164 matches found
DoD Publishes Vulnerability Disclosure Policy
The Department of Defense promised upon the inception of the Hack the Pentagon bug bounty program that it would continue to engage white-hats. Hack the Pentagon set the tone with more than 1,400 participants and 138 vulnerabilities resolved during the 24-day trial during the spring. Two weeks ago...
U.S. Dept Of Defense: Reflected cross-site scripting vulnerability on a DoD website
A cross-site scripting XSS vulnerability was found on a Department of Defense. XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @konduru-jashwanth able to demonstrate this...
U.S. Dept Of Defense: Stored cross-site scripting (XSS) on a DoD website
A stored cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @jonbottarini was able to demonstrate this vulnerability by crafting...
Hack the Pentagon — US Government Challenges Hackers to Break its Security
Update: 'Hack The Pentagon' has opened registration for its pilot bug bounty program of $150,000 for hackers in return for the vulnerabilities they find in its public facing websites. The Defense Department has enlisted the bug bounty startup HackerOne to manage the pilot program. Interested...
Domain Creep? Maybe Not.
I just read a very interesting article by Sydney Freedberg titled DoD CIO Says Spectrum May Become Warfighting Domain. That basically summarizes what you need to know, but here's a bit more from the article: Pentagon officials are drafting new policy that would officially recognize the...
Liquid XML Studio 2010 <= 8.061970 - (LtXmlComHelp8.dll) OpenFile() Remote 0day Overflow Exploit
No description provided by source. html !-- |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...
VideoScript <= 4.0.1.50 Admin Change Password Exploit
No description provided by source. ?php / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
DoD DIACAP transition to RMF approved
Welcome DIARMF! This has been a long time coming. From DITSCAP to DIACAP and now to DIARMF the Department of Defense approved the transition to a Risk Management Framework RMF approach developed by NIST on March 12. What does this mean for Information Systems and Platform Information Technology...
Pentagon Approves Samsung KNOX Android Platform for DoD
Android has long been the outcast of mobile device security largely because hackers have been adept at getting malware onto the platform via third-party application marketplaces and lax submission policies on Google Play. The security of the operating system itself, however, hasn’t been challenge...
DoD Inspector General Calls Out Army CIO For Poor Mobile Device Security
The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took th...
DoD Program Expanded, Designed to Share Threat Information
The Pentagon on Friday invited a slew of government contractors to meet and share classified information on cyber threats going forward, part of an initiative that the department hopes will reduce the risk of intrusions to government systems. The information sharing model that the Department of...
Researchers Find Sykipot Trojan Variant For Hijacking DoD Smart Cards
A report from Alien Vault says that variants of the Sykipot Trojan have been found that can steal DOD smartcard credentials. The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against defens...
Charlie Miller now working with DoD for Cyber Security
Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense DoD for helping out with cyber security. He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where ...
Charlie Miller now working with DoD for Cyber Security
Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense DoD for helping out with cyber security. He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where ...
Pentagon Admits to biggest ever data breach
Pentagon Admits to biggest ever data breach According to Report, Department of Defense and Pentagon is disclosing news of the one of the largest data loss events to date . From investigation, officials to believe the intrusion was orchestrated by a foreign government. The theft of around 24,000...
Xiaodong Sheldon Meng (Quantum3D)
Meng was a 44 year-old software engineer living in Cupertino, California when, in 2008, he became the first person sentenced for a violation of the U.S.’s Economic Epionage Act of 1996. Meng had worked as an engineer for Quantum3D, a defense contractor that makes visual simulation software used f...
Top 20 'Critical Controls' from SANS Institute
The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...
Liquid XML Studio 2010 <= v8.061970 - OpenFile() Remote Heap Overflow
Exploit for unknown platform in category remote exploits ====================================================================================================== Liquid XML Studio 2010 !-- |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / /...
Liquid XML Studio 2010 Heap Overflow
!-- |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...
Liquid XML Studio 2010 8.061970 - LtXmlComHelp8.dll OpenFile() Remote Overflow
Liquid XML Studio 2010 8.061970 - LtXmlComHelp8.dll OpenFile Remote Overflow !-- |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | |...