Archive for hackersmag

[hackersmag] Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

Posted in AbhishekKr, Blogroll, security with tags , , , , , , , , on December 29, 2010 by abhishekkr

@ hackersmag.blogspot.com [29-Dec-2010]

http://hackersmag.blogspot.com/2010/12/weak-excuses-after-weak-security.html

Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

On Dec-17-2010, Mozilla was reported about availability of its user-accounts (partially, which were used on addons.mozilla.org) over a public server.

They have projects like Firefox (super famous web-browser), NSS (one of the most famous libraries for developing secured client-server application), and more… if an organization like them do a mistake like this, oh yeah… hackers paradise

it’s how they defend themselves…
database included 44,000 inactive accounts using older
but don’t you think… even inactive users on a site deserve their privacy, and if they were inactive and not important then……….

…click here to read full blogPost

Advertisements

[hackersmag] bypass user level restrictions, bug-case in ‘Scribd.com’

Posted in AbhishekKr, ABK Labs, security with tags , , , , , , , , , , on December 21, 2010 by abhishekkr

@ hackersmag.blogspot.com [21/Dec/2010]

entry@Blogpost: http://hackersmag.blogspot.com/2010/12/bypass-of-user-level-restrictions-case.html

view-video@Youtube: http://www.youtube.com/watch?v=g-ETsFjRhqs
access-video@Vimeo: http://vimeo.com/18020569 [view/download original nice resolution video here]

bypass of user level restrictions, a case of bug in ‘Scribd.com’

So, here is a bug (which  has now been fixed) in Scribd.com… that allowed users to get a local copy of documents which were devoid of download and print options.

It’s how layered limitation can be broken, and why restrictions must be implemented root-level-up and not just as user-level module.

…click here to read full blog-post and view real-case video

[hackersmag.blogspot.com] only few domains DNSSEC protected, WHAT ABOUT YOU

Posted in Blogroll, security with tags , , , , , , , , , , , , , , on December 20, 2010 by abhishekkr

@ hackersmag.blogspot.com [17/Dec/2010]

http://hackersmag.blogspot.com/2010/12/only-org-and-net-domains-under-dnssec.html

Are you protected with DNSSEC:
[] in mid-2010, DNSSEC got deployed over ‘root-DNS-server’ and ‘.org’ domain
[] on 10-Dec-2010, Verisign deployed DNSSEC in ‘.net’ zone too
{securing more than 13million registrations online}
[] preparations are up to sign the ‘.com’ zone in first quarter of 2011

Verisign has even launched a cloud based DNSSEC implementation service to ease its implementation in organisations…

…click here to read the full post

[hackersmag.blogspot.com] Problem with IEEE 802.1x

Posted in Blogroll, security with tags , , , , , , , , , , , , , , , on September 7, 2010 by abhishekkr
Problem with IEEE 802.1x implementation’s fallback option
———————————————————
I was just looking over some gyan for 802.1x implementation ……. saw mention of fallback option …….
MAB i.e. MAC Authnetication Bypass porviding support for Legacy Devices (say Printers) which are not capable of

[hackersmag.blogspot.com] XSS Defeating PoC

Posted in Blogroll, security with tags , , , , , , , , , , , , , , , , , on September 7, 2010 by abhishekkr

@ hackersmag.blogspot.com [6/Sep/2010]

http://hackersmag.blogspot.com/2010/09/xss-defeating-poc-if-have-any-time-for.html

Video Demo of the same PoC: http://www.youtube.com/watch?v=ENiiAccY1v0
WhitePaper is also available at SourceForge link above
I was working on a XSS-Patch PoC, which I now feel works proper enough to prove its point.
This neither require Web-Developers for any Filtering/Validation, nor any javascript blocking add-on on user’s browser.

…….click here to read full BlogPost

[hackersmag.blogspot.com] vulnerability report of hrberry.com, by ABK

Posted in Blogroll, security with tags , , , , , , , , , , , , , on September 2, 2010 by abhishekkr

@ hackersmag.blogspot.com [26/Aug/2010]

http://hackersmag.blogspot.com/2010/08/hrberrycom-php-flaw-self-inviting-dos.html

hrberry.com :: php flaw self-inviting DoS, leaked framework and server info [by, ABK]
[]Patched: Yes
[]Product Name: http://www.hrberry.com; a Payroll Helpdesk, serving…
[]…etc…etc…etc…
[]Vuln Summary:
There were validation flaws for GET Request ……. any number of characters consuming processing ……. generated error message with full PATH of PHP file.
Also worked on older un-patched version of OpenSSL.   …click here to read full BlogPost
could also see pro-details at https://sites.google.com/site/abklabs/home/secured/hrberrycom

[hackersmag.blogspot.com] Rapid7’s neXpose

Posted in Blogroll, security with tags , , , , , , , , , on August 10, 2010 by abhishekkr

@ hackersmag.blogspot.com [19/july/2010]

http://hackersmag.blogspot.com/2010/06/rapid7s-nexpose.html

Rapid7’s neXpose
http://www.rapid7.com/vulnerability-scanner.jsp

You can download the Community Edition of this famous and highly efficient Network Vulnerability Scanner by Rapid7.

[] NeXpose Community Edition provides …click to read full BlogPost

Rapid7’s neXpose
http://www.rapid7.com/vulnerability-scanner.jsp

You can download the Community Edition of this famous and highly efficient Network Vulnerability Scanner by Rapid7.

[] NeXpose Community Edition provides