«
Expand/Collapse
558 items tagged "internet"
Related tags:
internet explorer user [+],
critical vulnerability [+],
explorer [+],
microsoft [+],
information disclosure vulnerability [+],
cyclope [+],
service vulnerability [+],
memory [+],
internet explorer versions [+],
filtering [+],
web page versions [+],
sql [+],
proof of concept [+],
object memory [+],
memory layout [+],
cms [+],
internet explorer [+],
sql injection [+],
novell groupwise internet agent [+],
novell [+],
internet explorer 8 [+],
groupwise [+],
exploits [+],
code [+],
chaos communication congress [+],
code execution [+],
vulnerability [+],
survey [+],
ssl tls [+],
ssl [+],
server capability [+],
proxy [+],
ivan ristic [+],
internet filtering [+],
internet explorer object [+],
information disclosure [+],
free error [+],
cve [+],
buffer overflow vulnerability [+],
black hat [+],
assessment methodology [+],
arbitrary code execution [+],
zero day [+],
zero [+],
zdi [+],
xss [+],
windows [+],
webapps [+],
vml [+],
trendnet [+],
spoof [+],
securview [+],
scripting [+],
sanitizing [+],
peter vreugdenhil [+],
peter [+],
null pointer [+],
new york city [+],
mountain internet [+],
mountain [+],
microsoft internet explorer 6 [+],
meta tag [+],
meta [+],
local memory [+],
leak [+],
kong [+],
kaspersky [+],
javascript event handler [+],
internet worms [+],
internet services [+],
internet creations [+],
internet censorship [+],
internet banking [+],
internet authors [+],
interface port [+],
iedvtool [+],
idefense security advisory [+],
hong [+],
gile [+],
f secure internet security [+],
f secure [+],
event [+],
day [+],
cross [+],
correct reference [+],
comodo [+],
clayrose [+],
china [+],
censorship [+],
canopus [+],
buffer overflow condition [+],
blue screen of death [+],
based buffer overflow [+],
bar [+],
banking [+],
aslr [+],
arduino [+],
activex control [+],
32b [+],
windows internet name service [+],
whitepaper [+],
web [+],
washington [+],
voting [+],
u.s. secret [+],
u.s. [+],
turkey [+],
tunisia [+],
technical infrastructures [+],
system [+],
style object [+],
state [+],
spying [+],
shift jis [+],
seda grses [+],
sap [+],
radio [+],
probes [+],
pilot project [+],
persistent [+],
nicholas merrill [+],
new [+],
mariano nunez [+],
malicious software [+],
kele [+],
jose nazario [+],
jose [+],
john doe [+],
istanbul [+],
internet voting [+],
internet video camera [+],
internet users [+],
internet transaction server [+],
internet name service [+],
internet explorer link [+],
internet cryptography [+],
internet browser [+],
intellectual property theft [+],
government [+],
g ptz [+],
future of internet [+],
future [+],
frontal attacks [+],
fbi [+],
europe [+],
egypt [+],
di croce [+],
daniel j. bernstein [+],
d.c. [+],
cyber criminals [+],
customer confidence [+],
cryptography [+],
cookie file [+],
bypassing [+],
approach [+],
anonymous [+],
america [+],
alternative [+],
ali [+],
advanced [+],
acorn [+],
access security [+],
abu dhabi [+],
absentee voters [+],
Software [+],
Hardware [+],
memory corruption [+],
safer use [+],
year in review [+],
wvc [+],
world scenarios [+],
workshop [+],
wirelessly [+],
western propaganda [+],
weigh [+],
web page internet [+],
weather station data [+],
weather [+],
vows [+],
video [+],
vgx [+],
verisign [+],
users [+],
use of internet [+],
use [+],
usb network [+],
uri handler [+],
upheaval [+],
unix [+],
understanding [+],
u.n. report [+],
twitter [+],
turning [+],
trend micro internet security [+],
trend [+],
tool [+],
tom cross [+],
time element [+],
threat [+],
tetris [+],
technical weaknesses [+],
targeted [+],
syria [+],
switch [+],
surveillance capabilities [+],
surveillance [+],
supports [+],
suite [+],
storm [+],
stop [+],
stack buffer [+],
splurges [+],
sophos [+],
software version [+],
snooping hq [+],
smile [+],
shuts [+],
service [+],
security practices [+],
security law [+],
security event [+],
security authors [+],
secure [+],
sam [+],
ryan permeh [+],
rusty nail [+],
robots [+],
robotic arm [+],
robert clark tags [+],
resident [+],
reporters without borders [+],
reporters [+],
releases [+],
regulator [+],
receiver module [+],
radio empire [+],
radio dial [+],
quantified [+],
pwn [+],
public computers [+],
ptz [+],
protected [+],
propaganda [+],
program [+],
privacy act [+],
playerpt [+],
philosophy [+],
patrick chambet [+],
paper [+],
page internet explorer [+],
option element [+],
operator [+],
open source initiative [+],
online [+],
object [+],
nsfocus [+],
news [+],
new computer [+],
neutrality [+],
network hack [+],
multitouch [+],
multiplayer functionality [+],
msie [+],
mshtml [+],
mp martijn van dam [+],
misc [+],
mirror [+],
mill [+],
microcontrollers [+],
microcontroller [+],
micro internet [+],
micro [+],
memory effects [+],
mcdonald [+],
martijn van dam [+],
major [+],
london [+],
linksys wvc200 [+],
libya [+],
lego pieces [+],
legislation [+],
layout grid [+],
law [+],
lan [+],
kindle [+],
jockey [+],
jeff thompson tags [+],
jeff thompson [+],
javascript onload [+],
jake von slatt [+],
jake [+],
isp industry [+],
iran claims [+],
iran [+],
internet watch foundation [+],
internet security suite [+],
internet security [+],
internet role [+],
internet radio [+],
internet operator [+],
internet freedom [+],
internet explorer window [+],
internet explorer code [+],
internet experts [+],
internet dns [+],
internet crimes [+],
internet crackdown [+],
internet cafe software [+],
internet bridge [+],
internet blackout [+],
internet access [+],
interface [+],
intercept [+],
information leak [+],
information [+],
