrably extremely reliable (in commercial aviation we're talking about probablities of dangerous failures of 1 in a billion flight hours: testing just won't do), there is the underrated question of getting the interface right. What to annunciate to the crew and when, and in which form? Some accidents and incidents are directly related to a flight crew being confused by the annunciations, or didn't know how to react properly to seemingly unrelated warnings. At other times, a pertinent and important warning is suppressed because another, ostensibly more important warning inhibited the other one. I'll be talking about some accidents that we have analysed using Why-Because-Analysis (see http://www.rvs.uni-bielefeld.de/research/WBA/) in which the interface and the automation played a role. I will also be talking about some design principles to guide interface design and interactive safety.
-
-
11:40
»
Hack a Day
This Arduino MIDI sequencer has no shortage of ways to display loop info. The screen above is a touch-sensitive interface that acts as the user input. But if this screen is not visible, you can still see which tracks have activated samples for each beat and what effects are being used. That’s thanks to the collection [...]
-
-
8:17
»
Packet Storm Security Recent Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
8:17
»
Packet Storm Security Tools
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
8:17
»
Packet Storm Security Misc. Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
-
10:01
»
Hack a Day
Upon the release of the Kinect, Microsoft showed off its golden child as the beginnings of a revolution in user interface technology. The skeleton and motion detection promised a futuristic, hand-waving “Minority Report-style” interface where your entire body controls a computer. The expectations haven’t exactly lived up reality, but [Steve], along with his coworkers at [...]
-
-
7:01
»
Hack a Day
[Andrew] recently got the authorization to install Linux on his work PC, and he was looking for a way to control his music without relying on keyboard shortcuts to do so. Additionally, he wanted an unmistakable visual cue when he received messages in Pidgin, so he decided to build an external input/notification box. The control [...]
-
-
14:31
»
Packet Storm Security Recent Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
14:31
»
Packet Storm Security Misc. Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
-
11:41
»
Hack a Day
[Fall Deaf] built an Arduino based universal remote control system. It uses a shield which has both an IR receiver and transmitter. This gives it the tools to learn codes from your existing remotes and play them back in order to control the devices. This functionality is really nothing new, but we think the user [...]
-
-
9:28
»
Packet Storm Security Recent Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
9:28
»
Packet Storm Security Tools
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
9:28
»
Packet Storm Security Misc. Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
-
16:31
»
Packet Storm Security Recent Files
This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the same manageability benefits can be achieved without sacrificing the privacy of users.
-
16:31
»
Packet Storm Security Misc. Files
This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the same manageability benefits can be achieved without sacrificing the privacy of users.
-
-
9:01
»
Hack a Day
Reading from a large number of inputs, like this piano keyboard, can be tedious. Even when multiplexing there’s a lot to keep track of. But if you choose the right microcontroller, you may have hardware assistance. Here’s an ATmega640 is using it’s external memory interface to read the key matrix. You may remember the Open [...]
-
-
7:04
»
Hack a Day
It looks like the Internet’s resident steampunker is moving up a century or two. [Jake Von Slatt] rebuilt the CNC portion of a Bridgeport Series II mill so it can interface with a computer. It’s a feat even more impressive than moving the mill into [Jake]‘s garage. The first step of the build was tearing [...]
-
-
12:57
»
Hack a Day
It’s not that touchscreen keyboards are horrible, but it’s nearly impossible to touch type on an iPad or other tablet keyboard. A team at the Media Computing Group at Aachen University figured out how to put a series of electromagnets underneath a display to provide haptic feedback for touchscreens. They showed off their tech at [...]
-
-
17:59
»
SecuriTeam
Several web interface vulnerabilities have been discovered in Cisco RVS4000/WRVS4400N that can be exploited by a remote, unauthenticated user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
4:01
»
SecDocs
Authors:
Craig Heffner Tags:
router Event:
Black Hat USA 2010 Abstract: This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections. A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR). Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.
-
-
12:01
»
Hack a Day
[Sergio] is just getting into hardware hacking. He started by getting an HD44780 compatible LCD screen running with his Arduino. To take the project to the next level, he decided to add a web interface for changing the message displayed on the LCD. He’s doing things on the cheap (a man after our own hearts), [...]
-
-
13:01
»
Hack a Day
Here’s an Android headphone add-on so clean that most people won’t know you built it yourself. [Will Robertson] was unsatisfied with the stock headphones that came with his HTC phone, but didn’t want to lose the control interface when upgrading. He built this add-on that lets him control the Android music player. He was inspired [...]
