SEARCH RESULTS
 
Showing 1-10 of 37 records
 
Expand article

Orkut XSS Worm

2007-12-20 16:18:37 by RSnake in ha.ckers.org web application security lab
 
...submit itself to the scrapbook of the victims friends POST /Scrapbook.aspx HTTP/1.1 Host: www.orkut.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language:...
 
Tags: orkut, worm, post, community, orkut community, post scrapbook, xss worm, post requests, worm code
 
 
 
 
Expand article

Diminutive XSS Worm Contest Drama and Status Update

2008-01-06 17:34:38 by RSnake in ha.ckers.org web application security lab
 
...submit events. Well see how things turn out, but Im quickly getting a feeling these are by far the two most likely candidates for worm propagation. My question is what sort of valid reasons can people come up with on why the browser should automatically submit a form without user interaction? More detailed analysis to come once we get closer...
 
Tags: browser companies, browser, browser security arena, code, people visit, people, worm code, diminutive xss worm, xss worm
 
 
 
 
Expand article

House committee issues report and finds fault with TSA web site

The Article has images
2008-01-15 09:35:53 by Evan Francen in The Breach Blog
...submitted large amounts of personal information through an insecure webpage TSA did not provide sufficient oversight of the website and the contractor The internal TSA investigation found that there were problems with the planning, development, and operation of the website and that the program managers were overly reliant on contractors for...
 
Tags: tsa, website, website contract, traveler redress website, tsa moved quickly, security breach, information security breach, security vulnerabilities, multiple security vulnerabilities
 
 
 
 
Expand article

PR Storm - Mass iFRAME Injectable Attacks

The Article has images
2008-03-17 17:54:21 by HASH0x8b5dc70 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...submit executable commands that will later on get cached, and load, such as iFRAMES in this case. Most of all, these are high page rank-ed sites, namely the junk that they submit is appearing within the first 10/20 search results and is getting crawled within hours upon submitting it, and therefore it must be taken care of as soon as...
 
Tags: massive iframe attack, iframe attack, attack, attack vector, attack tactics, domains, malicious domains, malicious, sites
 
 
 
 
Expand article

Confidential information sent to PinPay.net and SoftCard.biz is exposed

The Article has images
2008-05-08 13:26:03 by Evan Francen in The Breach Blog
...submit=Accept+Card+Agreement-Submit This is a very simplistic demonstration about why it is important to encrypt sensitive information. If the communication had been encrypted, none of the data would have been visible without access to the private key We could go deeper into the server application and SQL, but I think that this is enough A...
 
Tags: information, drivers license card, license card, card, free card, social security card, sensitive information, sensitive personal information, encrypt sensitive information
 
 
 
 
Expand article

NY STAR: An accident waiting to happen

2006-03-02 22:37:31 by Liudvikas Bukys in Liudvikas Bukys
 
...submit their SSN or a copy of their income tax returns to the local assessor In New York City, they want SSNs from everybody. Just because its authorized by law (in the NYC Administrative Code ) doesnt mean its a good idea. Everywhere else, theyre only collecting SSNs or income tax returns from low-income seniors Its hard to justify leaving...
 
Tags: information, store information, income information, personal information, personal financial information, public, public record agency, public information, assessors
 
 
 
 
Expand article

How effective is the wisdom of crowds as a security mechanism?

2007-12-21 15:26:10 by Tyler Moore in Light Blue Touchpaper
 
...submit URLs from suspected phishing websites and vote on whether the submissions are valid. The idea behind PhishTank is to bring together the expertise and enthusiasm of people across the Internet to fight phishing attacks. The more people participate, the larger the crowd, the more robust it should be against errors and perhaps even...
 
Tags: phishtank, phishtank compare, leaves phishtank, users, phishtanks users, vote maliciously, vote, active users, urls
 
 
 
 
Expand article

A cryptographic hash function reading guide

2007-11-23 16:01:18 by George Danezis in Light Blue Touchpaper
 
After a few years of spectacular advances in breaking cryptographic hash function NIST has announced a competition to determine the next Secure Hash Algorithm, SHA-3. SHA-0 is considered broken, SHA-1 is still secure but no one knows for how long, and the SHA-2 family are desperately slow. (Do not even think about using MD5, or MD4 for which...
 
Tags: function, hash functions, cryptographic hash functions, functions, functions secure, design, hash function design, compression functions, secure hash function
 
 
 
 
Expand article

Creating An Auto Hack USB Drive Using Autorun and Batch Files. By Dosk3n

2007-10-12 19:56:23 by Editor in Irongeek's Security Site
 
...submit a video, read my page on How I Make The Hacking Illustrated Videos . My only stipulations are that it has to be narrated and can't have copyrighted music in it. I also plan on changing the InfoSec videos page around to be easier to search
 
Tags: infosec videos page, infosec video, video, videos, dosk3n, page, batch files, autorun, submit