india [+],
imp [+],
imagination [+],
images [+],
home [+],
holland [+],
history information [+],
hassle [+],
handhelds [+],
hand gestures [+],
hackers [+],
greek city states [+],
graphic calculator [+],
google [+],
global [+],
georgia institute of technology [+],
ftc [+],
freedom [+],
free memory [+],
fm radio receiver [+],
filter internet [+],
face [+],
explorer telnet [+],
experts [+],
exec [+],
excelangue [+],
event handlers [+],
entire world [+],
enemies [+],
electric [+],
dutch isp [+],
dumb idea [+],
drag and drop [+],
dont be [+],
domain information [+],
dom object [+],
dom modification [+],
dom editing [+],
dom [+],
digital [+],
development [+],
developer tools [+],
desk lamp [+],
denounces [+],
defends [+],
decoding [+],
declares [+],
death [+],
data security [+],
data [+],
daniel burnham [+],
dangling pointer [+],
dale coddington [+],
custom internet [+],
crackdown [+],
corporate networks [+],
control [+],
computer study [+],
computer [+],
coalesce [+],
cloud [+],
claims [+],
civil liberties groups [+],
civil [+],
cisco wireless [+],
cisco linksys [+],
chunk [+],
christopher mitchell [+],
chris [+],
china orders [+],
child abusers [+],
cameras [+],
camera [+],
calcnet [+],
cafe [+],
building [+],
bugtraq [+],
bruce schneier [+],
bruce [+],
broadband internet service [+],
bridgeport mill [+],
bridgeport [+],
borders [+],
avast [+],
authors [+],
attackers [+],
attack patterns [+],
antamedia [+],
ancient greek city [+],
analyzation [+],
amazon kindle [+],
amazon [+],
ahnlab [+],
adam obeng [+],
access [+],
ARM [+],
10m [+],
network [+],
tor [+],
virtual tunnels [+],
tor virtual [+],
security [+],
privacy [+],
local internet service providers [+],
instant messaging services [+],
denial of service [+],
vulnerability research [+],
usa [+],
hacks [+],
youtube,
year,
xbox 360,
x exploits,
wiretap laws,
wiretap,
winhlp32,
winhlp,
will,
wikipedia,
wifi,
what is net neutrality,
wep keys,
webserver setup,
webserver,
web server directory,
way,
warning,
war,
vulnerable version,
vulnerabilities,
vulnerabilidad,
vpn,
vmware workstation,
vmware tools,
vmware,
virtual private network,
virtual box,
video computer,
verizon,
vbdevkit,
using internet,
usb,
urlmon,
url validation,
url,
uri validation,
uri,
unprecedented losses,
universal service fund,
uninitialized,
txt,
trip,
traffic prioritization,
tinc,
time2,
thomas pototschnig,
test sequences,
targets,
target network,
target code,
tar gz,
table layout,
table element,
table chess,
table,
stack overflow,
spam,
something simple,
social engineer,
slides,
signup wizard,
side,
shut,
shockwave flash object,
setup web,
setup,
security version,
security technologies,
secure private network,
secunia,
scratch,
scanning,
satellite,
sat,
san francisco,
safety,
safe,
safari,
s system,
rob carter tags,
rob carter,
reveal,
retired,
researchers,
researcher,
research internet,
research,
remote exploit,
remote buffer overflow,
remote,
relax,
redes de internet,
rebuilt,
real time communications,
read,
rare occurrence,
quot,
question,
proxy software,
protocol igmp,
protocol handler,
problem,
private network,
privacy event,
privacy bill,
pre,
pool overflow,
policy,
pointer,
poc,
player,
peripherals,
per,
pdf,
payload,
pass,
p.s. vboxguestadditions,
opera browsers,
object tag,
numitron,
novell netware,
nokia internet,
nokia,
nmap,
nico waisman,
networked clusters,
net neutrality legislation,
net neutrality,
net,
neighborhood cable,
needs,
nathan mcfeters,
nat,
music,
multitudinous,
ms10,
ms internet explorer 6,
ms internet,
mood,
monitoring,
module,
modem,
mini pci card,
microsoft internet connection,
microsoft corp,
microsoft clip organizer,
microcontroller project,
mhtml,
metasploit,
meps,
memory pool,
medina tags,
maurizio,
masses,
marvin ammori,
manager module,
manager,
malware,
malicious code,
luis alvarez,
lucky day,
long trip,
local,
legal,
laws,
kernel mode,
kernel,
julius genachowski,
jorge luis alvarez,
john heasman,
isp,
iso,
inventor tv,
inventor,
internet wiretap,
internet wireless,
internet surveillance systems,
internet signal,
internet search,
internet satellite,
internet safety,
internet radio player,
internet question,
internet privacy laws,
internet privacy,
internet opponent,
internet music,
internet group management protocol,
internet group management,
internet government,
internet fraud,
internet file sharing,
internet explorer problems,
internet explorer frame,
internet explorer browser,
internet explorer 7,
internet explorer 6 sp2,
internet explorer 5,
internet controls,
internet connection wizard,
internet communication,
internet censorship law,
internet cafes,
internet cafe,
international internet,
international,
internal antenna,
infrared remote control,
informtico,
independent inventor,
img tag,
hxxp,
html time,
html object,
html element,
how,
hollywood,
hijacking,
hijack,
high profile companies,
hhd,
hey,
heart of the matter,
hdtvs,
harrison pham,
hacker,
group,
fyodor tags,
fyodor,
fundamental right,
fundamental,
fraud,
flaw,
firefox,
finished board,
file,
features of internet explorer,
fcc website,
fcc enforcement,
farfisa organ,
external antenna,
explotando,
explorer 6 internet,
explorer 6 0,
exploiting,
exploit,
exact model,
ethernet,
escalation,
epidemic proportions,
entertainment,
element code,
eduardo vela,
ease,
e.u. pushes,
e. street,
dynamic,
download,
dos vulnerability,
dos,
domain registrars,
dll windows,
dll,
disruptions,
directory traversal vulnerability,
differential treatment,
dhcp,
dhclient,
denial,
default gateway,
david lindsay,
david barton,
datacredito,
