SEARCH RESULTS
 
Showing 1-10 of 43 records
 
Expand article

Orkut XSS Worm

2007-12-20 16:18:37 by RSnake in ha.ckers.org web application security lab
 
...cache Cache-Control: no-cache Content-Length: 98 POST TOKEN=0B57493EBE09C74A3D69298F67635479&signature=Bm1YihIUAe5I%2BAvfFH7v4bjtdrI%3D&Action.join POST request sent by the worm to submit itself to the scrapbook of the victims friends POST /Scrapbook.aspx HTTP/1.1 Host: www.orkut.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;...
 
Tags: orkut, worm, post, community, orkut community, post scrapbook, xss worm, post requests, worm code
 
 
 
 
Expand article

lcms speed

2008-01-15 18:01:23 by Liudvikas Bukys in Liudvikas Bukys
 
...cache cuts 40% from runtime - unless youre transforming large uniform blocks for which a one-entry cache is actually suitable Eliminating the general-purpose byte packing and unpacking functions and replacing them with inline encoding-specific equivalents cuts another 15% of runtime Compound savings: 49%, or 2x speedup, which is what someone...
 
Tags: one-entry cache cuts, one-entry cache, lcms, thread-safe memory, thread-local caches, cache comparisons, inline, equivalents cuts, lcms-1
 
 
 
 
Expand article

The Impact of Dans DNS Debacle on Internet Risk

2008-07-30 08:11:30 by Burton Group in Security and Risk Management Strategies Blog
 
...cache. A fix against either of these vulnerabilities also negates the attack itself The fundamental question that determines the risk impact revolves around whether it is reasonable to expect fewer or more incidents that use this technique when comparing the period prior to disclosure -- or, more properly, before the date of Dans invention of...
 
Tags: dns servers, servers, impact, dns, dns servers cache, risk impact revolves, major dns vendors, risk, major dns vulnerability
 
 
 
 
Expand article

Cached Malware Embedded Sites

The Article has images
2007-12-16 18:18:26 by HASH0x8a09e44 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cached malware embedded sites are a security problem, well they're, but the bigger problem to me is that it's only Google that's taken efforts to deal with the problem next to the market challengers - Yahoo and MSN - " Google, Yahoo, Microsoft Live search engines contain page-caching flaw, says Aladdin Researchers at Aladdin Knowledge...
 
Tags: sites, sites wrongly, web sites, malware, malicious site, site, single site offers, sites notification services, popular sites
 
 
 
 
Expand article

Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy
 
Browser cache and history are intended to be private, yet it's not difficult for malicious Web sites to "sniff" cache entries on visitors' computers and then use that information to more accurately deceive them. The authors' approach neutralizes the threat of URLs being discovered on client computers
 
Tags: malicious web sites, computers, client computers, browser cache, cache entries, accurately deceive, authors, history, threat
 
 
 
 
Expand article

Moto Q9 DoS and Fingerprinting

2008-01-12 18:10:21 by RSnake in ha.ckers.org web application security lab
 
...CACHE CONTROL = no-cache HTTP USER AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Opera 8.65 [en] UP.Link/6.3.1.17.0 HTTP VIA = 1.1 alnmagr1fe09WAP2-mbl HTTP X UP DEVCAP ACCEPT LANGUAGE = en HTTP X UP DEVCAP CHARSET = utf-8,ISO-8859-1,US-ASCII,UTF-16,GB2312,BIG5 HTTP X UP DEVCAP ISCOLOR = 1 HTTP X UP DEVCAP NUMSOFTKEYS = 2...
 
Tags: accept language, accept, devcap, devcap charset, devcap numsoftkeys, accept charset, devcap screenpixels, cell phone hacker, phone
 
 
 
 
Expand article

Several Vendors Including Microsoft Patch Multiplatform DNS Vulnerability

2008-07-08 22:49:43 by CyberInsecure in CyberInsecure.com
 
Deficiencies in the Domain Name System (DNS) protocol may leave affected systems vulnerable to DNS cache poisoning attacks. If an attacker can successfully conduct a cache poisoning attack, they may be able to cause a nameservers clients to contact the incorrect, and possibly malicious, hosts for particular services. This may allow an attacker...
 
Tags: dns, dns cache, cache, nameservers clients, possibly malicious, attacker, systems vulnerable, hosts, protocol
 
 
 
 
Expand article

Security Matters: Lesson From the DNS Bug: Patching Isn't Enough

2008-07-23 19:00:00 by Bruce Schneier in Wired Security
 
...cache poisoning. The DNS system is what translates domain names people understand, like www.schneier.com, to IP addresses computers understand: 204.11.246.1. There is a whole family of vulnerabilities where the DNS system on your computer is fooled into thinking that the IP address for www.badsite.com is really the IP address for...
 
Tags: security, security engineer, security engineer brings, security holes, smart design choice, design, security engineers, kaminsky, dan kaminsky
 
 
 
 
Expand article

The DNS Vulnerability

2008-07-29 06:01:52 by schneier in Schneier on Security
 
...cache poisoning. The DNS system is what translates domain names people understand, like www.schneier.com, to IP addresses computers understand: 204.11.246.1. There is a whole family of vulnerabilities where the DNS system on your computer is fooled into thinking that the IP address for www.badsite.com is really the IP address for...
 
Tags: vulnerability, kaminsky, dan kaminsky, details, critical internet vulnerability, bank account details, discover kaminsky, patch, release details
 
 
 
 
Expand article

Summarizing Zero Day's Posts for July

The Article has images
2008-08-08 14:35:52 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cache poisoning vulnerability 23. DNS cache poisoning attacks exploited in the wild 24. The Neosploit cybercrime group abandons its web malware exploitation kit 25. OS fingerprinting Apple's iPhone 2.0 software - a "trivial joke 26. HD Moore pwned with his