02-17-2010 5:39
Telekom, Huawei, CSRF
Vecina Telekom ADSL modema je ranjiva na CSRF napade, ovim putem mozemo izmeniti vitalna podesavanja i ugroziti korisnike na vise nacina.
Linkovi:
- http://netsec.rs/18/huawei-hg510-multiple-vulnerabilities/493/
- http://www.securityfocus.com/bid/38261/info
- http://www.elitesecurity.org/t391845-Telekom-ADSL-amp-Huawei-CSRF-Auth-Bypass-DoS
- http://en.wikipedia.org/wiki/Cross-site_request_forgery >>
Ivan Markovic
03-10-2010 23:03
odlican.net cms v.1.5 remote file upload vulnerability /Teo
odlican.net cms v.1.5 remote file upload vulnerability
Author: Teo Manojlovic
http://packetstormsecurity.org/1002-exploits/odlican-upload.txt
http://secunia.com/advisories/38488/
http://www.exploit-db.com/exploits/11340
>>chaossecurity
- chaossecurity: Mail Manager Pro CSRF Vulnerability / Milos
- m1k1: Twitter u službi lopova
03-11-2010 21:30
Hakeri napali 150 sajtova u Crnoj Gori
Crnogorski sajtovi, njih oko 150, blokirano je danas zbog hakerskog napada na jedan od web hosting servera Crnogorskog Telekoma. Predstavnica Telekoma Jelena Radonjić kazala je da se napad na server dogodio u srijedu oko 22 sata, kada su hakeri izmijenili sadržaj na oko 150 sajtova, među kojima su i oni Pošte Crne Gore, Atlasmont i Hypo Alpe Adria banke...
Izvor: http://www.vesti.rs/Vesti/Hakeri-napali-150-sajtova-u-Crnoj-Gori.html >>
MyCity::Zastita
03-12-2010 0:11
Re: Problem koji nervira
Probaj [term]regsvr32 /i shell32.dll[/term]
>>
ES::Zastita
- ES::Zastita: Re: Problem koji nervira
- ES::Zastita: Re: Proces lsass.exe?
- ES::Zastita: Re: Program koji se pokrece pri startu win-a
03-10-2010 15:34
Forum nove regionalne politike i evropskih integracija
Forum mladih Igmanske inicijative i Fondacija Friedrich Ebert u Beogradu pozivaju sve zainteresovane da se prijave za učešće u radu I Foruma nove regionalne politike i evropskih integracija, koji će se održati od 12-14. maja 2010. godine na Fruškoj gori.
read more
>>Bezbednost
03-09-2010 23:15
Prepoznajte lažni antivirus program
Blic: Predstavnici softverskog diva upozoravaju korisnike da se na internetu pojavilo antivirusno rešenje koje svojim nazivom pokušava da zavara korisnike da softver u stvari dolazi iz "Majkrosofta". >>Vesti.rs
- infigo: Konzum webshop - ISO 27001 certified
02-24-2010 8:18
Hacking Linksys IP Cameras (pt 6)
This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4), Hacking Linksys IP Cameras (pt 5).
As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camer >>
Feedproxy Security
03-08-2010 0:20
Best of Application Security (Friday, Mar. 5)
Verizon Incident Metrics Framework ReleasedWiseguys net $25m in ticket scalping racketState of Software Security Report Internet Explorer 8 and the Security Development Lifecycle (SDL)Top 10 Hacks of 2009 and WAF MitigationsFTC alleges that ControlScan offered 'little or no verification' of site security or privacy I’m in ur 4sq, snarfin ur pass >>
Feedproxy Security
-
ha.ckers: Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass
-
Ilia Alshanetsky: ConFoo PHP 5.3 == Awesome! Slides
-
ha.ckers: RSA Conference Wrapup
03-10-2010 15:51
Sophos Email Security Appliance Receives Five Star Rating and Named 'Best Buy' in SC Magazine Group Test
Sophos Email Security Appliance Receives Five Star Rating and Named 'Best Buy' in SC Magazine Group Test >>
Sophos
03-12-2010 11:31
Malware Gets Smart with Vodafone Smartphone
Security researchers recently unveiled findings about malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware. A leading mobile telecommunication company, Vodafone, has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones. The recipient of one of the malware-laden phones was, fortunately, an employee of the Spanish antivirus firm, P >>
trendmicro
-
trendmicro: More Adobe Exploits in the Wild
-
ha.ckers: Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass
-
Feedproxy Security: Plane crashes and security breaches
03-08-2010 9:38
Mondo: Čuvajte se lažnog Microsoftovog antivirusa
Naslovi
03-07-2010 15:37
Personal magazin: Google Street View nepoželjan i u Sloveniji
Vozila sa kamerama koje snimaju ulične prizore za Googleovu aplikaciju Street View ne smeju u Sloveniju bez prethodne najave, jer bi mogla povrediti privatnost informacija ili ljudsko dostojanstvo. Prema izveštajima slovenačkih medija, ekipe sa vozilima koje snimaju kadrove koji se onda mogu naći na internetu uočene su blizu slovenačke granice sa Austrijom, ali poverenica slovenačke vlade za zaštitu privatnosti Nataša Pirc Musar upozorava [...]
Vaš komentar >>
Naslovi
- Naslovi: Nacionalna klasa: NK TEST: Toyota Prius 1.8 Sol
- Naslovi: IT svet: Spam rat u Evropi traje
03-12-2010 9:37
iScanner v0.4 released - Malicious codes scanner
This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.
Features
Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects.
Extensive log shows the infected files and the malicious >>
security-database
03-12-2010 9:13
KNOPPIX 6.2.1 LiveCD available
security-database
- net-security: SimpleAuthority 3.0
03-12-2010 12:26
Mal/EncPk-OD
>>
Sophos
03-12-2010 12:26
Mal/FakeAV-CT
>>
Sophos
- XSSed: www.bobparsons.me XSS
- XSSed: store.dakar.com XSS
- XSSed: www.reuters.com XSS
03-10-2010 23:18
SecretService 0.3
SecretService enables you to encode text in all OS X aware applications with just one click. Simply highlight the text to encode or decode and select SecretService from the Services menu, plain text w... >>
net-security
03-11-2010 23:07
Safari 4.0.5 now available in Software Update
Filed under: Software Update, Security
New browser time -- and unfortunately, time to restart your Mac. Safari has been updated (for 10.4, 10.5 and 10.6 on the Mac side, and Windows XP/Vista/7 on the Win side); it includes the improvements noted: Performance improvements for Top Sites Stability improvements for plug-ins, and for sites with SVG graphics and online forms Fixes issues affecting settings changes to some Linksys routers and iWork.com user comments There ar >>
tuaw
03-11-2010 18:06
Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass
It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a condition where you can defeat CSRF tokens:
The technique, found by Lava Kuppan describes a scenario where a m >>
ha.ckers
03-11-2010 22:25
Plane crashes and security breaches
by Christian Moldes
In Outliers, Malcom Gladwell analyses how plane crashes are the result of a combination of errors. I found this analysis very interesting because of the similarity with most security breaches. A brief excerpt of his book:
“Plane crashes rarely happen in real life the same way they happen in the movies. Some engine part does not explode in a fiery bang. The rudder doesn’t suddenly snap under the force of takeoff. The cap >>
Feedproxy Security
-
theregister: Password reset questions dead easy to guess
-
1raindrop: On the Risk of Overfocusing on Seductive Details
-
: Bejtlich OWASP Podcast Posted