darknet,
cybraphon,
cyber attacks,
css,
criticises,
crimen,
crash,
core,
controversial internet,
controversial,
contests,
content,
consumer,
connection wizard,
connection,
connect,
condemns,
communication settings,
communication,
command execution,
command,
code internet,
clinton urges,
client,
classic,
cisco security advisory,
cisco security,
cisco ios,
cigar boxes,
christiane ruetten,
chrater,
chess table,
chess,
chavez,
cellphones,
cds,
causes,
cat5 cables,
card,
cafes,
cable tv service,
bypass,
bt4,
browser,
bridge connection,
border property,
bof,
block,
bill,
beta,
background job,
avg,
aussies,
aurora,
audio,
antique wardrobe,
anti virus,
antenna,
animation behaviors,
andrew fried,
agent request,
advisory,
adduser,
address,
active x control,
active x,
accelerator,
Wireless,
Videos,
Support,
Pentesting,
Newbie,
Issues,
Howto,
General,
Final,
FCC,
Discussion,
Discusion,
BackTrack,
Area
-
-
12:01
»
Hack a Day
If you’re planning a build that communicates wirelessly to that ‘Internet of things’ we’ve been hearing about, you might want to check out the Electric Imp. This tiny little card connects your project to the Internet without all the hassle of configuring an embedded wireless device. Inside the Electric Imp is a good bit of [...]
-
-
21:50
»
SecDocs
Authors:
Adam Obeng Tags:
Tor privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The Internet began as state-sponsored anarchy, but it is now the tool of first resort for dissidents and propagandists alike. The poster-child project of the Free Software Movement runs on the authority of a single person; the rest clash over the very definition of the word 'free'. A company which pictured itself as smashing Big Brother is now seen as one of the perceived secretive and authoritarian in the industry; and for another, 'Don't Be Evil' is proving to be a challenging motto to live by. This talk aims to present a view of the societies of Internet from the perspective of political philosophy. Political philosophy is not politics, in the same way that computer science is not programming. It's not the politics about the Internet, but the politics *of* the Internet. Even so, events at any particular place or time just provide examples to be studied. Political philosophy is meta-politics, it's about the trends in politics and the theories we use to understand them. Real-world political systems have striking parallels in the evolution of the Internet: there was primitive anarchy before Eternal September, the era of walled gardens resembled that of Ancient Greek city-states, which were succeeded by more-or-less liberal regimes following the geographical territories of real-world governments. Because of its rapid evolution, mass participation, and highly complex human interaction, the Internet should be subjected to the sorts of questions that political philosophers ask. On the Internet, what is freedom? Do we have obligations to those in control? To each other? What rights do we have? What can we own? Once we know the way it is, we can ask how it should be...
-
-
6:01
»
Hack a Day
Because reaching over a few feet to turn off a switch is too much to bear for [Bruce], he connected his desk lamp to the Internet. It’s a pretty cool build that’s the perfect tutorial for connecting just about anything to the internet. For his build, [Bruce] used an Arduino with a relay attached to [...]
-
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
-
21:38
»
SecDocs
Authors:
Daniel J. Bernstein Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Are you writing a program that sends data through the Internet? Are you sending the data through HTTP, or SMTP, or simply TCP, leaving it vulnerable to espionage, corruption, and sabotage by anyone who owns a machine connected to the same network? You can use SSH and IPsec to protect communication with your own machines, but how do you talk to the rest of the Internet? You can use TCPcrypt to protect yourself against attackers too lazy to forge packets, but how do you protect yourself against serious attackers? You can use HTTPS for low-frequency communication, but how do you handle heavy network traffic, and how do you protect yourself against the security flaws in HTTPS? Today's Internet cryptography is slow, untrustworthy, hard to use, and remarkably unsuccessful as a competitor to good old unprotected TCP. This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show that the approach is extremely fast when it is done right.
-
21:38
»
SecDocs
Authors:
Daniel J. Bernstein Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Are you writing a program that sends data through the Internet? Are you sending the data through HTTP, or SMTP, or simply TCP, leaving it vulnerable to espionage, corruption, and sabotage by anyone who owns a machine connected to the same network? You can use SSH and IPsec to protect communication with your own machines, but how do you talk to the rest of the Internet? You can use TCPcrypt to protect yourself against attackers too lazy to forge packets, but how do you protect yourself against serious attackers? You can use HTTPS for low-frequency communication, but how do you handle heavy network traffic, and how do you protect yourself against the security flaws in HTTPS? Today's Internet cryptography is slow, untrustworthy, hard to use, and remarkably unsuccessful as a competitor to good old unprotected TCP. This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show that the approach is extremely fast when it is done right.
-
-
9:43
»
Packet Storm Security Advisories
Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
-
9:43
»
Packet Storm Security Recent Files
Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
-
9:43
»
Packet Storm Security Misc. Files
Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
-
-
15:50
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
-
15:50
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
-
15:50
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
-
-
18:03
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
18:03
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
18:03
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
-
20:59
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
20:59
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
20:59
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
-
21:42
»
SecDocs
Tags:
privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. Ali Rıza Keleş* arkeles@alternatifbilisim.org Ayşe Kaymak aysakaymak@gmail.com Işık Barış Fidaner fidaner@gmail.com Seda Gürses sguerses@esat.kuleuven.be We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. A short history Despite its growing economy, democracy and fundamental rights have always been disputed in Turkey, where the shadow of the 1980 coup and still unresolved Kurdish problem is strongly felt, with the state persistently denying Kurdish citizens’ rights and repressing real political opposition to canalize the people’s consent to the authorized ‘official’ parties in the parliament. The coup in 1980 was mainly used to implement liberal policies, and this process is near completion: most state enterprises have been privatized in the last decade, including Türk Telekom, the phone company and the single ISP that owns the ADSL infrastructure in Turkey. In the same decade, the Internet use became widespread. Yet, the increasing popularity of the Internet has been accompanied by attempts to control it through criminal sanctions. Until 2007, tens of thousands of websites had been blocked by courts as ‘precaution’, including sites like Wordpress and YouTube. After the Law 5651 in 2007, even more websites were censored directly by government administration. As a response to this law, Sansüre Karşı Platform (Platform Against Censorship) was organized. In the first anti-censorship rally in 17 July 2010, nearly 3000 people participated, including Internet youth, political parties, trade unions, etc. Not long after the events in Tunisia and Egypt; the state institution for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK) made a decision to force ISPs to provide unpaid Internet filters under the headings 'children', 'family' etc. This move created an enormous reaction, the culmination of which led to a nationwide Internet freedom rally in 15 May 2011 that took place in tens of cities. Alone in Istanbul 60 thousand people marched against the imposed censorship measures. What followed was a smearing campaign by controlled media (including state TV) against the protesters, and a pseudo-governance meeting with NGOs by BTK. After the general elections in June, the war with PKK escalated, suppressing the BTK decision out of media attention. Currently, DNS or IP blocking is used mostly for 'obscene' and in some cases for political websites. National security has always functioned as an excuse for the Turkish state to introduce exceptions to a rule or to make the exception the rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National Crypto By-law) that was put in order in 2010. This by-law necessitates ‘official authorization’ for any encrypted communication by any citizen, and also requires the citizens to give away their encryption mechanisms and private keys to BTK for ‘storage’. In conclusion, we have reasons to believe that the government is currently developing infrastructure to utilize methods like deep packet inspection (DPI) as weapons in a 'cyberwar', possibly against its own people. These methods will include monitoring and labeling of Internet users as well as blocking communication. We made use of our 'right to information' to inquire about the plans for employing DPI, but were ‘informed’ that this is 'beyond the limits our right to information'. Problems in using laws & technology against state control The greatest problems with respect to guaranteeing fundamental rights in technology deployment and use currently are with how laws are made and how they are enforced. The lawmaking process is exclusionist, only including a few NGOs that can better be called QUANGOs (quasi-autonomous non-governmental organizations). There are several political parties and trade unions, but even their peaceful protests are occasionally declared ‘unauthorized’ and considered illegal. People in general do not trust the judiciary system, but are simply unorganized and do not believe in their power. The regime bases its legitimacy on ideology and not on lawful justice. Türk Telekom (TT), privatized in 2005, monopolizes the ADSL infrastructure, making Internet services expensive and prone to state control. In 2007, a workers' strike in TT had triggered debates on this monopoly being protected by the government. The company also acts as a service provider in several domains, creating questions about net neutrality. Another problem is with the limitation of how people can relate to technology. Computers, cellphones and other gadgets are aggressively marketed and widely used throughout the country, but the marketed forms of use mostly remain superficial, e.g., these gadgets are depicted as entertainment or as status symbols. We argue that the hegemony of these consumerist cultural connotations do hamper diverse uses of these products for a variety of motivations. A small community of Linux promoters have emerged around universities. These groups could promote alternative approaches to technology. However, under the usual political fears, they only articulate their positions professionally. Their statements usually target Microsoft or other big proprietary software companies. This position is compatible with the officially accepted national pride and national security positions in Turkey, and hence is limited to politics of technology only (see Pardus project). Leftist and Kurdish political organizations are in a position to benefit most from digital communication technologies. However, they still lack the capacity and enthusiasm to use it effectively. Alternative political media initiatives online exist, but they are mostly limited to standard uses and their technical quality reflect the lack of developers in the political community. In Turkey, engineering education is praised and supported by families. Families make up for the lack of a financially strong social system. The society in general also praises technical knowledge. However, a strong barrier separates the 'educated people' who are supposed to know it, from 'regular people' who are only supposed to consume it. Under economic pressure and feeling indebted to their families, most white collar workers dedicate themselves to their work in private companies. There is some space in some universities for shared work and creativity, but such spaces are getting smaller as most universities are being turned into technical schools. Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet researcher from Brussels. ** Alternatif Bilişim is a social network that includes users, developers and researchers of digital technologies, studying and practicing alternative uses of technology. Ultimately, our objective is to diminish the alienation of people to technical knowledge.
-
-
21:55
»
SecDocs
Tags:
privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. Ali Rıza Keleş* arkeles@alternatifbilisim.org Ayşe Kaymak aysakaymak@gmail.com Işık Barış Fidaner fidaner@gmail.com Seda Gürses sguerses@esat.kuleuven.be We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. A short history Despite its growing economy, democracy and fundamental rights have always been disputed in Turkey, where the shadow of the 1980 coup and still unresolved Kurdish problem is strongly felt, with the state persistently denying Kurdish citizens’ rights and repressing real political opposition to canalize the people’s consent to the authorized ‘official’ parties in the parliament. The coup in 1980 was mainly used to implement liberal policies, and this process is near completion: most state enterprises have been privatized in the last decade, including Türk Telekom, the phone company and the single ISP that owns the ADSL infrastructure in Turkey. In the same decade, the Internet use became widespread. Yet, the increasing popularity of the Internet has been accompanied by attempts to control it through criminal sanctions. Until 2007, tens of thousands of websites had been blocked by courts as ‘precaution’, including sites like Wordpress and YouTube. After the Law 5651 in 2007, even more websites were censored directly by government administration. As a response to this law, Sansüre Karşı Platform (Platform Against Censorship) was organized. In the first anti-censorship rally in 17 July 2010, nearly 3000 people participated, including Internet youth, political parties, trade unions, etc. Not long after the events in Tunisia and Egypt; the state institution for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK) made a decision to force ISPs to provide unpaid Internet filters under the headings 'children', 'family' etc. This move created an enormous reaction, the culmination of which led to a nationwide Internet freedom rally in 15 May 2011 that took place in tens of cities. Alone in Istanbul 60 thousand people marched against the imposed censorship measures. What followed was a smearing campaign by controlled media (including state TV) against the protesters, and a pseudo-governance meeting with NGOs by BTK. After the general elections in June, the war with PKK escalated, suppressing the BTK decision out of media attention. Currently, DNS or IP blocking is used mostly for 'obscene' and in some cases for political websites. National security has always functioned as an excuse for the Turkish state to introduce exceptions to a rule or to make the exception the rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National Crypto By-law) that was put in order in 2010. This by-law necessitates ‘official authorization’ for any encrypted communication by any citizen, and also requires the citizens to give away their encryption mechanisms and private keys to BTK for ‘storage’. In conclusion, we have reasons to believe that the government is currently developing infrastructure to utilize methods like deep packet inspection (DPI) as weapons in a 'cyberwar', possibly against its own people. These methods will include monitoring and labeling of Internet users as well as blocking communication. We made use of our 'right to information' to inquire about the plans for employing DPI, but were ‘informed’ that this is 'beyond the limits our right to information'. Problems in using laws & technology against state control The greatest problems with respect to guaranteeing fundamental rights in technology deployment and use currently are with how laws are made and how they are enforced. The lawmaking process is exclusionist, only including a few NGOs that can better be called QUANGOs (quasi-autonomous non-governmental organizations). There are several political parties and trade unions, but even their peaceful protests are occasionally declared ‘unauthorized’ and considered illegal. People in general do not trust the judiciary system, but are simply unorganized and do not believe in their power. The regime bases its legitimacy on ideology and not on lawful justice. Türk Telekom (TT), privatized in 2005, monopolizes the ADSL infrastructure, making Internet services expensive and prone to state control. In 2007, a workers' strike in TT had triggered debates on this monopoly being protected by the government. The company also acts as a service provider in several domains, creating questions about net neutrality. Another problem is with the limitation of how people can relate to technology. Computers, cellphones and other gadgets are aggressively marketed and widely used throughout the country, but the marketed forms of use mostly remain superficial, e.g., these gadgets are depicted as entertainment or as status symbols. We argue that the hegemony of these consumerist cultural connotations do hamper diverse uses of these products for a variety of motivations. A small community of Linux promoters have emerged around universities. These groups could promote alternative approaches to technology. However, under the usual political fears, they only articulate their positions professionally. Their statements usually target Microsoft or other big proprietary software companies. This position is compatible with the officially accepted national pride and national security positions in Turkey, and hence is limited to politics of technology only (see Pardus project). Leftist and Kurdish political organizations are in a position to benefit most from digital communication technologies. However, they still lack the capacity and enthusiasm to use it effectively. Alternative political media initiatives online exist, but they are mostly limited to standard uses and their technical quality reflect the lack of developers in the political community. In Turkey, engineering education is praised and supported by families. Families make up for the lack of a financially strong social system. The society in general also praises technical knowledge. However, a strong barrier separates the 'educated people' who are supposed to know it, from 'regular people' who are only supposed to consume it. Under economic pressure and feeling indebted to their families, most white collar workers dedicate themselves to their work in private companies. There is some space in some universities for shared work and creativity, but such spaces are getting smaller as most universities are being turned into technical schools. Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet researcher from Brussels. ** Alternatif Bilişim is a social network that includes users, developers and researchers of digital technologies, studying and practicing alternative uses of technology. Ultimately, our objective is to diminish the alienation of people to technical knowledge.
-
-
9:10
»
Packet Storm Security Recent Files
Whitepaper called Attacking the Washington, D.C. Internet Voting System. In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. The authors of this paper participated in a challenge to break the security of the system and in doing so, elected Bender from Futurama to the school board.
-
9:10
»
Packet Storm Security Misc. Files
Whitepaper called Attacking the Washington, D.C. Internet Voting System. In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. The authors of this paper participated in a challenge to break the security of the system and in doing so, elected Bender from Futurama to the school board.
-
-
13:01
»
Hack a Day
If you ever wanted your name out on the Internet, now is your time to shine. [Chris] hooked up an Arduino to the Internet and is streaming the results of combing through Twitter live to the entire world. The SocialBot9000, as [Chris] calls his build, is an Arduino Uno connected to an Ethernet shield and an LCD [...]
-
11:01
»
Hack a Day
[Excelangue] just posted a guide to using the free 3G connection in your Amazon Kindle to browse the Internet on your computer. The hack requires a Kindle Keyboard 3G and the free worldwide Internet access that comes along with the purchase price. After jailbreaking the Kindle and applying a USB network hack, [Excelangue] managed to connect his laptop [...]
-
-
11:36
»
Hack a Day
If you’ve ever wanted to program a microcontroller “in the cloud,” you might want to head over to Inventor Town, an online IDE that allows you to write and compile firmware for the MSP430 series of microcontrollers. After logging in with your Google account, you’re presented with a ‘My Projects’ page. From there, you can [...]
-
-
4:44
»
Hack a Day
It doesn’t take much imagination at all to see what a horrible effect this censorship could have on sites like Hackaday. Please do your part to stop internet censorship. Imagine how many companies would rather us not share with you how our brilliant readers have hacked their hardware to do bigger and better things than [...]
-
-
17:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:09
»
SecuriTeam
This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:42
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
13:42
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
13:42
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
11:16
»
Hack a Day
This mirror has a large monitor behind it which can be operated using hand gestures. It’s the result of a team effort from [Daniel Burnham], [Anuj Patel], and [Sam Bell] to build a web-enabled mirror for their ECE 4180 class at the Georgia Institute of Technology. So far they’ve implemented four widget for the system. You [...]
-
-
12:01
»
Hack a Day
Here’s a project that looks to eliminate the PC necessary for pushing weather station data to the Internet. When you think about it, getting data from your own weather sensing hardware to a site like Weather Underground doesn’t require very much processing at all. The largest chunk of the puzzle is a window to the [...]
-
-
9:06
»
Hack a Day
The guys over at Rusty Nail Workshop have put up an Internet controlled robotic arm for your amusement. While you’re waiting for the turkey to be done (or, you know, working), try your hand at moving some LEGO pieces around with a remote-controlled robotic arm. The build log goes through the parts needed for the [...]
-
-
7:04
»
Hack a Day
It looks like the Internet’s resident steampunker is moving up a century or two. [Jake Von Slatt] rebuilt the CNC portion of a Bridgeport Series II mill so it can interface with a computer. It’s a feat even more impressive than moving the mill into [Jake]‘s garage. The first step of the build was tearing [...]
-
-
9:01
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
9:01
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
9:01
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
15:32
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing the "X-UA-COMPATIBLE" keyword of a "META" tag, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
15:32
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing the "X-UA-COMPATIBLE" keyword of a "META" tag, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
15:32
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing the "X-UA-COMPATIBLE" keyword of a "META" tag, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
18:56
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:19
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:52
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.
-
16:52
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.
-
16:52
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.
-
-
22:21
»
Packet Storm Security Advisories
Two code execution vulnerabilities have been discovered in Internet Explorer. One vulnerability is caused by incorrectly validating integer parameter passed to the 'add' method of the Select HTML element. Another vulnerability is caused by a use-after-free bug triggered by accessing a previously deleted Option element.
-
-
20:09
»
Packet Storm Security Advisories
iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
-
20:09
»
Packet Storm Security Recent Files
iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
-
20:09
»
Packet Storm Security Misc. Files
iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:06
»
Packet Storm Security Recent Files
Malicious software also known as "Malcode" or "Malware" can compromise the security and functionality of a program. Once "installed" it monitors the user’s habits. This documents introduces this kind of threats by spying a widespread internet browser.
-
9:06
»
Packet Storm Security Misc. Files
Malicious software also known as "Malcode" or "Malware" can compromise the security and functionality of a program. Once "installed" it monitors the user’s habits. This documents introduces this kind of threats by spying a widespread internet browser.
-
9:00
»
Packet Storm Security Recent Files
Nowadays, there is a renewed interest in server-side attacks for hackers. According to SANS, attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. Victims may be the website owners (e.g. intellectual property theft or loss of customer confidence), their clients (e.g. bank transfer fraud or identity theft) as well as any Internet user, since web application vulnerabilities are now widely exploited to convert trusted websites into malicious ones, thus serving client-side exploits contents to Internet users. This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone in many international organizations.
-
9:00
»
Packet Storm Security Misc. Files
Nowadays, there is a renewed interest in server-side attacks for hackers. According to SANS, attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. Victims may be the website owners (e.g. intellectual property theft or loss of customer confidence), their clients (e.g. bank transfer fraud or identity theft) as well as any Internet user, since web application vulnerabilities are now widely exploited to convert trusted websites into malicious ones, thus serving client-side exploits contents to Internet users. This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone in many international organizations.
-
-
13:59
»
SecuriTeam
This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
6:55
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.
-
6:55
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.
-
6:55
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.
-
-
7:01
»
Hack a Day
[Old bit collector] is giving up control of his radio dial to the Internet. He combined a couple of Parallax products which now allow him to tune, adjust volume, and toggle the power for an FM radio receiver. The setup is pretty simple. An FM receiver module is mounted in the breadboard seen above which [...]
