Archive for 'Hacking'

Most smartphone owners are indifferent about phone security

Possibly due to kids under ten running rampant with iPhones, over eighty percent of smartphone owners have no security products installed on their mobile devices according to a new study conducted by NPD. In addition, 25 percent of all smartphone owners have no idea how to install software to make smartphones more secure. However, 83 percent of respondents in the survey claimed they would take action and install a piece of security software only if a threat like a virus or …

Continue Reading →

FBI Continues Crackdown on Cybercrime With Two Arrests

The FBI arrested two suspected members of hacker groups LulzSec and Anonymous Thursday. Cody Kretsinger, a 23-year-old suspected member of hacking group LulzSec, was arrested in Phoenix for his alleged role in the cyberattacks on Sony Pictures Entertainment this June. Hackers stole information from 37,000 of the company’s user accounts and posted it on LulzSec’s website.
[More from Mashable: Hacked NBC News Twitter Account Issues False Reports of Ground Zero Plane Crash]
Members of the Los Angeles FBI field office …

Continue Reading →

Dynamic evaluation vulnerabilities

Dynamic evaluation vulnerabilities – dynamic variable evaluation
An eval injection vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call.[5]

$myvar = ‘somevalue’;
$x = $_GET['arg'];
eval(‘$myvar = ‘ . $x . ‘;’);

The argument of “eval” will be processed as PHP, so additional commands can be appended. For example, if “arg” is set to “10; system(‘/bin/echo uh-oh’)“, additional code is run which executes …

Continue Reading →

To help the attendees of my Brucon White Hat Shellcode workshop, I wrote a new program to generate simple shellcode. I’m releasing it now.
People regularly ask me for malware so they can test their security setup. First, that’s a bad idea, and second, you can do without.
Why is using malware a bad idea? It’s dangerous and not reliable. Say you use a trojan to test your sandbox. You notice that your machine is not compromised. But is it …

Continue Reading →

Non alphanumeric code in PHP

So a small php shell was tweeted around and it inspired me to investigate a way to execute non-alphanumeric code. First off I started with the idea of using octal escapes in PHP and constructing the escape so for example: \107 is “G” if I could construct the “107″ and add the backslash to the beginning maybe I could construct “G”. It worked like this:
But there was no way to evaluate the escape …

Continue Reading →

Ο Παγκόσμιος Πόλεμος των Χάκερ

Ο Παγκόσμιος Πόλεμος των Χάκερ

Στις «λεωφόρους του Ίντερνετ» μάχονται οι αθόρυβοι πολεμιστές της ψηφιακής εποχής.
Μία έκπληξη περίμενε τους επισκέπτες στις σελίδες της Vodafone, της Daily Telegraph, της UPS και άλλων τεσσάρων εταιρειών την Κυριακή: αντί για τον αναμενόμενο προορισμό τους, κατέληγαν σε μία άλλη σελίδα, η οποία δεν είχε και πολλή σχέση με το αντικείμενο των αναζητήσεών τους.
Επρόκειτο για ένα site το οποίο είχε στηθεί από τους χάκερ της τουρκικής ομάδας Turkguvenligi, η οποία στόχευε στo Domain Name System (DNS) και την …

Continue Reading →
Page 16 of 16 «...101213141516