[FD] Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE

Raritan PowerIQ suffers from an unauthenticated SQL injection vulnerability within an endpoint used during initial configuration of the licensing for the product. This endpoint is still available after the appliance has been fully configured. POST /license/records HTTP/1.1 Host: 192.168.1.11 Use

[FD] Mining website blacklists

Hey, It's useful trick to use website black lists to find interesting websites. Some are down, some host interesting malware, and a lot are vulnerable to all manner of things you haven't seen since the 90s. Useful lists include: http://squidguard.mesd.k12.or.us/blacklists.tgz http://dsi.ut-capit

[FD] Oracle Data Redaction is Broken

Hey all, As part of yesterday’s Critical Patch Update, Oracle fixed 3 security flaws in data redaction services – one a privilege escalation vulnerability and two redaction bypass methods. I reported these issues to Oracle in November last year and have documented them here: http://www.davidli

Re: [FD] Is the era of ezine txt files over?

On Wed, Jul 16, 2014 at 4:05 AM, surivaton surivaton wrote: > http://www.exploit-db.com/papers/ > Just look for zines there. And for more (old) ezines http://www.gonullyourself.org/ezines where I found the initial zine mentioned: dot-aware%20alpha.txt -- a Andy Bach, afb...@gmail.com 608

[FD] Call for Paper - NOPcon 2014 - Istanbul, Turkey

[+]What is NOPcon? NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers. One more, it’s a conference for commun

[FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily

Funding doubled, so engineering some back doors? In 2012, Tor nearly doubled its budget, taking in $2.2 million from Pentagon and intel-connected grants: $876,099 came from the DoD, $353,000 from the State Department, $387,800 from IBB. That same year, Tor lined up an unknown amount funding from

Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily

Tor was originally sponsored by the US Naval Research Lab. Does this automatically mean it's backdoored then? Could someone insert a backdoor into open-source software? Yes. Funding sources do little to change this. Now, who is controlling exit nodes is a different story, but that's another can of

[FD] Ignore the amount customers confirm is no security vulnerability according to PayPal

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 ** Title: ** Transfer any amount regardless of what customer confirmed ** Short description: ** In PayPal Express Checkout the Online-Shop can transfer any amount, n

Re: [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal

Just because they deny it does not mean you did not unveil a valid bug. Personally, if a "feature" like this was really intended, I'd like to see the Paypal documentation where they highlight the utility and limits of such a function. Since when did alteration of data and integrity issues cease to

Re: [FD] Ignore the amount customers confirm is no security vulnerability according to PayPal

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 07/17/2014 09:47 PM, Glen Roberts wrote: > Just because they deny it does not mean you did not unveil a valid bug. > Personally, if a "feature" like this was really intended, I'd like to see the Paypal documentation where they highlight the u

Re: [FD] Jamming WiFi tracking beacons

There's a project on github for just that kind of thing: https://github.com/DanMcInerney/wifijammer Regardless of the hardware you choose to use, however, keep in mind that you're going to be using a much higher fraction of the radio amplifier in the wifi adapter's time than normal use, so there

Re: [FD] Jamming WiFi tracking beacons

mdk3 works wonders XD. i yet to encounter one as i live 40km away for the nearest town but honestly i would just take the thing and pour liquid nitrogen on it :D On 16 July 2014 7:26:15 PM AEST, Keira Cran wrote: >Hey, > >It's great that companies like Apple recognising the threat of tracking

Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily

On 17/07/14 01:10, Ivan .Heca wrote: > Funding doubled, so engineering some back doors? > > In 2012, Tor nearly doubled its budget, taking in $2.2 million from > Pentagon and intel-connected grants: $876,099 came from the DoD, $353,000 > from the State Department, $387,800 from IBB. > > That same y

Re: [FD] Jamming WiFi tracking beacons

This story set me wondering. Would it be possible to re-imagine WLAN and WWAN technologies such that, lets say smartphone-like devices don't have to broadcast unique, trackable IDs in the clear. I understand there's zero financial incentive for the telco industries to do this. I'm looking for m

Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily

>Tor was originally sponsored by the US Naval Research Lab. That would be a logical assumption if you read the article and associated references > Does this automatically mean it's backdoored then? is it? I think what the author was alluding to is their trying. Perry thinks they can Extremely w