With Mobile Devices, Users Are the Product, Not the Buyer

A lot has been said about the Carrier IQ software, the way that it’s used by carriers and whether it’s capable of intercepting calls, texts and data on users’ handsets. It’s still not clear exactly what’s going on, but one lesson that has emerged from all of this is this: The mobile devices peopl...

Researchers Say Carrier IQ Not Logging Texts or Emails, But Has Some Worrisome Capabilities

Security researchers who have investigated the inner workings of the Carrier IQ software and its capabilities say that the application has some powerful, and potentially worrisome capabilities, but that as it’s currently deployed by carriers it doesn’t have the ability to record SMS messages, pho...

Sen. Franken Demands Answers From Carrier IQ on Mobile Tracking

The fallout from the controversy surrounding the presence of Carrier IQ’s software on millions of mobile devices on several different platforms has now reached Washington. Sen. Al Franken on Thursday sent a letter to the company, demanding answers to a series of questions about the software and i...

Multi Gather Mozilla Thunderbird Signon Credential Collection

This module will collect credentials from Mozilla Thunderbird by downloading the necessary files such as 'signons.sqlite', 'key3.db', and 'cert8.db' for offline decryption with third party tools. If necessary, you may also set the PARSE option to true to parse the sqlite file, which contains...

W3C Publishes Do Not Track Proposal

The W3C has proposed a standard for implementing the Do Not Track mechanism for both users and site owners, wading into what has become a contentious and fractious debate. The proposed standard, known as the Tracking Preference Expression, is designed to give users the ability to tell sites what...

Google to Allow Users to Opt Out of WiFi Location Mapping System

Google, which has faced a pile of criticism over its privacy policies and practices, especially as they relate to wireless and mobile devices, says it is changing the way that it maps people’s wireless access points in its efforts to provide accurate location information. The company said it is n...

broadcast-rip-discover NSE Script

Discovers hosts and routing information from devices running RIPv2 on the LAN. It does so by sending a RIPv2 Request command and collects the responses from all devices responding to the request. Script Arguments broadcast-rip-discover.timeout timespec defining how long to wait for a response...

OpenJDK: RMI DGC server remote code execution (RMI, 7077466)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

OpenJDK: RMI DGC server remote code execution (RMI, 7077466)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

Multi Gather OpenSSH PKI Credentials Collection

This module will collect the contents of all users' .ssh directories on the targeted machine. Additionally, knownhosts and authorizedkeys and any other files are also downloaded. This module is largely based on firefoxcreds.rb. This module requires Metasploit: https://metasploit.com/download...

Cisco Gather Device General Information

This module collects a Cisco IOS or NXOS device information and configuration...

Return argument has an invalid type

Challenge Veeam Backup Enterprise Manager fails to collect data from a Veeam Backup server with the following error: Return argument has an invalid type. The following error can be seen in VeeamBES.log: timestamp Info Reporting data were successfully collected from the server server.local timesta...

The service discovery portion of the SPI frequently fails due to a timeout

Challenge Due to weak virtual infrastructure, the discovery process takes more time than the default timeout in the HP agent. Cause Performance related problems on VMware vCenter side. Solution Workaround is to adjust settings of the agent timeout by using the following commands: ovconfchg -ns...

Google Chrome < 14.0.835.163 Multiple Vulnerabilities

Binary data 800955.prm...

CVE-2011-2841

Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...

Stable Channel Update

The Chrome Stable channel has been updated to 14.0.835.163 for all platforms. This release contains the following security fixes. More details about high level features can be found on the Google Chrome blog. Security fixes and rewards: Please see the Chromium security page for more detail. Note...

Class Action Lawsuit Accuses Microsoft of Illegal Geotagging

UPDATE: A class action lawsuit filed in U.S. District Court in Seattle, Washington, accuses Microsoft Corp. of collecting geolocation information from photos taken with phones running its Windows Phone 7 operating system, even without the user’s consent. The suit, filed by one Rebecca Cousineau, ...

Privacy and Anonymity on the Modern Internet

The current online atmosphere, in which government-sponsored surveillance, data collection and sale by private companies and politically motivated attacks have become the norm, has spurred a renewed interest in many corners of the Internet in privacy and anonymity. The people behind The Crypto...

Windows Gather IPSwitch iMail User Data Enumeration

This module will collect iMail user data such as the username, domain, full name, e-mail, and the decoded password. Please note if IMAILUSER is specified, the module extracts user data from all the domains found. If IMAILDOMAIN is specified, then it will extract all user data under that particula...

USN-1186-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that IPC structures were not correctly initialized on 64bit systems. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. CVE-2010-4073 Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker cou...