A security conscious buddy of mine is an advocate of the Sysinternals freeware utilities. For those of you who don’t know, Mark Russinovich, one of the Sysinternals co founders, was the guy that discovered and exposed the Sony BMG root kit back in 2005. In other words, the crew at Sysinternals knew their $h*t. Microsoft […]

Torrent freak, an authority in the popular torrent craze, has published a post entitled,  BitTorrent Rip Off Sites, and How to Avoid Them. With the ongoing issues of Comcast forging packets, the RIAA and MPAA ruining people’s lives, this is another reason to avoid public torrent trackers. Some Torrents Provide False Hope A large percentage of torrent […]

Note: This is a guest post by Scott Hughes, administrator of Philosophy Forums. For most experienced computer users, basic security is common sense. Computer professionals and computer geeks usually know how to protect their computer and privacy. But most people who use computers regularly still do not seem to take even the most basic steps at […]

If you’re like me, remembering fifty or more unique passwords is sometimes frustrating. I refuse to use any sort of password management system, and writing them down defeats the purpose of even having a password. Some prefer using the same password for everything, but if one account is compromised, the rest will probably soon follow. […]

This is what happened when I took down my network’s defenses the other day. Fortunately my Windows machines were patched, or I might have been hit with a nasty remote exploit, or eighty. Click the thumbnail for the larger version.

Those are all incoming connections initiated via Netbios. If you don’t take the time to define […]

As you might have guessed, I’m ultra concerned about security. Security isn’t my area of expertise, nor do I claim to have any superior knowledge in the field, but sometimes being ahead of the game can prove beneficial. Shoemoney’s blog has been defaced twice (to my knowledge), simply because he failed to upgrade. This gives […]

Wow, four Wordpress plugin exploits released in under a week. Are these plugin authors really amateurs, or just trying to pwn Wordpress blogs? First up, Adserve version 0.2. The SQL injection vulnerability resides in adclick.php. Here’s the vulnerable code:

if (isset($_GET[’id’])) { Header(”Location: “.iri_AdServe_BannerClick($_GET[’id’]) return $wpdb->get_var(”SELECT url FROM $table_name WHERE id=$id;”);

Again, the id variable isn’t sanitized, and successful exploitation […]

That’s right Wordpresss kiddies, two new vulnerabilities, and they’re pretty nasty. Author Houssamix From H-T Team has released two remote SQL injection proof of concepts for WP-Cal and fGallery 2.4.1. The vulnerability for WP-Cal exists in:

/wp-content/plugins/wp-cal/functions/editevent.php

and here’s what’s vulnerable:

$id = $_GET[’id’]; $event = $wpdb->get_row(”SELECT * FROM $table WHERE id = $id”);

Why? No sanitization of $id. Since id […]

Milworm has published a denial of service exploit for the Apple iPhone, 1.1.2. I’ve made the page available, so feel free to send your friends with iPhones to that page if you’d like to see ‘em cry. The code is a simple javascript that you can copy and paste to really have some fun. I’ve yet […]

Anyone else remember this? Took place in June of 2001. Makes me feel old. After a four-minute glitch preparing the video link between Indiana and Oklahoma, the families of the victims of the Oklahoma City bombing viewed an encrypted signal of Timothy McVeigh’s execution Monday morning. The FBI said it had no reports of attempts to […]