Samsung smart Refrigerator presence of the vulnerability can lead to Gmail credentials theft-vulnerability warning-the black bar safety net

The recent Internet of things and new security issues, this time security researchers from the Samsung smart fridge to extract the Gmail authentication information. The middleman steal authentication At the recent DEFCON hacking conference, hackers have made a through the middle attack to steal t...

Attack the onion routing(Tor)and anonymous service to some of the review-vulnerability warning-the black bar safety net

Tor The Onion Router, the onion router's main purpose is to prevent flow through the filter and Sniffer to spy on the user of the communication Privacy, the majority of the Chinese people familiar with it not because it's encrypted, but because it is a multi-layer node could span the Great Wall o...

A null pointer vulnerability Protection Technology-primary-vulnerability warning-the black bar safety net

Safety history due to a null pointer brought the vulnerability and attacks are numerous, but because of its use of the programming skills required for analysis and protective to have higher requirements, so the domestic to the null pointer vulnerability and a discussion of the related art is not...

CBC Byte Flipping Attack—1 0 1 Approach(CTF WEB 4 0 0)analysis-vulnerability warning-the black bar safety net

Byte Flipping Attack if directly translated,should be"bit inversion attack"means. Then an in-depth analysis,found that the attack is probably the use of CBC block encryption one of the features to be completed. ! Science bit CBC encryption process. CBCcipher block chainingbefore encryption,first,...

A null pointer vulnerability protection technology to improve the article-vulnerability warning-the black bar safety net

In the null pointer vulnerability protection technology-the primary article, we introduced a null pointer and a null pointer vulnerability concept, in this advanced article describes a null pointer use and the corresponding protection mechanisms. Author: sun Jian slope Directory 1 to improve the...

WordPress SQL injection vulnerability and provide the right analysis-vulnerability warning-the black bar safety net

2313258f75eee9e3bf398ed6d1f0bb17 Reading: 2 7 5 WordPress core functionalitySQL injectionvulnerability analysis Threat Response Fellow at the center for the Wordpress core functionalitySQL injectionvulnerabilities number of CVE-2 0 1 5-5 6 2 3 and CVE-2 0 1 5-2 2 1 3for a detailed analysis 0x00...

Android Dolphin Browser remote code execution-vulnerability warning-the black bar safety net

The attacker has the ability to by Android the Dolphin Browser to control the user's network communication data, you can modify the download and application browser new theme function. By using this function, an attacker can write arbitrary files, these files will be in the user device browser...

ZigBee is exposed a serious security vulnerability-vulnerability warning-the black bar safety net

1, ZigBee is exposed a serious security vulnerability Along with technology the rapid evolution of IOTThe Internet of Things, IoTthe concept once again on the rise, people all around the daily necessities, terminal equipment, and household appliances also gradually been given of the network...

How the invasion of the Pocket within the network-vulnerability warning-the black bar safety net

Let's black IT security recently reported, the Pocket application's developers recently fixed a few leaked data a vulnerability, hackers may be from the server, obtain sensitive information. Here offer tutorials for everyone to learn and exchange. The Pocket is what I have many years did not put...

Fragment Injection vulnerability bloopers-vulnerability warning-the black bar safety net

1 3 time of the year, IBM's security researchers discovered 1 Google framework layer of vulnerability Fragment injection vulnerability, this vulnerability can lead to Android phone the PIN code is reset, everyone should be on the figure 1 is not strange. This vulnerability after the industry of t...

Camera 3 6 0 applications privacy data breach analysis-vulnerability warning-the black bar safety net

A lot of popular Android apps leak privacy data. We found another popular Google Play app,“Camera 3 6 0 Ultimate”,not only for the user's photos are optimized, but also inadvertently leaked the private data that can allow a malicious user is not authenticated access to the user Camera 3 6 0 cloud...

Belkin F9K1111 firmware vulnerability analysis-vulnerability warning-the black bar safety net

Recently, we noticed that the HP DVLabs has been in the Belkin（Belkin） N300 Dual-Band WiFi range Extender（F9K1111 in at least 1 0 a vulnerability. In response, the Belkin just released the version number is 1. 0 4. 1 0 firmware. Because this is the F9K1111 the first update release, but there is n...

Technology uncovered“QQ space”to automatically forward adverse information-vulnerability warning-the black bar safety net

We often see the QQ space to automatically forward some of the included links to bad information, even if we QQ password has not been stolen. The recent adoption of a QQ space automatically forwarding the link for analysis, found that the automatic forwarding mechanism through the use of the...