-
7:31
»
Packet Storm Security Recent Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
7:31
»
Packet Storm Security Tools
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
7:31
»
Packet Storm Security Misc. Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
-
-
21:00
»
Hack a Day
In 2009, while Microsoft was busy designing and marketing what would become the Kinect, [Carlos Anzola], an inventor, tinkerer, and self-ascribed geek from Bogotá, Colombia, had been working for years on a nearly identical gesture interface for the PC. His creation, the Human interface Electronic Device, or HiE-D – pronounced ‘Heidi’ - was capable of gesture recognition years [...]
-
-
7:32
»
Hack a Day
Hacking and digital music seem to be very much related arts. This very well built hack goes through the process of creating a MIDI synthesizer using a field programmable gate array (FPGA) and several other components. A laptop is used as the MIDI interface which runs through a filter and then to the FPGA. This [...]
-
-
0:41
»
Packet Storm Security Recent Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
-
0:41
»
Packet Storm Security Tools
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
-
0:41
»
Packet Storm Security Misc. Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
-
-
10:12
»
Hack a Day
[Arto] recently upgraded his home Internet subscription from an ADSL to VDSL, and with that change received a shiny new ZTE ZXDSL 931WII modem/wireless router. Once he had it installed, he started to go about his normal routine of changing the administrator password, setting up port forwarding, and configuring the wireless security settings…or at least [...]
-
-
11:30
»
Hack a Day
Here’s a Geiger Counter that makes itself at home inside of an old Ohmmeter (translated). [Anilandro] set out to built this radiation detector in order to learn how they work. Like other diy Geiger Counter builds we’ve seen, this project assembles a circuit to interface with a gas-filled tube which serves as the detector. [Anilandro] [...]
-
-
4:09
»
Hack a Day
This handy printer interface started out as a request on our very own forums when forum member [victorf] needed some output via thermal printers. He had scored a number of HP82240B thermal printers intended for use with HP calculators, but of course they used the somewhat arcane HP protocol first drafted in the 1960′s and [...]
-
-
12:07
»
Packet Storm Security Recent Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
-
12:07
»
Packet Storm Security Tools
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
-
12:07
»
Packet Storm Security Misc. Files
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
-
-
4:01
»
Packet Storm Security Recent Files
OpenCT implements driver and middle-ware for smart card readers. OpenCT drivers can be used via the ct-api interface, the ifdhandler interface, or its own interface/middle-ware. It implements drivers for several USB crypto tokens, USB smart card readers, serial smart card readers, and PCMCIA smart card readers.
-
4:01
»
Packet Storm Security Misc. Files
OpenCT implements driver and middle-ware for smart card readers. OpenCT drivers can be used via the ct-api interface, the ifdhandler interface, or its own interface/middle-ware. It implements drivers for several USB crypto tokens, USB smart card readers, serial smart card readers, and PCMCIA smart card readers.
-
-
10:00
»
Hack a Day
[Brian] is using an Arduino to control multiple servo motors. This is nothing new and has been happening since the earliest days of Arduino. But rather than develop a project and share it, [Brian] did a fantastic job of making the code scalable, readable, and even explained how the different parts work. His code listens [...]
-
-
12:14
»
SecuriTeam
The configuration interface for FreePBX is prone to a remote arbitrary code execution on the system recordings menu.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:00
»
Hack a Day
Here’s a watering can and water vortex that are controlled with a webkit browser interface. The interface displays a drawing of the watering can on your browser. If you grab one of the handles on the circle around the image and move it, the can will rotate as well. Okay, so this isn’t going to [...]
-
-
12:29
»
Hack a Day
[Keba] not only asked Answeres.HackaDay.com, but also sent us an email as follows. “Can you make a basic guide to designing a good Command Line User Interface?” Wouldn’t you know the luck, I’m currently working on a Command Line type interface for a project of mine. While after the jump I’ll be walking through my [...]
-
-
18:24
»
Packet Storm Security Recent Files
Onapsis Security Advisory - The SAP J2EE Engine contains a Web Services Navigator interface, which enables the interaction with the deployed Web Services in the server. This interface suffers from a Cross-Site Scripting vulnerability, which may enable malicious parties to perform different kind of attacks over SAP users.
-
18:22
»
Packet Storm Security Advisories
Onapsis Security Advisory - The SAP J2EE Engine contains a Web Services Navigator interface, which enables the interaction with the deployed Web Services in the server. This interface suffers from a Cross-Site Scripting vulnerability, which may enable malicious parties to perform different kind of attacks over SAP users.
