QNAP Web Server Remote Code Execution: This Metasploit module allows you to inject unix command with the same user who runs the http service – admin – directly on the QNAP system. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200

Safari FILE: scheme security hole: It appears that Safari does not enforce any kind of access restrictions for XMLHTTPRequests on FILE: scheme URLs. As a result, any HTML file on the local file system that is opened in Safari can read any file that the user has access to (and, of course, it can upload those files […]

Avevano appena rifatto il sito.. Ma c’è un ma. Buco nel sito Trenitalia: carte dei clienti clonate: Tutto comincia con una telefonata: «Siamo la sua banca lei per caso ha effettuato queste spese?». All’inizio si resta un po’interdetti, si, no, forse fino a quando appare chiaro che siamo di fronte a una carta clonata. «Ma […]

Noose around Internet’s TLS system tightens with 2 new decryption attacks: The noose around the neck of the Internet’s most widely used encryption scheme got a little tighter this month with the disclosure of two new attacks that can retrieve passwords, credit card numbers and other sensitive data from some transmissions protected by secure sockets […]

stealth/troubleshooter: Abstract: This paper demonstrates vulnerabilities within the SELinux framework as well as shortcomings in the type enforcement setup. I will show how to deconstruct a SELinux setup with some simple 80’s style exploit techniques. While reading this paper, I recommend listening to this music from the year of morrisworm. When in 2012 the SELinux […]

Pcap2XML/Sqlite: This tool converts 802.11 packet traces (PCAP format) into an XML and SQLITE equivalent so you can now run XPATH/XQUERY/SQL queries on the packets. Why do we need this? Wireshark is great when it comes to capturing and filtering packet traces. However, it has no facility for macro level tasks. Here are some answers […]

TextSecure, RedPhone, and Signal threat modeling: TextSecure, RedPhone, and Signal threat modeling In this blog post I will explore what telecommunication companies (telcos) are able to observe in terms of metadata and content when using or not using Open Whisper Systems’ TextSecure, Signal, and RedPhone. This blog post is independently licensed as “CC0″, because I […]

This String of 13 Characters Can Crash your Chrome on a Mac: If you’re currently on a Mac computer and using a Chrome browser then a weird little Apple’s OS X quirk, just a special thirteen-characters string could cause your tab in Chrome to crash instantly. A string of 13 characters (appear to be in […]

Nibble Security: The old is new, again. CVE-2011-2461: As part of an ongoing investigation on Adobe Flash SOP bypass techniques, we identified a vulnerability affecting old releases of the Adobe Flex SDK compiler. Further investigation traced the issue back to a known vulnerability (CVE-2011-2461), already patched by Adobe in apsb11-25. Old vulnerability, bad luck, let’s […]

ikkisoft/ParrotNG: ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461 ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461 http://www.slideshare.net/ikkisoft/the-old-is-new-again-cve20112461-is-back ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461. For more details, please refer to the slides of our Troopers […]