Posted by Douglas Held on Feb 16
Victor,
Impressive work but it seems to me you went further than necessary. The
consequences of the open access were obvious without actually logging on
and tainting the target system.
Did you at least try to inform PIE of the vulnerable deployment? What was
their response?
regards,
Doug
Posted by Vítor Hugo Silva on Feb 16
As requested the solution is trivial.
Edit samba configuration file and remove Root file share. It is
pointless and not recommended at all.
—
Vítor Silva
up201402657 () fc up pt
Estudante
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DO PORTO
Rua do Campo Alegre, s/n, 4169-007 Porto, Portugal
www.fc.up.pt
A 2016-02-12 22:51, John Martinelli escreveu:
Posted by Duarte Silva on Feb 16
Have you reported this to CERT and/or the company? I know from personal experience they’re very slow, it’s good to be
covered by responsible disclosure since you just violated a series of Portuguese laws :
I know FEUP/UP have a CERT, so you could have used them a intermediary, if you didn’t already, please do contact them 🙂
PS: for those who don’t know, WinREST is a POS software that isn’t (usually) connected to…
Posted by Blue Frost Security Research Lab on Feb 16
Posted by P J P on Feb 16
+– On Thu, 11 Feb 2016, David Leo wrote –+
| If browser tries to access HTTP address,
| you will have three options:
| try HTTPS,
| Google Cache,
| or copy-and-paste the address.
|
| There is no option to “temporarily bypass HTTPS Only”.
| You can always do that in another browser.
|
| Project Home Page:
| https://httpsonly.github.io/
Browsers too are moving there:
->…
Posted by Kacper Szurek on Feb 16
# Exploit Title: Tiny Tiny RSS Blind SQL Injection
# Date: 15-02-2016
# Software Link: http://tt-rss.org/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: webapps
1. Description
$item_id inside process_category_order() is not properly escaped.
We control this value using $_POST[‘payload’].
http://security.szurek.pl/tiny-tiny-rss-blind-sql-injection.html
2….
Posted by Ming on Feb 16
#Overview
The Wall of Sheep would like to announce a call for presentations at DEF
CON 24 at the Paris and Bally’s Hotels in Las Vegas, NV from Thursday,
August 4th to Sunday, August 7th. The Wall of Sheep will be delivering
talks that increase security awareness and provide skills that can be
immediately applied after the conference. Our audience ranges from those
who are new to security to the most seasoned practitioners in the security…
Posted by David Leo on Feb 16
(@moderators The original post was too brief. This one has details.)
Summary
This tool completely locks browser – just HTTPS, nothing else. This
tool is extremely simple – less than 100 lines of code(Python and
JavaScript).
Why
Firefox Add-on Firesheep Brings Hacking to the Masses
http://www.pcworld.com/article/208727/Firesheep_Brings_Hacking_to_the_Masses.html
“Firesheep is basically a packet sniffer that can analyze all the
unencrypted…
Each program you run – clean, malicious, no matter – is actually a set of commands (called instructions) specific for particular processors. These instructions can be very simple, e.g. addition of two numbers, but we can see very complex cryptographic functions as well.
As the processor architecture evolves in time, it becomes more and more complicated and understanding or decoding the language is more difficult. It (hypothetically) does not have to be like this, but there’s a hell called backward compatibility.
Sooner or later, popular products such as (the majority of) desktop computers with the x86 processor need some innovative development to meet future requirements. Sometimes the amount of innovation is so vast, that it could easily form a completely new product. That’s the decision point – to be, or not to be – are you going to start a new product line and throw away the old platform, or will you stick with the old solution and keep the backward compatibility by hook or by crook?
Intel actually tried both ways.They admitted that there’s a need to make fundamental changes in the architecture and not limit themselves with the 20 year old shackle of 8086 processor.
So they started with the Itanium series – a completely different processor without the old limits. But the majority of common applications were written/compiled for traditional x86 architecture and Itanium has never made it to the “mainstream”.
To be honest, Itanium’s primary focus is a sphere of enterprise servers and high-end solutions, but it was a chance to make a big change with an impact also to traditional desktop systems. However, it would mean a successive conversion of current users to the new platform, motivating developers to write applications (browsers, media players, office suites…) for that platform, etc. This never happened and Itanium remains a enterprise solution. The x86 ecosystem was, and still is, so strong, that it was a necessity to paste all innovations to the old architecture. If you can’t start a greenfield project, you will always end up finding the lesser of two evils.
The language of x86 processors is called x86 assembler. If we want to understand it, we must decode it with our x86 disassembler. This is a crucial part of static analysis, emulation, dynamic translation; weapons used by, I would guess, all antivirus engines to fight malware.
Having such a disassembler means having over 16,000 lines of C code and data, including padding and formatting in our case. It could be much shorter, if there were no logical exceptions from the decoding scheme, reusing prefixes for different purposes and giving them completely different meaning, etc. With such circumstances, writing a reliable, fast, and small disassembler is really difficult and with each “paste-to-old-architecture” innovation it gets closer to impossible. It’s going to be either big, slow, or not that reliable by design, because the x86/x64 architecture is so rich and in-homogeneous.
Here’s my point. It’s OK to add native support for AES and other cryptographic functions, it’s useful, but this is not the perfect instruction. I would really like to see the disasm instruction. Once the architecture is so complicated and the opcode map so messed up and there’s no way back, why not let Intel engineers deal with it?
We have a saying in Czech Republic, loosely translated: “Let them eat, what they cooked.” It would be so nice if a processor was able to provide us with its own native decoding capability. It would be so nice if we did not have to walk through the whole instruction set reference and find which part was twisted this time to fit new demands along with old shackles. After all, we could have smaller, faster, and the most reliable code (because who’s supposed to know x86/x64 processors better than their architects?).
So, Intel engineers, for the sake of all emulator programmers, will you pick up the gauntlet and implement the perfect instruction? 
aircrack-ng is a set of tools for auditing wireless networks. It’s an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
