SecurityRatty: tag: expiry

Wordpress 2.5 cookie integrity protection vulnerability

2008-04-25 16:03:19 by Steven J. Murdoch in Light Blue Touchpaper

...EXPIRY TIME . | . MAC Where: COOKIEHASH MD5 hash of the site URL (to maintain cookie uniqueness) USERNAME The username for the authenticated user EXPIRY TIME When cookie should expire, in seconds since start of epoch MAC HMAC-MD5( USERNAME . EXPIRY TIME ) under a key derived from a secret and USERNAME . EXPIRY TIME This scheme is based on two...

Tags: cookie, time, user expiry time, wordpress, secure cookie protocol, expiry time, vulnerability, username, maintain cookie uniqueness

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit

...EXPIRY TIME . "|" . MAC Where: COOKIEHASH: MD5 hash of the site URL (to maintain cookie uniqueness) USERNAME: The username for the authenticated user EXPIRY TIME: When cookie should expire, in seconds since start of epoch MAC: HMAC-MD5(USERNAME . EXPIRY TIME) under a key derived from a secret and USERNAME . EXPIRY TIME So you login to...

Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness

Amusing Moment On a Train

2008-06-16 10:39:43 by Dave Lewis in Liquidmatrix Security Digest

...expiry date and CVN. I was a little worried for the guy at this point. But, I guess Darwin was right. Then I heard a womans voice utter, jackass. I glanced up to see a little old lady shaking her head as she looked at the loud talker in disgust. A smile crept across my face

Tags: train, womans voice utter, sweetie, gmail account, loud talker, guy, cell phone, wireless router, fellas call

Card fraud what can one do?

2008-12-22 14:01:37 by Saar Drimer in Light Blue Touchpaper

...expiry date, and the CVV2; all helpfully available on the card itself. Hiding the CVV2 from being remembered on casual inspection may save you from paying for someone elses big screen TV. In some cases the crooks may need your address as well, so the waiter that skims your card also gives you a raffle card to put your details on for a chance...

Tags: card, card fraud, magstripe, magstripe data invalid, emv card, emv, encoder, magstripe encoder, blank magstripe card

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo