Someone Boarded a Plane at Heathrow Without a Ticket or Passport

I'm sure there's a story here: Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items. The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes...

When One Door Opens, Keep It Open: A New Tool for Physical Security Testing

As penetration testers, we spend most of our time working with different types of networks, applications, and hardware devices. Physical security is another fun area we get to work in during physical social engineering penetration tests and red team engagements, which sometimes includes attempts ...

Real-life social engineering. Two days in tweets

This is the write-up of my live tweets while on a recent social engineering engagement. It’s all available on my feed @ghostie I did this because I wanted to share what it's like to prep for, and work through a job, warts and all. If you can take anything away, to enhance your technique, or defen...

The null choice. A social engineering example in the wild

With social engineering there are lots of ways to get what you want, depending on the circumstance of course. The null choice is one that works really well when your desired outcome isn't obvious to the people you're trying to dupe. There are ways and means of overcoming a null choice scenario...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. MFSA 2007-26 / CVE-2007-3844 Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : seamonkey (seamonkey-4596)

This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : seamonkey (seamonkey-4594)

This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

Mozilla Foundation Security Advisory 2007-30

Mozilla Foundation Security Advisory 2007-30 Title: onUnload Tailgating Impact: Low Announced: October 18, 2007 Reporter: Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description Michal Zalewski demonstrated that onUnload event handlers had access to the...

Firefox: onUnload tailgating (MSIE7 entrapment bug variant)

On Fri, 23 Feb 2007, Michal Zalewski wrote: Firefox isn't outright vulnerable to this problem, but judging from its behavior, it is likely to be susceptible to a variant of this bug And indeed, susceptible it is. On the surface, the problem is even more serious: the unloaded page can run Javascri...