-
-
14:00
»
Hack a Day
[Andrew Jenner] pulled off something amazing with this Physical Tone Matrix. He wanted to build a physical version of a flash applet he had seen. Two layers make up the main user interface. The top layer is a sheet of acrylic that acts as a touch interface and below there’s an LED matrix. [Andrew's] touch [...]
-
-
3:01
»
Packet Storm Security Recent Files
There are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible.
-
3:01
»
Packet Storm Security Advisories
There are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible.
-
-
19:00
»
Packet Storm Security Exploits
The Linksys WAP54Gv3 has a debug interface allowing for the execution of root privileged shell commands. Hardcoded credentials, that cannot be changed by user, can be used for accessing the debug interface.
-
9:00
»
Hack a Day
[Matt Evans] was running up against the common programming gotcha caused by disappearing parallel ports. For years he had used a JTAG parallel cable when working with FPGAs but recently realized he no longer owned any machines with that interface available. Instead of shelling out $50 for a USB programmer he a programming interface from [...]
-
-
10:00
»
Hack a Day
Within a ten-hour window [Wes Brown] threw together this toaster with a web interface for one of his classes. He sourced the WIZnet embedded webserver for the project but this could be pulled off with a homebrew webserver as well. When you point your browser to the correct address you’re greeted with images of bread [...]
-
-
17:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.
-
17:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues. Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well.
-
17:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.
-
17:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues. Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well.
-
-
11:48
»
remote-exploit & backtrack
hello guys i got a problem with gerix the first time i used it
it worked perfectly but then when i booted it again every time i open gerix
then i enable the interface and when i click to search for wifi networks it stucks
any idea????????
-
-
18:13
»
Carnal0wnage
Getting IPv6 up and running
Install the miredo package:
$ sudo apt-get install miredo
After this command, you should see an IPv6 address beginning with "2001:0:" in your network settings (use 'ifconfig'). If so, you're connected to the IPv6 world.
Remove miredo system startup links:
$ sudo update-rc.d -f miredo remove
Usage:
$ sudo /etc/init.d/miredo {start|stop|restart|reload|force-reload}
If miredo is running you should have another interface called "teredo".
You can display it with the following command:
$ ifconfig teredo
To test if you can reach the IPv6 network, try the following:
carnal0wnage ~: ping6 ipv6.google.com PING ipv6.google.com(iw-in-x63.1e100.net) 56 data bytes 64 bytes from iw-in-x63.1e100.net: icmp_seq=1 ttl=55 time=284 ms 64 bytes from iw-in-x63.1e100.net: icmp_seq=4 ttl=55 time=100 ms 64 bytes from iw-in-x63.1e100.net: icmp_seq=5 ttl=55 time=108 ms --- ipv6.google.com ping statistics --- 7 packets transmitted, 3 received, 57% packet loss, time 6000ms rtt min/avg/max/mdev = 100.005/164.009/284.016/84.920 m
carnal0wnage ~: ping6 www.ipv6.org PING www.ipv6.org(igloo.stacken.kth.se) 56 data bytes 64 bytes from igloo.stacken.kth.se: icmp_seq=1 ttl=58 time=472 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=2 ttl=58 time=156 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=3 ttl=58 time=156 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=5 ttl=58 time=156 ms 64 bytes from igloo.stacken.kth.se: icmp_seq=6 ttl=58 time=156 ms --- www.ipv6.org ping statistics --- 7 packets transmitted, 5 received, 28% packet loss, time 6000ms rtt min/avg/max/mdev = 156.009/219.212/472.027/126.408 ms
carnal0wnage ~: traceroute6 www.ipv6.org traceroute to www.ipv6.org (2001:6b0:1:ea:202:a5ff:fecd:13a6), 30 hops max, 40 byte packets 1 * * * 2 terminator.csbnet.se (2a02:9a0:0:1::193) 612.035 ms 612.035 ms 612.035 ms 3 c2sth-ge-5-0-8.sunet.se (2001:6b0:dead:beef:2::3a9) 648.037 ms 648.037 ms 648.037 ms 4 a1sth-kth.sunet.se (2001:6b0:dead:beef:2::2c6) 636.036 ms 636.036 ms 636.036 ms 5 2001:6b0:1:1d20::2 (2001:6b0:1:1d20::2) 736.042 ms 736.042 ms * 6 * 2001:6b0:1:1200::3 (2001:6b0:1:1200::3) 324.018 ms 324.018 ms 7 igloo.stacken.kth.se (2001:6b0:1:ea:202:a5ff:fecd:13a6) 160.009 ms 156.009 ms 156.009 ms
Changing teredo server:
sudo vi /etc/miredo.conf ServerAddress teredo.ipv6.microsoft.com sudo /etc/init.d/miredo restart
Windows XP
Install
Open the Terminal with Start -> Run -> cmd
netsh interface ipv6 install netsh interface ipv6 set teredo client
Uninstall
netsh interface ipv6 uninstall
Vista
Install
IPV6 and Teredo is enabled per default. You can get into the settings by going into the preferences for an network interface. "Obtain an IPv6 address automatically" should do the trick.
