[Full-disclosure] [Call for Article] The Hacker News Magazine - November 2011 Edition

*The Hacker News * is starting to prepare the next issue of '*The Hacker News Magazine*'. Submissions are invited for a 6th up coming special November Issue as "*Anniversary Edition*". If you have something interesting to write, p

[Full-disclosure] Facebook/google+ Cross-Site Content Forgery exploit

Blackhatacademy has asked me to post this to the mailing list as im one of the instructors there, I did not personally develop the exploit, please direct questions regarding it to hatter on irc.blackhatacademy.org Overview Over the years, facebook has been vulnerable to numerous web exploitat

[Full-disclosure] {BruCon 11, OWASP 11, Virus Bulletin 11} Conference Slides

Hi All We have released the set of presentation slides that our labs has presented at recent conferences. [*] BruCon 2011 - http://secniche.blogspot.com/2011/09/brucon-2011-botnets-and-browsers.html [*] OWASP App Sec USA 2011 - http://secniche.blogspot.com/2011/10/owasp-appsec-usa-2011-hunting-w

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

Thats just lame dude if you could remove OTHER poples accounts, then id say 8clap clap*... but own account... whjat about just clicking "close account" , and lets skip creating a html page, for this... :) cheers On 8 October 2011 17:06, asish agarwalla wrote: > Be logged into Linkedin, in f

Re: [Full-disclosure] Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting

nice find. Please, put your FULL PoC within the email BODY when you are sending out disclosures..It would make some of us certainly feel abit better about reading them... specially when gmaqil refuses or has problems scanning, that should not happen, it should pass straight through... do your own t

Re: [Full-disclosure] Verizon Wireless DNS Tunneling

On 10/7/11 12:32 PM, Marshall Whittaker wrote: > I recently noticed that you can tunnel TCP through DNS (I used iodine) > to penetrate Verizon Wireless' firewall. When people avoid publicly saying stuff like this, that kind of hacks live for much longer time. Still iodine, when not used with di

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

Yeah, because it is totally safe to open up anything behind a Shortened URL. The fact that the FBI is on your ass is the only reason I might find this safe :) On Oct 7, 2011, at 9:36 PM, Laurelai wrote: > On 10/7/2011 3:23 PM, Naresh Jha wrote: >> >> Guys - Correct me if I am wrong but wo

[Full-disclosure] [ MDVSA-2011:144 ] apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:144 http://www.mandriva.com/security/ _

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

Be logged into Linkedin, in firefox Create a HTML page using the below code Open the created HTML page in a new firefox tab Play the simple game button.dummy1{position:absolute;top:75px;left:177px;z-index:-10} button.dummy3{position:absolute;top:214px;left:177px;z-index:-10} #Div3{ opacity: 0;

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

On 10/7/2011 9:06 PM, hfux0r wrote: > Yeah, because it is totally safe to open up anything behind a > Shortened URL. The fact that the FBI is on your ass is the only > reason I might find this safe :) > > > > > On Oct 7, 2011, at 9:36 PM, Laurelai > wrote: > >> On 10