ip-geolocation-ipinfodb NSE Script

Tries to identify the physical location of an IP address using the IPInfoDB geolocation web service . There is no limit on requests to this service. However, the API key needs to be obtained through free registration for this service: http://ipinfodb.com/login.php See also:...

ip-geolocation-geoplugin NSE Script

Tries to identify the physical location of an IP address using the Geoplugin geolocation web service . There is no limit on lookups using this service. See also: ip-geolocation-ipinfodb.nse ip-geolocation-map-bing.nse ip-geolocation-map-google.nse ip-geolocation-map-kml.nse...

ip-geolocation-maxmind NSE Script

Tries to identify the physical location of an IP address using a Geolocation Maxmind database file available from . This script supports queries using all Maxmind databases that are supported by their API including the commercial ones. See also: ip-geolocation-geoplugin.nse...

Apple Releases iOS 4.3.3, Addressing Location-Tracking Concerns

Apple has released iOS 4.3.3, a firmware update for the iPhone, iPod Touch and iPad that, among other things, fixes the controversial issues surrounding the location tracking capabilities of those devices. The firmware update is Apple’s response to the outcry that erupted last month when a pair o...

iPhones, Location and Threats to Your Assets

By B.K. DeLong In following the Apple iPhone location tracking conversation, I’ve thought of another interesting point not quite raised or being examined, similar to the issue of making potential high-value targets out of high-profile executives at Fortune 500 firms simply by using email addresse...

Secret iPhone Feature Tracks Owners' Whereabouts

Security researchers have discovered a hidden iPhone feature that secretly tracks and saves the meanderings of the phone – and presumably its owner. The tracking feature was described in a presentation at the Where 2.0 Conference in San Francisco on Wednesday. According to the researchers, Pete...

The Joys of Running a Bug Bounty Program

When Barracuda Networks started its bug bounty program about three months ago, company officials weren’t exactly sure what to expect. They didn’t know whether there’d be an onslaught of submissions or the sound of crickets chirping. The reality turned out to be somewhere in the middle. Barracuda...

Report : A global shift in cybercrime !!

The target of attacks has shifted from traditional infrastructure to mobile users and endpoint devices, according to a new report. Research from SpiderLabs found that malicious tools became more customized, automated and persistent in 2010. This trend combined with the popularity of mobile device...

Design/Logic Flaw

The PiwikCommon::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via 1 use of a private aka RFC 1918 address behind a proxy server or 2 spoofing of the X-Forwarded-For HTTP...

CVE-2011-0398

The PiwikCommon::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via 1 use of a private aka RFC 1918 address behind a proxy server or 2 spoofing of the X-Forwarded-For HTTP...

CVE-2011-0398

CVE-2011-0398 affects Piwik before version 1.1. The vulnerability is in the Piwik_Common::getIP function, which does not correctly determine the client IP address. This can allow remote attackers to bypass geolocation restrictions and logging by either: using a private (RFC 1918) address behind a...

CVE-2011-0398

The PiwikCommon::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via 1 use of a private aka RFC 1918 address behind a proxy server or 2 spoofing of the X-Forwarded-For HTTP...

DD-WRT Info.live.htm Information Disclosure

The version of DD-WRT installed on the remote device allows an unauthenticated, remote attacker to retrieve sensitive information about the router itself and any attached hosts, such as geolocation information, IP addresses, MAC addresses and host names, even if remote administration is disabled...

Report : Top Hacker Targets Include Mobile Devices and Mac !

McAfee is making security predictions for 2011. The firm outlines its top threats for next year in the 2011 Threat Predictions report -- and Android, iPhone, Foursquare, Google TV, and Mac OS X are listed as major cybercrime targets. Politically motivated attacks are also expected to increase, a ...

DD-WRT Information Disclosure Vulnerability

Exploit for hardware platform in category remote exploits Author: Craig Heffner, /dev/ttyS0 Software Link: http://www.dd-wrt.com Version: v24-preSP2 Tested on: builds 14311, 14896 Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, M...

DD-WRT 24-preSP2 - Information Disclosure

DD-WRT 24-preSP2 - Information Disclosure Exploit Title: DD-WRT Information Disclosure Vulnerability Date: 26-Dec-2010 Author: Craig Heffner, /dev/ttyS0 Software Link: http://www.dd-wrt.com Version: v24-preSP2 Tested on: builds 14311, 14896 Remote attackers can gain sensitive information about a...

Design/Logic Flaw

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Geolocation objects. NOTE: this...

UBUNTU-CVE-2010-3823

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Geolocation objects. NOTE: this...

CVE-2010-3823

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Geolocation objects. NOTE: this...

Q&A: Evercookie Creator Samy Kamkar

Samy Kamkar has been making quite a bit of noise lately, beginning with his release of the Evercookie earlier this month and continuing with his talk at the SecTor conference this week on novel methods for stealing users’ cookies without any browser bugs. In this interview, he discusses both of...