Uninstall
Add this registry value ("DWORD") set to 0xFF (long line, double-click, and copy):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
Or save the two lines in a .reg file and double-click it:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters] "DisabledComponents"=dword:000000ff
You can also go to the interface properties of an network interface and deselect the IPv6 protocol for that interface. To enable IPv6 again, replace dword:000000ff above with dword:00000000.
Ref:
http://pugio.net/2007/07/howto-enable-ipv6-the-teredo-w.htmlhttps://blueimp.net/linux/howto/ipv6-teredo.html
-
-
8:47
»
remote-exploit & backtrack
Hello,
Before I'm losing my mind completely, I thought I should ask you about suggestions.
I'm trying to set up an soft AP with my Alfa AWUS036H
I'll start with a short description and we will see if someone already can pinpoint the problem from there. Otherwise I'm going to be more specific:
- I put my Alfa-interace in monitor mode with airmon-ng
- I start airbase-ng on the monitor interface
- I have configured my dhcpd.conf file and told the dhcp-deamon to work on the tap interface which is newly created with command airbase
- I set the IP on the tap interface (at0) to map to the correct IP which also is specified in dhcpd.conf as router and set the mtu to 1400 and bring up the at0-interface.
- I add the correct route to the specified net with the gateway set to the same IP as I specified on at0.
- I start the dhcpd and everything seems OK.
("Wrote 0 leases to leases file")
From my other laptop I'm able to see the newly created AP and I can connect to it but I don't get an IP from dhcpd.
If I run tcpdump on at0 the only thing I see is:
"12:24.069960 TheClient'sMAC (oui Unknown) Null > Broadcast Unknown DSAP 0x08 Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 330"
What the h am I doing wrong? I am also able to see the client's request coming in:
"12:24 Client TheClient'sMAC associated (unencrypted) to ESSID: "secret"
I'm happy to give away all the conf-files and detailed descriptions, but I thought that I'll start with this light description and see if someone comes up with the solution or ideas.
Thanks / Alex
-
-
3:02
»
remote-exploit & backtrack
i have a Compaq Presario CQ6
in Backtrack 4 when i write airmon-ng i do not get an interface
is there a way to solve this problem?
if i buy usb wireless wifi would the problem be solved?
or is it possible to download a driver off the internet?
i am using a CD to start backtrack 4
please help
-
-
9:00
»
Hack a Day
Hackaday alum [Will O'Brien] has been doing some cellphone integration work. He recently picked up some Motorola c168i cellphones from eBay. It turns out there is a serial port that uses TTL communication with a standard head-phone jack as an interface. [Will] soldered up a connector and used a USB to FTDI cable to interface [...]
-
-
8:33
»
Hack a Day
[Hounjini] was poking around at the Game Boy Advanced bus of his Nintendo DS lite and figured out how to use it to connect an Arduino to the DS. For testing he’s soldered an IDC plug to the cartridge cover pin interface but this only requires four connections. The Arduino can both send and receive [...]
-
7:40
»
remote-exploit & backtrack
Bonjour à tous.
je suis nouveau sur le site donc pas tres vaillant.
pour faire court mon probleme est tout simplement que je n'arrive pas a lancer l'interface graphique de "wicd" quand je clic sur celle-ci rien ne ce passe je ne peut alors pas detecter ma box qui est a proximité.
j'ai bien éssayé les commande ifconfig iwconfig les aimon-ng et autre mais sans succé .
je remercie d'avance les spécialiste
-
5:45
»
remote-exploit & backtrack
Bonjour à tous.
je suis nouveau sur le site donc pas tres vaillant.
pour faire court mon probleme est tout simplement que je n'arrive pas a lancer l'interface graphique de "wicd" quand je clic sur celle-ci rien ne ce passe je ne peut alors pas detecter ma box qui est a proximité.
j'ai bien éssayé les commande ifconfig iwconfig les aimon-ng et autre mais sans succé .
je remercie d'avance les spécialiste.
-
-
17:00
»
remote-exploit & backtrack
hola quiero intentar ver mi placa de wireles para hacer este tutorial:
w
w
w
.
arturogoga.com/2010/01/30/hackear-contrasea-de-wifi-con-backtrack-4/
pero al hacer la funcion airmon-ng me dice interface chip etc..
y abajo no me dice el nombre de la placa no dice nada por que no me la toma??
-
-
16:49
»
remote-exploit & backtrack
bonjour
j'utilise BT4 final sur clé USB et je ne sais pas comment accéder à l'interface graphique que j'ai vue en capture...
car je ne sais pas lancer deux applications en meme temps ce qui utile parfois.
je n'ai pas partitionné ma clé usb avant d'installer BT pourrais-je quand meme créer des fichiers dessus ou non ??
MERCI!
-
-
14:29
»
remote-exploit & backtrack
hello
i have backtrack 3 and always show this error
debbi:-# airmon-ng
Interface Chipset Driver
debbi:-#
i can`t see any information if i write this command (airmon-ng)
thanks for all
-
11:09
»
remote-exploit & backtrack
Bonjour à tous.
Je ne sais pas si je suis dans la bonne section, mais bon, c'est celle qui m'a parue la plus appropriée.
Je me suis inscrit sur le forum parce qu'il s'avère que j'ai un petit problème.
Je possède 2 PC portables, et un LiveCD de BackTrack 4 Beta.
Premier PC :
- HP Pavilion dv1139ea - Windows XP/Ubuntu 8.04 en dual boot
- 512 Mo de RAM, 60 Go de disque dur (oui, c'est un vieil ordi lol)
- Carte Wifi : Intel Corporation PRO/Wireless 2200BG Network COnnection (rev 05)
Deuxième PC :
- ASUS X5DAB - Windows 7 Edition Familiale Premium
- 4 Go de RAM, 500 Go de disque dur (oui, c'est un nouvel ordi lol)
- Carte Wifi : Atheros COmmunications Inc. AR9285 Wireless Network Adapter (PCI-Express) (rev 01)
Mon problème apparaît avec le deuxième PC (ASUS).
Je m'explique :
Entrant dans une école d'ingénieur dans la Sécurité des Réseaux en septembre, je me suis mis il y a 4 mois à BackTrack, afin d'avoir quelques bases dans ce domaine. A l'époque, j'avais l'ordinateur HP. Je télécharge BT 4, le grave, et essaye de "pirater" le réseau Wifi de chez moi (Freebox). Ma carte Intel ne supportant pas l'injection, l'attaque a été longue mais s'est déroulée avec succès, et j'ai pu voir la clé WEP de mon réseau (que je connaissais déjà bien-sûr).
Bref, ayant acheté un nouvel ordinateur (ASUS) il y a 2-3 mois, j'ai voulu voir si la carte Wifi de ce dernier supportait l'injection de paquets, ce qui provoquerait une attaque plus rapide. Je lance donc le LiveCD de BT 4, me connecte en tant que root, pas de problème.
Or, en voulant démarrer l'attaque, aucune interface Wifi n'apparaît. Lorsque je tape airmon-ng, il n'y a rien en-dessous de "Interface Chipset Driver".
J'ai tapé iwconfig et j'ai eu cette réponse :
lo no wrieless extensions.
eth0 no wireless extensions.
Et c'est tout, aucune autre interface wifi n'existe pour BT. Cela devient donc très embettant car aucun test sur mon réseau ne sera possible avec mon nouvel ordinateur.
Je fais donc appel à votre aide, car malgré mes recherches qui durent depuis 1 semaine, je n'ai trouvé aucune solution.
De plus, aucune solution ayant besoin d'internet ne peut marcher, puisque comme mon interface wifi n'est pas détectée, il m'est impossible de me connecter sur le Web.
Les solutions par clés USB non plus, car lorsque j'essaye d'afficher le contenu de ma clé, j'ai un message d'erreur.
Voilà, je pense avoir tout dit, en espérant que vous pourrez m'aider.
-
-
8:06
»
Hack a Day
Before we get started, lets just point out that this C64 was broken. He did not take a functional C64 out of operation for this. What he did do, was to build a hardware interface for for his VICE system. For those unfamiliar, VICE is a cross platform C64 emulator. [Simon] points out that the [...]
