securityaspects.wordpress.com
990.ro livreaza malware (continuare) | Aspects of computer security
https://securityaspects.wordpress.com/2012/01/13/990-ro-livreaza-malware-continuare
Aspects of computer security. Un blog dedicat securitatii in domeniul IT. 990ro livreaza malware (continuare). Ianuarie 13, 2012 in Forensic. Prima parte o puteti citi aici. Dupa analiza trafiiculuui am ajuns la concluzia ca ofertantul de publicitate este (. Una din reclamele acestui ofertant, gazduita si pe 990.ro ( http:/ ads.endoftheinternet.org/ku44/yoxlazgmkoaojme.pdf. A condus la erori referitoare la inconsistenta codului java. Cine este interesat poate obtine o copie a acestului PDF. Acest fisier ...
securityaspects.wordpress.com
Thank you Ed Skoudis or 2011 Chrismas challenge | Aspects of computer security
https://securityaspects.wordpress.com/2012/02/05/thank-you-ed-skoudis-or-2011-chrismas-challenge
Aspects of computer security. Un blog dedicat securitatii in domeniul IT. Thank you Ed Skoudis or 2011 Chrismas challenge. Februarie 5, 2012 in e-Learning. If I need to say thank you to someone for a nice time and for having fun, that would be Ed Skoudis. And If I need to hate someone for some nights without sleep, that would be definitely Ed. But lets start with the beginning. I was kind of motivated by Ed’s post. I updated my Python install on Windows and got a big cup of tee (Phu Erh). Inputstring = &...
securityaspects.wordpress.com
Fibonacci, tail recursion and some Python | Aspects of computer security
https://securityaspects.wordpress.com/2014/03/03/fibonacci-tail-recursion-and-some-python
Aspects of computer security. Un blog dedicat securitatii in domeniul IT. Fibonacci, tail recursion and some Python. Martie 3, 2014 in Back to security basic. Is offering for time been an really interesting course (Louv1.01x Paradigms of Computer Programming) about the theory of computer programming. One of the homework was to use tail recursion. In order to calculate the Fibonacci. Sequence. Because the solution is really smart I like to put some Python code to show the concept. If nummber = 0:. Comente...
securityaspects.wordpress.com
990.ro livreaza malware | Aspects of computer security
https://securityaspects.wordpress.com/2011/12/16/990-ro-livreaza-malware
Aspects of computer security. Un blog dedicat securitatii in domeniul IT. Decembrie 16, 2011 in Security News. Site-ul http:/ www.990.ro. Amanunte vor urma…. FX ak Felix Lindner. Hardened PHP Project Blog. Hardened PHP Project Blog. Because The Security World Change,. On 990.ro livreaza malware. On Because The Security World…. Io on 990.ro livreaza malware. Ala on 990.ro livreaza malware. Tibor on 990.ro livreaza malware. Comments feed for this article. Decembrie 20, 2011 la 6:15 pm. Mersi de incercare, ...
kuza55.blogspot.com
Web Security Research» Alex's Corner: Is framework-level SQL query caching dangerous?
http://kuza55.blogspot.com/2008/08/is-framework-level-sql-query-caching.html
Sunday, August 03, 2008. Is framework-level SQL query caching dangerous? I was in a bookshop a few months ago and picked up a book about Ruby on Rails, and though I sadly didn't buy it (having already bought more books than I wanted to carry) and I've forgotten it's name, there was an interesting gem in there that stuck in my head. But in any case, it still seems dangerous. Assuming that flushing the cache is fairly granular operation (or there is very little activity on the table or users are stored as ...
kuza55.blogspot.com
Web Security Research» Alex's Corner: April 2008
http://kuza55.blogspot.com/2008_04_01_archive.html
Saturday, April 12, 2008. How much do you trust your DNS operator? TechCrunch recently broke a story about Network Solutions hijacking users' unused subdomains for advertising. It seems to have only applied to people using Network Solutions for their shared hosting, and seems to have been removed now. (None of the IPs I tested on the same machine returned advertising for their non-existent subdomains) And on top of that we know that anyone who is on shared hosting is pretty easy pickings. Now you may tru...
kuza55.blogspot.com
Web Security Research» Alex's Corner: Using TinyURL For Storage (includes PoC)
http://kuza55.blogspot.com/2006/12/using-tinyurl-for-storage-includes-poc.html
Saturday, December 30, 2006. Using TinyURL For Storage (includes PoC). Note: To skip to the PoC click here. I recently read the following post about trying to write something that took advantage of pdp's article of using tinyURL for storage: http:/ michaeldaw.org/news/news-221206/. Sadly at the time I hadn't actually read pdp's article ( http:/ www.gnucitizen.org/blog/the-attack-of-the-tiny-urls/. But that still leaves us with the problem of having a cross-domain browser security policy, whereby we can't...
kuza55.blogspot.com
Web Security Research» Alex's Corner: July 2008
http://kuza55.blogspot.com/2008_07_01_archive.html
Sunday, July 27, 2008. EDIT]:It turns out I fail at testing things on the latest version, see comments for some more details, sorry about that Roee.[/EDIT]. Roee Hay recently posted a blog post on the Watchfire blog about an XSS bug in the Tamper Data extension. It was posted much earlier, but removed quickly; RSS is fun), however when he assessed the impact he was wrong. The context of the window is still within the extension, and so by executing the following code you can launch an executable:. 1 If yo...
kuza55.blogspot.com
Web Security Research» Alex's Corner: August 2008
http://kuza55.blogspot.com/2008_08_01_archive.html
Wednesday, August 06, 2008. Thoughts on the DNS patch/bug. Is it just me, or does the DNS patch only seem to buy us more time? At most this decreases the chance of a succesful attack 65k times, at worst it doesn't help because of NAT, and if you're running a default MS. Also seem to say it works pretty damn quickly. I'm not going to do any figures, but given how network speeds seem to go constantly upwards (or do we want to speculate about an upper cap? For your typical attack, yes, poisoning random subd...
kuza55.blogspot.com
Web Security Research» Alex's Corner: It's been a while
http://kuza55.blogspot.com/2008/09/its-been-while.html
Thursday, July 16, 2009. It's been a while. In any case, I did some presentations recently and thought I should probably put details up here. I also did a talk at RUXCON and 25c3 with Stefano Di Paola. And I even spelled his surname correctly this time! Called Attacking Rich Internet Applications, so here are some materials:. Here is the PoC exploit:. This is just a PoC, have a look through about:config for any string entry you would want to change. Header ("HTTP/1.1 200 OK BR B Mime Type /B : text/h...
SOCIAL ENGAGEMENT