-
-
11:46
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat USA 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
11:45
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat USA 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
-
23:41
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
23:41
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
23:41
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
23:41
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
-
19:04
»
SecuriTeam
Internet Explorer 9 has a security system with well known shortfalls, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks. This paper covers three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
4:57
»
SecDocs
Authors:
Tom Cross Tags:
sniffer Event:
Black Hat USA 2010 Abstract: For many years people have been debating whether or not surveillance capabilities should be built into the Internet. Cypherpunks see a future of perfect end to end encryption while telecom companies are hard at work building surveillance interfaces into their networks. Do these lawful intercept interfaces create unnecessary security risks? This talk will review published architectures for lawful intercept and explain how a number of different technical weaknesses in their design and implementation could be exploited to gain unauthorized access and spy on communications without leaving a trace. The talk will explain how these systems are deployed in practice and how unauthorized access is likely to be obtained in real world scenarios. The talk will also introduce several architectural changes that would improve their resilience to attack if adopted. Finally, we'll consider what all this means for the future of surveillance in the Internet - what are the possible scenarios and what is actually likely to happen over time.
-
-
18:56
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
18:56
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
18:56
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
-
17:04
»
SecuriTeam
A use-after-free vulnerability was discovered in Microsoft Corp.'s Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:39
»
SecuriTeam
Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:34
»
SecuriTeam
Microsoft Internet Explorer contains a memory corruption vulnerability in Property Change.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
7:01
»
Hack a Day
The Broadband Internet Service BenchMARK is an open source initiative to put tools in the hands of the common Internet user that will make measurement and analyzation of home network traffic easier. It targets LAN and WAN network utilization by measuring latency, packet loss, jitter, upstream throughput, and downstream throughput. Of course gathering data isn’t [...]
-
-
5:01
»
Hack a Day
[Kyle McDonald] is up to a bit of no-good with a little piece of software he wrote. He’s been installing it on public computers all over New York City. It uses the webcam found in pretty much every new computer out there to detect when a face is in frame, then takes a picture and [...]
-
-
14:26
»
Wirevolution
Service providers can offer any product they wish. But consumers have certain expectations when a product is described as ‘Internet Service.’ So net neutrality regulations are similar to truth in advertising rules. The primary expectation that users have of an Internet Service Provider (ISP) is that it will deliver IP datagrams (packets) without snooping inside them and slowing them down, dropping them, or charging more for them based on what they contain.
The analogy with the postal service is obvious, and the expectation is similar. When Holland passed a net neutrality law last week, one of the bill’s co-authors, Labor MP Martijn van Dam, compared Dutch ISP KPN to “a postal worker who delivers a letter, looks to see what’s in it, and then claims he hasn’t read it.” This snooping was apparently what set off the furor that led to the legislation:
“At a presentation to investors in London on May 10, analysts questioned where KPN had obtained the rapid adoption figures for WhatsApp. A midlevel KPN executive explained that the operator had deployed analytical software which uses a technology called deep packet inspection to scrutinize the communication habits of individual users. The disclosure, widely reported in the Dutch news media, set off an uproar that fueled the legislative drive, which in less than two months culminated in lawmakers adopting the Continent’s first net neutrality measures with real teeth. New York Times
Taking the analogy with the postal service a little further: the postal service charges by volume. The ISP industry behaves similarly, with tiered rates depending on bandwidth. Net neutrality advocates don’t object to this.
The postal service also charges by quality of service, like delivery within a certain time, and guaranteed delivery. ISPs don’t offer this service to consumers, though it is one that subscribers would probably pay for if applied voluntarily and transparently. For example, suppose I wish to subscribe to 10 megabits per second of Internet connectivity, I might be willing to pay a premium for a guaranteed minimum delay on UDP packets. The ISP could then add value for me by prioritizing UDP packets over TCP when my bandwidth demand exceeded 10 megabits per second. Is looking at the protocol header snooping inside the packets? Kind of, because the TCP or UDP header is inside the IP packet, but on the other hand, it might be like looking at a piece of mail to see if it is marked Priority or bulk rate.
A subscriber may even be interested in paying an ISP for services based on deep packet inspection. In a recent conversation, an executive at a major wireless carrier likened net neutrality to pollution. I am not sure what he meant by this, but he may have been thinking of spam-like traffic that nobody wants, but that neutrality regulations might force a service provider to carry. I use Gmail as my email service, and I am grateful for the Gmail spam filter, which works quite well. If a service provider were to use deep packet inspection to implement malicious-site blocking (like phishing site blocking or unintentional download blocking) or parental controls, I would consider this a service worth paying for, since the PC-based capabilities in this category are too easily circumvented by inexperienced users.
Notice that all these suggestions are for voluntary services. When a company opts to impose a product on a customer when the customer prefers an alternative one, the customer is justifiably irked.
What provoked KPN to start blocking WhatsApp, was that KPN subscribers were abandoning KPN’s SMS service in favor of WhatsApp. This caused a revenue drop. Similarly, as VoIP services like Skype grow, voice revenues for service providers will drop, and service providers will be motivated to block or impair the performance of those competing services.
The dumb-pipe nature of IP has enabled the explosion of innovation in services and products that we see on the Internet. Unfortunately for the big telcos and cable companies, many of these innovations disrupt their other service offerings. Internet technology enables third parties to compete with legacy cash cows like voice, SMS and TV. The ISP’s rational response is to do whatever is in its power to protect those cash cows. Without network neutrality regulations, the ISPs are duty-bound to their investors to protect the profitability of their other product lines by blocking the competitors on their Internet service, just as KPN did. Net neutrality regulation is designed to prevent such anti-competitive behavior. A neutral net obliges ISPs to allow competition on their access links.
So which is the free-market approach? Allowing network owners to do whatever they want on their networks and block any traffic they don’t like, or ensuring that the Internet is a level playing field where entities with the power to block third parties are prevented from doing so? The former is the free market of commerce, the latter is the free market of ideas. In this case they are in opposition to each other.