Firefox bookmarks extensions apps Pocket: vulnerability mining not so difficult-vulnerability warning-the black bar safety net

The Pocket application's developers recently fixed a few leaked data a vulnerability, hackers may be from the server to obtain WEB Services, internal IP address, as well as more sensitive information. Pocket profile Pocket formerly known as Read it Later, as the name suggests, is an online...

Camera360 is proof the presence of vulnerability: the presence of data leakage risk resulting from unauthorized access to others ' photos-bug warning-the black bar safety net

Many of the popular Apps are there privacy data leakage problem, we in the Google App Store, found a product called Camera360 photography App. The App although the user can make the photo become very beautiful, but in the unintentional leakage between the user's privacy data: a malicious attacker...

Metasploit CVE-2 0 1 5-5 1 2 2 Flash exploit tutorials-vulnerability warning-the black bar safety net

Some time ago, the Hacking Team Arsenal leaked much noise hubbub of the big security companies are also scrambling to release a variety of attack code analysis, but features as a WEB Dog, simply can't read binary. With vulnerability analysis, understanding the vulnerability details, but is to tel...

Android mediaserver components exposed high-risk vulnerabilities CVE-2 0 1 5-3 8 4 2, and affects all Android devices-vulnerability warning-the black bar safety net

! On the weeks, Android broke a wave of vulnerabilities, including Stagefright, a 0day serialization vulnerabilities, the Certifi-Gate vulnerability, etc., recent trends in science and technology fellows and broke yet another high-risk VulnerabilityCVE-2 0 1 5-3 8 4 2, and this one vulnerability...

Another OS X to mention the right vulnerability-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015819144820242.jpg If you are using OS X Yosemite,have a look at this article,the malicious software takes advantage of a new way to control your Mac. In the Appleoperating systemhas been found a vulnerability,the vulnerability can be in the absence of the owner of t...

Based on BIGINT overflow error SQL injection-vulnerability warning-the black bar safety net

I for by the MySQL error to extract data New Technologies are very interested in, and the herein to be described is one such technology. When I examine the MySQL integer processing mode when suddenly for how to make it happen overflow generated strong interest. Below, we look at MySQL is how to...

BlackHat topic analysis: analysis of BGP hijacking exploit-vulnerability warning-the black bar safety net

BGP hijacking in 2 0 0 8 years defcon conference once involved, however, in 2 0 1 5 year's blackhat has been selected as the subject, visible the seriousness of the problem, frozen three feet, a cold, BGP hijacking issues to organizations around the world work together to solve it. 0×0 0 what is ...

A serious Wordpress 0 day exploit reverse engineering analysis-vulnerability warning-the black bar safety net

In just the past weekend,I got from my modsecurity logs found an interesting warning,logging a submit to my Wordpress site with one network request. Although this request did not succeed,but I decided to be an in-depth study,and trying to figure out this request information in the end is what,it...

Using Metasploit/NetRipper sniffing encrypted puTTY/Outlook account-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015819145144782.jpg This year,the 2 3 annual Defcon conference in the USA Las Vegas Grand opening,and NetRipper it is in the current Defcon General Assembly for the first time available. NetRipper is a tool for Windows operating system vulnerabilities using the tool,i...

The Mac OS X operating system, and found 2 pieces of Privilege elevation 0day vulnerabilities-vulnerability warning-the black bar safety net

Apple Mac OS X operating system, and found 2 pieces new, 0day vulnerabilities, if an attacker successfully exploited, may be in the victim's equipment on elevated privileges to get root access. Vulnerability details These two vulnerabilities is by Italian security researcher Luca Todesco found, a...

Wordpress4. 2. 3. rights and SQL injection vulnerabilities(CVE-2 0 1 5-5 6 2 3)analysis-vulnerability warning-the black bar safety net

First, explain the background. wordpress user permissions are divided into subscribers, contributors, authors, editors and administrators. Permission the lowest is the Subscriber, the Subscriber only Subscribe to the articles of permissions, wordpress open registration the default registration of...

WordPress XSS override vulnerability new routes-vulnerability warning-the black bar safety net

Cross-site scriptingXSSproblems continue to haunt with independent web pages of large corporations and professional content management cms,such as WordPress. It is interesting:in any given page code injection and effectively control the user can see and has the ability to operate in most network...

Android pre-installed plug-ins“certificate gate”vulnerability analysis of a reducing-vulnerability warning-the black bar safety net

2 0 1 5 Blackhat conference in addition to broke an MMS black out Android Stagefright vulnerability, but also proof of the many other Android vulnerability, which has one called“CERTIFI-GATE”in the certificate of the vulnerability, see the topic on the description, This is another one can control...

Apple operating system Yosemite and then exposed the new vulnerability hack no password to the root PC-vulnerability warning-the black bar safety net

According to foreign media reports,Apple OS X Yosemite and then exposed new vulnerabilities. The attacker needs to use the OS IOKit null pointer and the Shell of deception verification to carry out attacks, using this method, the hacker without a password to obtain root permissions. Reported that...

Local file inclusion vulnerability detection tools – Burp the domestic plug-in LFI scanner checks-vulnerability warning-the black bar safety net

LFI scanner checks to myself to burp the lightweight scanner to do a detect a LFI vulnerability plug-ins, because burp is not an effective detection of the LFI feature, only to write yourself a plugin. Look at the following screenshot: ! To compare the following J2EESCAN inside the included LFI...

A perfect Bug（CVE-2 0 1 5-3 0 7 7: The use of the Flash type confusion-vulnerability warning-the black bar safety net

For some attackers, exp can be stable use is very important. In other words, exp in running specific flash version of the platform-specific system, exp to every time can lead to code execution. The preparation of such a high quality of exp one of the ways is the use of a high quality bugthat is,...

Android System Google Admin app exposed 0day vulnerabilities, can bypass the sandbox-vulnerability warning-the black bar safety net

MWR Labs researchers discovered a 0day vulnerability exists in the Android system of the Google Admin app to handle some URL in the way that, by the vulnerability the attacker can bypass the Android sandbox mechanism. The vulnerability principle For the Google Android security team, this month is...

Cisco self-aeration ROMMON mirror security issue, but the CVE denied numbers-vulnerability warning-the black bar safety net

! Cisco recently released a new security Bulletin says the attackers through the Cisco IOS device to upload ROMMON IOS guide app mirror obtain the device control. However embarrassing is that this product of Cisco the official release of the security warning is not CVE approval. Vulnerability...

MS15-0 7 6(CVE-2 0 1 5-2 3 7 0 vulnerability) the use of analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 7 month 1 4 day,that is,a month ago, on that busy Tuesday,Microsoft fixes exist on the Windows platform in a number of Privilege escalation vulnerabilities. In these vulnerabilities,there is a presence in the DCOM/RPC vulnerability,this vulnerability allows an attacker to initiate a...

Defense CVE-2 0 1 5-1 7 6 9 vulnerability through a malicious USB device to use this logic vulnerability-vulnerability warning-the black bar safety net

Vulnerability description Yesterday,Microsoft released an update BulletinMS15-0 8 5,and in the Bulletin represents the CVE-2 0 1 5-1 7 6 9 vulnerabilities have been fixed. CVE-2 0 1 5-1 7 6 9 vulnerability is one that exists in the Mount Manager component among the serious security problems. It...

Love fast router web Management page several vulnerabilities SQL blind injection, the plaintext stored passwords-bug warning-the black bar safety net

SQL blind injection, you can bypass the web page login authentication login default user name is admin. Password admin） I tested the ip is 1 9 2. 1 6 8. 1 6 8. 1:8 0,blind the url is http://192.168.168.1/login/x The user name of the payload is -1" OR 321=6 AND 0 0 0 1 6 7=0 0 0 1 6 7 -- The...

Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...

Fishing kit EK support CVE-2 0 1 5-2 4 1 9 vulnerability-a vulnerability warning-the black bar safety net

Fishing kitEKrecently added for Internet Explorer CVE-2 0 1 5-2 4 1 9 the vulnerability of the support,the vulnerability is just in July this year to get repaired. Quickly use just to fix the vulnerability,has been fishing kit EK the author's usual practice,but since the 2 0 1 4 in the second hal...

Serialization vulnerability affects more than half of the Android phones-vulnerability warning-the black bar safety net

! Stagefright vulnerability broke not long before the Android platform and broke a major vulnerability, affect 5 5% of phone. IBM's X-Force application security research team has recently discovered this vulnerability. An attacker can exploit this arbitrary code execution vulnerability to a no...

Discuz! X-Series remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability root causes The root of the problem is that the api/uc. php file in the updatebadwords method, the code is as follows: function updatebadwords$get, $post global $G; if! APIUPDATEBADWORDS return APIRETURNFORBIDDEN; $data = array; ifisarray$post foreach$post as $k = $v...

FireFox file stealing 0day vulnerability has been hacked“real”use, the official emergency release to fix patch-bug warning-the black bar safety net

In Russia a web site, the researchers found a Firefox serious 0day exploits program Exp code, you can steal Windows and Linux users on the computer file. This security event is forcing Mozilla to the official emergency release patch. Vulnerability description The vulnerability is caused by the...

Model S has a security vulnerability? Tesla Fury dig Google head of security-vulnerability warning-the black bar safety net

Earlier today broke the Tesla Model S model electric car, there may be hackers exploit major security vulnerability through this vulnerability hackers can remotely control cars, and even let the car flameout, the media reported this message and of the electric car's safety questioned. Tesla in...

Heze city science and technology information network suffered HackingTeam leakage of 0day vulnerabilities attack-exploit warning-the black bar safety net

For the attacker, the HackingTeam data leak certainly gives them a“spring”. Attackers in the data leak the next day it will be baked 0day vulnerabilities added to the mainstream exploit kits. Copy the leaked 0day attack HackingTeam leakage of various 0day information can be easily reused. In...

Format string vulnerability description-vulnerability warning-the black bar safety net

Formatted string, is also a relatively Common Vulnerability types. Will trigger the vulnerability function is limited. Main's printf and sprintf, and fprintf, and so the c library in the print family of functions. We first look at the printf function Declaration int printfconst char format,... Th...

The IOS system is exposed to significant vulnerabilities hackers can be loaded with a fake APP theft information-vulnerability warning-the black bar safety net

! IOS system exposed a major security vulnerability hackers can remotely load the fake APP to steal information page screenshot） International online feature articles: according to the US CNBC website 8 on 6 reported that, according to Internet security company FireEye report, the 8.13 version of...

BIOS vulnerability DELL and Apple systems-vulnerability warning-the black bar safety net

! Since the BIOS from sleep mode after Wake-Up due to failure to correctly set write-protected, the attacker may be brush malicious BIOS image, the vulnerability number CVE-2 0 1 5-2 8 9 0, the impact of a large number of DELL systems. Vulnerability details According to the researchers Cornwell,...

Format string exploits, Part 1-the vulnerability warning-the black bar safety net

Format string vulnerabilities are a class allows an attacker at an arbitrary memory address to perform read or write operations of the software defects. This tutorial is the main concern of the C programming the program and for the formatted string function to use. Before we start understanding...

Android aeration infinite reboot Vulnerability, CVE-2 0 1 5-3 8 2 3, The impact of almost 9 0% of Android users-vulnerability warning-the black bar safety net

Android users are undoubtedly going through a tough week. This product of the latest vulnerabilities number of CVE-2 0 1 5-3 8 2 3, hackers can take advantage of the loudo make Android phone unlimited reboot, it sounds a bit like Stagefright vulnerability, and it stems from the media server,...

Linksys WRT54G router overflow vulnerability analysis-operating environmental remediation-vulnerability warning-the black bar safety net

This excerpt from the secret home router 0day vulnerability Mining Technology of Wu Shaohua editor, Wang Wei, Zhao Xu, EDS., Publishing House of electronics industry 2 0 1 5 年 8 月 publication. In this Chapter the experimental test environment described in Table 1 3-1 shown in Fig. Table 1 3-1 The...

The latest version of Apple OS X10. 1 0 exposure to privilege escalation 0day vulnerabilities-vulnerability warning-the black bar safety net

Security researcher Stefan Esser found a the latest Apple OS X 1 0. 1 0 version of the privilege elevation 0day exploit, an attacker can root permissions to open or create all of the OS X system files without having account password verification. Accidental discovery of 0day On Monday, the...

The popular DNS server software BIND exposed serious DoS vulnerability-vulnerability warning-the black bar safety net

BIND is the world's most popular DNS server software. The Internet Association, the ISC published Vulnerability CVE-2 0 1 5-5 4 7 7 patch, this is an affected BIND server to a serious denial of service vulnerability. BIND denial of service vulnerability A week ago, the Internet Association, the I...

Android tremble! Black Hat2015 hacker conference to be announced 6 security a threat-vulnerability warning-the black bar safety net

For phone control and information security of the party, the Black Hat, the world's top hacker conference is certainly not to be missed, each time the General Assembly will burst a lot of interesting things, such as this opening in the United States, held Black Hat 2 0 1 5, the“fresh”security...