On Tue, Mar 9, 2010 at 5:17 AM, Andrew Horton
wrote:
> I've just released a new version of GeoIPgen
>
> Description: GeoIPgen is a country-to-IPs generator. It's a geographic IP
> generator for IPv4
> networks that uses the MaxMind GeoLite Country database. Geoipgen is the
> first published use
It's no secret that there are tons of broadband routers/modems with
exposed admin interfaces (HTTP/SSH/Telnet/whatever) using default/weak
credentials.
While the Chuck Norris botnet is interesting in that it shows that the
problem is real, it shouldn't surprise anyone who has researched the
securi
3APA3A,
I was actually *agreeing* with you! lols. I think something got lost
in translation! Sorry if I confused anyone really.
Good luck.
2009/6/17 Vladimir '3APA3A' Dubrovin <3ap...@security.nnov.ru>:
> Adrian,
>
> If you can execute javascript - what is a reason to wait for user to
> clic
you would be surprised how many people out there (mistakenly) still
think that only GET requests are CSRFable!
2009/6/16 Jeremi Gosney :
> Vladimir: "Where there is an open mind, there will always be a frontier." -
> Charles Kettering
>
> name='DoS'>
>
>
> Google
>
>
>
> -Original Messag
;>
>> September 21th, 2008.
>> Researcher jplopezy finds the same attack vector on BlueCoat's web filter:
>> http://www.securityfocus.com/archive/1/496577/30/0/threaded
>>
>> Notice jplopezy published the bugtraq post *one day after* I published
&
swords, but wow.
Can't you accept the idea some some of us still consider hacking and
breaking into a system not necessarily the same thing?
Regards,
ap.
>
> 2008/10/31 Adrian P <[EMAIL PROTECTED]>:
>> Hello folks,
>>
>> Yesterday, I presented for the first tim
Hello folks,
Yesterday, I presented for the first time [1] a new method to perform
universal website hijacking by exploiting content filtering features
commonly supported by corporate firewalls. I briefly discussed [2] the
finding on GNUCITIZEN in the past without giving away the details, but
rath
Welcome to the web!
1 website = content retrieved from dozens/hundreds of sites. Much more than
what the browser's address bar shows ;)
Think of ad banners, analytics JS ("legit" spyware), static content served from
high-speed embedded httpds, etc ...
And yes, there are security implications
5AM +0000, Adrian P wrote:
>
> > * Exploring the UNKNOWN: Scanning the Internet via SNMP! *
> >
> http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/
> >
> > Hacking is not only about coming up with interesting solutions to
>
* Exploring the UNKNOWN: Scanning the Internet via SNMP! *
http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/
Hacking is not only about coming up with interesting solutions to
problems, but also about exploring the unknown. It was this drive for
knowledge philosop
http://www.gnucitizen.org/blog/call-jacking
* Call Jacking: Phreaking the BT Home Hub *
OK, this is a bit of a funny attack - although it could also be used
for criminal purposes! After playing with the BT Home Hub for a while
(again!) [1], pdp and I discovered that attackers can steal/hijack
VoI
http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5
It's known that UPnP [1] is inherently insecure for a very simple
reason: administrative tasks can be performed on a Internet Gateway
Device (IGD) without needing to know the admin password whatsoever!
This on its own is quite sca
Hi folks!
Just wanted to say that it IS possible to make good money and have fun
breaking security. Lots of security researchers out there are offered
very generous positions which sometimes allows them to work from home.
In many of these positions the researcher chooses what to break, and
the em
comment inline ;)
On Nov 20, 2007 8:23 PM, Steven Adair <[EMAIL PROTECTED]> wrote:
> Right this problem has existed for a long time, but it's not the end of
> the world for someone to point it out again I suppose.
>
> I think it's obvious that there's another main issue here and that's the
> way W
Remote assistance now appears to be disabled. That definitively gets
rid of the worst threat: backdooring the Home Hub router by enabling
remote access permanently (could be done by editing the config file).
Telnet has also been disabled, and the contents of the config file is
now encrypted/obfusca
Hello Juergen,
With all my respect, is it that hard to see that gaining access to a
Gmail session can lead to your identity being stolen?
Nowadays your webmail account means your online life/presence. Let's
have a walk through attack shall we?
1. Your Gmail session is hijacked (i.e.: via the XSS
Hi guys,
I just have a few comments for the sake accuracy.
On 10/12/07, Valery Marchuk <[EMAIL PROTECTED]> wrote:
> > gnucitizen may be responible for bt being under a massive attack right
> > now.
> Oh my God, people stop talking nonsense!
>
>
> Have you seen the video provided by gnusitizen.org
http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub
The BT Home Hub, which is probably the most popular home router in the
UK, is susceptible to critical vulnerabilities.
BT's plan is to sneak one of this boxes into every UK home. Not only
does the BT Home Hub support broadband but
We found multiple vulnerabilities on Axis 2100 IP cameras affecting both
old firmware versions and the latest firmware (2.43).
The research is made of two components: a purple paper and a video. The
research doesn't just cover boring PoCs, but actual Hollywood-style
exploits :-). Yes, this incl
There are two vanilla XSS on 'wp-register.php'. Only versions <=2.0.1
appear to be affected.
More info can be found on GNUCITIZEN's BlogSecurity:
http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/
Regards,
--
pagvac
gnucitizen.org, ikwt.com
_
20 matches
Mail list logo
