Posted by Mustafa Al-Bassam on Jul 02
That’s pretty neat. Played around with this and made a few discoveries.
1. It shows a valid certificate when you spoof HTTPS sites. That’s really bad. POC/screenshot:
https://github.com/musalbas/address-spoofing-poc
2. The page isn’t responsive when using this flaw. That means you can’t spoof a login box for example. (I tried.)
3. The success of the exploit seems to depend on if the browser can start loading content.html…
The SANS Internet Storm Center reports that the Angler Exploit Kit, pushing Cryptowall 3.0 ransomware, uses rapidly changing URL patterns—almost daily changes—to evade detection and rake in profits.
ipTIME firmwares prior to 9.58 version are vulnerable to a remote code execution which gives root privileges.
ToorCon 17 has announced its call for papers. This conference will take place October 21st through the 25th, 2015 in San Diego, CA, USA.
Blueberry Express version 5.9.x suffers from a SEH buffer overflow vulnerability.
EMC Documentum D2 contains multiple DQL injection vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
FCS Scanner versions 1.0 and 1.4 suffer from a command injection vulnerability.
The UK government has launched a new website designed to support victims of online abuse, while offering practical advice on how to report the abusers.
The post UK government tackles online abuse with anti-trolling website appeared first on We Live Security.
The annual Cyber Boot Camp in San Diego aims to develop the skills, mindset, and moral code required defend networks against criminal abuse. Here are just seven of the many lessons students learned at this year’s event.
The post What I learned at Cyber Boot Camp this summer: 7 lessons appeared first on We Live Security.
