Yahoo Touts Success of Bug Bounty Program

Yahoo established its formal bug bounty program nearly two years ago, and the company has paid out more than $1 million in rewards to researchers in that time. But security officials say the value the program has provided to the company has been just as great. Although Yahoo was among the latter...

Flox: Email spoofing configuration missing

Email spoofing in flox.io buddypress.org bbpress.org There are few email spoofing tool is available free.one them is http://emkei.cz/ when I tried to send a email from [email protected] or [email protected] or [email protected] to my email ,it was successful but when i tried to send the another fr...

LinkedIn Private Bug Bounty Program Goes Public

Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve...

HackerOne: Logical Issue (Boosting Reputation points)

Hello, This bug is a design flaw in the reputation system. Simply, when a bug is resolved +7 is added to the user's account. When bounty is awarded then the reputation points are calculated based on standard deviation from the program's mean. I found these here --- You gain reputation when: Your...

Tribler - Download Torrents using Tor-inspired onion routing

Tribler is a research project of Delft University of Technology. Tribler was created over nine years ago as a new open source Peer-to-Peer file sharing program. During this time over one million users have installed it successfully and three generations of Ph.D. students tested their algorithms i...

HackerOne: Logic Issue with Reputation: Boost Reputation Points

Hi, I'm disclosing a bug that can allow a program member to escalate a profile reputation by +2 points indefinitely till the extent he/she wants and the process will be somewhat stealthy as there won't be a trace on member's profile say fake resolved bugs etc. Prologue BugBug - Imaginary program ...

HackerOne: Gain reputation by creating a duplicate of an existing report

Hey team, I have found a way to boost your reputation without any efforts. if a researcher send a report and someone already send same report so he got a duplicate mean 2 points. If he send this issue more multiple times he will got Duplicate again and again. so he can gain more points by this. p...

Researchers Work to Predict Malicious Domains

SEATTLE–A typical phishing or Web-based malware attack usually isn’t terribly complex. But they need a few things in order to work, and one of the key components often is a malicious domain. Researchers spend a lot of time identifying and taking these domains down, but some researchers now are...

Era Ends With Break Up of Trustworthy Computing Group at Microsoft

In a move that has surprised many in the security community, Microsoft has disbanded its Trustworthy Computing unit, the group that was responsible for the pioneering work that helped reverse the company’s security reputation and make Windows a much more secure and reliable computing platform. Th...

MyBB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13827/info MyBB is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to...

Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities

Mailspect Control Panel version 4.0.5 suffers from remote code execution, arbitrary file read, and cross site scripting vulnerabilities. Document Title: ============ Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Release Date: =========== June 21, 2014 Product & Service...

CrowdInspect - Scan of your running processes on Windows with Virus Total, WOT & MHR

CrowdInspect is a free professional grade tool for Microsoft Windows systems from CrowdStrike aimed to help alert you to the presence of malware that communicates over the network that may exist on your computer. It is a host-based real-time monitoring and recording tool utilizing multiple source...

HackerOne: Email spoofing

There are few email spoofing tool is available free.one them is http://emkei.cz/ when I tried to send a email from ███████ to my email ,it was successful but when i tried to send the another from ██████ , i did not receive any email.Hence, there might be some configuration missing in your mail...

[IP-reputation-snort-rule-generator] A tool to generate Snort rules based on public IP reputation data

A tool to generate Snort rules or Cisco IDS signatures based on public IP/domain reputation data. Usage ./tepig.pl --file=LOCALFILE | --url=URL --csv=FIELDNUM --sid=INITIALSID --ids=snort|cisco | --help LOCALFILE is a file stored locally that contains a list of malicious domains, IP addresses...

Reputation of macOS Executables: Never seen process(es)

Binary data macosxneverseenprocessbefore.nbin...

Reputation of Windows Executables: Never seen process(es)

Binary data neverseenprocessbefore.nbin...

Reputation of Windows Executables: Known Process(es)

Binary data wmiknowngoodrunning.nbin...

Reputation of Windows Executables: Unknown Process(es)

Binary data wmiunknownrunning.nbin...

Critical vulnerability in Twitter allows attacker to upload Unrestricted Files

Security expert Ebrahim Hegazy, Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the...

[OS X Auditor] free Mac OS X computer forensics tool

OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the user...