-
-
17:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:09
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-198 - This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer that allows malicious users to leak information about the memory layout of an Internet Explorer process. When creating a new 'Option' HTML Element, the 'index' field of the object is not set to zero and can be used to leak the location of the global variable table. This can be used to defeat ASLR or to remove the need for heap spraying while exploiting a remote code execution flaw.
-
14:09
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-198 - This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer that allows malicious users to leak information about the memory layout of an Internet Explorer process. When creating a new 'Option' HTML Element, the 'index' field of the object is not set to zero and can be used to leak the location of the global variable table. This can be used to defeat ASLR or to remove the need for heap spraying while exploiting a remote code execution flaw.
-
14:09
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-198 - This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer that allows malicious users to leak information about the memory layout of an Internet Explorer process. When creating a new 'Option' HTML Element, the 'index' field of the object is not set to zero and can be used to leak the location of the global variable table. This can be used to defeat ASLR or to remove the need for heap spraying while exploiting a remote code execution flaw.
-
14:09
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-196 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles HTTP 302 redirects to CDL protocols. When Internet Explorer tries to determine who is responsible for handling the protocol redirect it fails to keep a correct reference counter to a Transaction object which results in a use-after-free vulnerability. This can be leveraged into remote code execution under the context of the current user.
-
14:09
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-196 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles HTTP 302 redirects to CDL protocols. When Internet Explorer tries to determine who is responsible for handling the protocol redirect it fails to keep a correct reference counter to a Transaction object which results in a use-after-free vulnerability. This can be leveraged into remote code execution under the context of the current user.
-
14:09
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-196 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles HTTP 302 redirects to CDL protocols. When Internet Explorer tries to determine who is responsible for handling the protocol redirect it fails to keep a correct reference counter to a Transaction object which results in a use-after-free vulnerability. This can be leveraged into remote code execution under the context of the current user.
-
-
19:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:13
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
14:12
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
-
7:23
»
Packet Storm Security Advisories
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CObjectElement::OnPropertyChange()" function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6, 7, and 8 are affected.
-
7:23
»
Packet Storm Security Recent Files
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CObjectElement::OnPropertyChange()" function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6, 7, and 8 are affected.
-
7:23
»
Packet Storm Security Misc. Files
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CObjectElement::OnPropertyChange()" function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6, 7, and 8 are affected.
-
7:21
»
Packet Storm Security Advisories
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6 and 7 are affected.
-
7:21
»
Packet Storm Security Recent Files
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6 and 7 are affected.
-
7:21
»
Packet Storm Security Misc. Files
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6 and 7 are affected.
-
-
13:48
»
SecDocs
Authors:
Mariano Nunez Di Croce Tags:
SAP Event:
Black Hat DC 2011 Abstract: "SAP platforms are only accessible internally". You may have heard that several times. While that was true in many organizations more than a decade ago, the current situation is completely different: driven by modern business requirements, SAP systems are getting more and more connected to the Internet. This scenario drastically increases the universe of possible attackers, as remote malicious parties can try to compromise the organization's SAP platform in order to perform espionage, sabotage and fraud attacks. SAP provides different Web interfaces, such as the Enterprise Portal, the Internet Communication Manager (ICM) and the Internet Transaction Server (ITS). These components feature their own security models and technical infrastructures, which may be prone to specific security vulnerabilities. If exploited, your business crown jewels can end up in the hands of cyber criminals. Through many live demos, this talk will explain how remote attackers may compromise the security of different SAP Web components and what you can do to avoid it. In particular, an authentication-bypass vulnerability affecting "hardened" SAP Enterprise Portal implementations will be detailed.
-
13:48
»
SecDocs
Authors:
Mariano Nunez Di Croce Tags:
SAP Event:
Black Hat DC 2011 Abstract: "SAP platforms are only accessible internally". You may have heard that several times. While that was true in many organizations more than a decade ago, the current situation is completely different: driven by modern business requirements, SAP systems are getting more and more connected to the Internet. This scenario drastically increases the universe of possible attackers, as remote malicious parties can try to compromise the organization's SAP platform in order to perform espionage, sabotage and fraud attacks. SAP provides different Web interfaces, such as the Enterprise Portal, the Internet Communication Manager (ICM) and the Internet Transaction Server (ITS). These components feature their own security models and technical infrastructures, which may be prone to specific security vulnerabilities. If exploited, your business crown jewels can end up in the hands of cyber criminals. Through many live demos, this talk will explain how remote attackers may compromise the security of different SAP Web components and what you can do to avoid it. In particular, an authentication-bypass vulnerability affecting "hardened" SAP Enterprise Portal implementations will be detailed.
-
-
6:12
»
Hack a Day
It all starts with one station in your home office but who knows where it can go from there? If you’ve got dreams of being an Internet radio jockey you can get some ideas about equipment startup from this setup that [Viktor's] built for a friend. He started out with a plan to have a [...]
-
-
16:45
»
SecuriTeam
Microsoft Internet Explorer contains a Vulnerability caused by use-after-free vulnerability when handling certain animation behaviours.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
7:19
»
Packet Storm Security Recent Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
7:19
»
Packet Storm Security Tools
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
7:19
»
Packet Storm Security Misc. Files
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
-
-
11:00
»
Hack a Day
Global CALCnet lets you connect your TI graphic calculator to the Internet and use your favorite services like instant messaging and Internet relay chat. It also provides the option of worldwide multiplayer functionality for games ported to the device such as Scorched Earth and Tetris. We looked in on [Christopher Mitchell's] CALCnet in December when [...]
-
-
12:17
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a dangling pointer in the "mshtml.dll" library when handling certain object manipulations, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Internet Explorer versions 6, 7, and 8 are affected.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant