at the first time we all where like: what the hell is : #!/usr/bin/perl ?? Exemble: Code: im gunne explain u how u make this work.———————————————————————1: get active perl: Code: -5.8.7.813-MSWin32-x86-148120.msi perl = .pl u can’t make .pl files working without active perl. U can but then u have to use a server with perl. most
Nunca he creído en la seguridad por oscuridad, es decir, si nadie sabe donde está el punto débil, nadie puede atacarlo. De ser cierta esa aproximación Windows debería de ser el sistema operativo más seguro del planeta, y sin embargo ese no es el caso. Por eso es que yo creo en la política de [...]
Hack and spammers seem to work popular in an attempt to search for vulnerabilities in various applications. It appears that the recently discovered used to try to take advantage of one unpatched Adobe Flash vulnerability. According to one post yesterday of McAfee AVERT Labs, the security company has received a number of samples used by many different sources of spam domains.McAfee were samples of
THE SECOND RETAIL PATCH FOR AGE OF CONAN (released May 27, 2008)
General
* Grouped players that are apprenticed will now get their kill XP capped to the correct level.
* Characters should now always get zoned back from a PvP game
* Characters should now be able to move away from their spot, without the server thinking that [...]
An easy way to increase your blog's visibility is to submit to various blog-ranking websites. Still it's not much use if your blog's ranked like 12,000th of the 15,000. So clearly, you have to be on the top. But to achieve this, you have have visitors to vote for you, or at least visit your site to somewhat increase your ranking. That's sort of the catch on the whole ranking thing.
However, there are a few little tricks one can try to increase these rankings. For example, there are sites like BlogsOnTop, which rank blogs by their traffic, which is measured by a hardly noticeable little image somewhere on the bottom of the page. This can be pretty easily exploited: there are tons of popular forums and community sites that allow images in posts, or better yet, in signatures. You just write s
An easy way to increase your blog's visibility is to submit to various blog-ranking websites. Still it's not much use if your blog's ranked like 12,000th of the 15,000. So clearly, you have to be on the top. But to achieve this, you have have visitors to vote for you, or at least visit your site to somewhat increase your ranking. That's sort of the catch on the whole ranking thing.
However, there
As if we needed any other kind of proof that John McCain is a asshole. There's this: Quote: ALLENTOWN, Pa. - Republican John McCain said Wednesday that the bridge collapse in Minnesota that killed 13 people last year would not have happened if Congress had not wasted so much money on pork-barrel spending Federal investigators cite undersize steel plates as the "critical factor" in the collapse of the bridge. Heavy loads of construction materials on the bridge also contributed to the disaster that injured 145 people on Aug. 1, according to preliminary findings by the National Transportation Safety Board. "The bridge in Minneapolis didn't collapse because there wasn't enough money," McCain told reporters while campaigning in Pennsylvania. "The bridg
A preacher wanted to raise money for his church and on being told that there was a fortune in horse racing, decided to purchase one and enter it in the races.However at the local auction, the going price for horses was so high that he ended up buying a donkey instead. He figured that since he had it, he might as well go ahead and enter it in the races. To his surprise, the donkey came in third! The next day the local paper carried this headline: PREACHER’S ASS SHOWSThe preacher was so pleased with the donkey that he entered it in the race again, and this time it won. The paper read: PREACHER’S ASS OUT IN FRONTThe Bishop was so upset with this kind of publicity that he ordered the preacher not to enter the donkey in another race. The paper headline read: BISHOP SCRATCHES PREACHER’S AS
Is she really the person to talk about Martin Luther King considering all of the racial politics she's been playing the last few months?Everything that comes out of this woman's mouth seems to reek of phoniness.
I think this is the third ad I've seen where he plays that clip of himself from back then. I'm still confused as to why I'm supposed to think he's right about Iraq just simply because he served in Vietnam, a war he apparently hasn't gotten over that we lost much like we're losing in Iraq now.Maybe it's his inability to accept failure in war that has prevented him from making rational decisions about where we are now.
A preacher wanted to raise money for his church and on being told that there was a fortune in horse racing, decided to purchase one and enter it in the races.
However at the local auction, the going price for horses was so high that he ended up buying a donkey instead. He figured that since [...]
If a pig is given a choice of strolling in a field of orchids or taking a dive into a pool of mud, we all know what it will do. Given a choice of taking the low road or the high road, Hillary Clinton invariably descends into the gutter.
Related Posts
March 26, 2008 — Hillary Clinton’s [...]
ways to handle and compile exploits. Alot of exploits come with "noob protection". Noob protection being they will move or add sections of text or scramble a simple statement so people immediatly know that it shouldnt be that way. This protects against skiddies and noobs from getting and running the exploit. I will show you how to compile exploits with Dev C++ and run perl and php scripts. I will also include the entire remote library from milw0rm compiled in complete.Downloads: dev c++, perl (win), perl (source), openSSL (win)WSAStartupQuote:[linker error] undefined reference to `WSAStartup@8'[linker error] undefined reference to `socket@12'Open dev c++ optionsin the main window will be a checkbox that says "Add the following commands when calling the compiler" type this in the box -lwsoc
The church shootings in Colorado were a tragedy no atheist I've known would wish on anyone. And yet, Christian extremist Tony Perkins of the Family Research Council believes that "the secular media" is at least partially responsible. Not to exaggerate my own importance or anything, but I figure I'm part of the closest thing there is to any sort of secular media in America, an atheist blogger. Thus, I hope you'll grant me my right to feel more than a little aggravated over this.First things first, what exactly did Perkins say?It is hard not to draw a line between the hostility that is being fomented in our culture from some in the secular media toward Christians and evangelicals in particular and the acts of violence that took place in Colorado yesterday. But I will say no more for now other than that our friends at New Life Church and YWAM are in our thoughts and prayers.Forget that the shooter was a Christian, aggressing against his own church. Forget that he was known to be unstab
MySpace hacked, exploits target Alicia Keys' page and othersBy Thomas Claburn 9 November 2007 12:47PMAvoid Alicia Keys' Web page on MySpace. It's been hacked..Roger Thompson, CTO at Exploit Prevention Labs, has found multiple hacked MySpace pages, including the page for Alicia Keys, the social networking site's fourth most popular music artist. In keeping with what appears to be a new trend among security researchers, Thompson has released a video depicting the hack on YouTube. He has also posted details on his blog. Visiting the page exposes the visitor to an exploit that installs malware unless the user is fully patched against the most recent security vulnerabilities. "They're using an exploit to install software in the background," Thompson explains in the video. Even those with patched systems are vulnerable. The hackers have found a way to associate their malicious URL with what would normally be a non-clickable background area on the Web page. The result is that clicks outs
Sipera, the VoIP security firm that I saw first at BlackHat 2007 has warned VoIP firms before disclosing the vulnerabilities. There are multiple vulnerabilities, advisories and they are listed here.The tests focused specifically of residential and SMB VoIP service and equipment. I was surprised to find strong authentication, signaling security, and media encryption were lacking, looks like everybody is following Microsoft. Get it Out there first and then we fix it as troubles jump up.So what does these vulnerabilities do to users? spoofing, eavesdropping, and remote exploits are some of the possibilities.I will write later today about what you should be looking in VoIP Security.Following is the news release by Sipera;Richardson, TX, October 23, 2007 – Sipera VIPER™ Lab, operated by Sipera Systems, the leader in comprehensive VoIP/UC security solutions, today disclosed multiple threat advisories for users of VoIP services and equipment from Vonage, Globe7 and Grandstream. Among othe
Wireless Vulnerabilities and Exploits (WVE) es un registro público de todas las vulnerabilidades wireless. Esta iniciativa está patrocinada por CWNP, empresa independiente que brinda entrenamiento en wireless y por el Centro de Estudios Avanzados de Defensas en Washington. La iniciativa será gestionada por una comisión Editorial conformada por expertos de la academia, del gobierno y de
LAS VEGAS — Two methods that could allow criminals to break into and steal data from Apple’s iPhone were demonstrated Thursday here at the Black Hat hacker conference. Charlie Miller, a researcher with Independent Security Evaluators, had warned Apple more than two weeks ago that he would present his findings at the [...]
Talking with my good friend Chris Mueller this afternoon, we stumbled across an article about a cross-site scripting sort of vulnerability that’s pretty wide-spread on the internet.
The general background is that many many dynamic websites, including probably this one, use forms or variables in the url of the page to communicate information from one page to the next. This includes things like login information, page choice, and virtually any link that changes over time. (mousing over the “Most Recent Entries” links at the right gives ….?entry=entry839402874 and such)
This is hackable because, though my password might be unhackable, once I’m logged in to the admin or user-privaleged portion of a site, a hacker can send me to a site that essentially gets me to do their work for them. They do this by adding a tag to a page. Because the user is already logged in on their site, when this page opens the link within the tags, it allows things to go through
สวัสดีคับหลังจากที่ให้ Google พาไปเที่ยว Directory เล่นในบทความเมื่อวานนี้แล้วคราวนี้เราจะใช้ Google ค้นหาเครื่องมือที่ใช้ในการทดสอบการเจาะระบบรวมทั้งค้นหาเป้าหมายที่มีช่องโห่วนั้นๆด้วยคับ (more…)
Google Hacking, Penetration Test
If you haven’t read about the latest (as of 7.23.07) Mac exploit/s then you either don’t care or haven’t looked at the intarwebs lately. I’ll give you the short version, with LOTS of links:
Engadget is aflame with comments on their posts, so far THREE, about the alleged “rape.osx” worm that a group of hackers, who call themselves “InfoSecSellOut“, posted some hints about on their blogspot blog as well as a link to a securityfocus.com notice about the “worm”, oh and a hint that they want money for having created the worm. There’s been way too much drama to map out here (death threats much?!?!), but lets just say its gotten out of hand and TMBBITW is totally neutral, we’re strictly grey hat and ALL homegrown Linux. No plans to release the code for the rape.osx worm have been revealed, not even a little bit.
HackZine has a little blurb up about a video that has popped up on www.exploitingiphone.com, which is real
Navegando por la red he encontrado una empresa "Wabisabilabi" que se dedica a la venta de exploits, muy practico para los creadores de spyware. Parece mentira como proliferan este tipo de "empresas", al parecer es un tipo de negocio bastante rentable, visto los precios de salida y que subastan sus ofertas al mejor postor
Un exploit tipo Yahoo! Messenger 8.1 remote buffer overflowleer más
Navegando por la red he encontrado una empresa "Wabisabilabi" que se dedica a la venta de exploits, muy practico para los creadores de spyware. Parece mentira como proliferan este tipo de "empresas", al parecer es un tipo de negocio bastante rentable, visto los precios de salida y que subastan sus ofertas al mejor postor
Un exploit tipo Yahoo! Messenger 8.1 remote buffer overflowleer más
Book Description
ISBN-0764569597Hacker extraordinaire Kevin Mitnick delivers the explosive encore to his bestselling The Art of DeceptionKevin Mitnick, the world's most celebrated hacker, now devotes his life to helping businesses and governments combat data thieves, cybervandals, and other malicious computer intruders. In his bestselling The Art of Deception, Mitnick presented fictionalized case
Cross Site Scripting Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.
*XSS Vulnerabilities exist in 8 out of 10 Web sites
*The authors of this book are the undisputed industry leading authorities
*Contains independent, bleeding edge research, c
British Gas launched a ‘New Energy’ business yesterday, which among other things will install household solar panels. UK suppliers of solar panels – particularly solar hot water – are young and fragmented and they must be worried.
PR is one driver, of course, but the main reason behind British Gas New Energy is that it will be incredibly profitable. People don’t use solar because it saves money; they use it because it feels green. On top of paying for expensive technology that takes decades to pay back, customers are prepared to pay an additional mark up that allows big margins.
The problem is that customers – corporates and homeowners alike – tend not to focus too carefully on environmental outcomes when they buy feel-good (which is why carbon offsetting is such a murky industry – there is not much demand for clearer information). Sanyo, Google and Tesco could surely have found greener uses for their cash than vast photovoltaic arrays. But they do look good, don’
McAfee on Monday afternoon said it had spotted a variant of Nirbot that appears to exploit the recently disclosed vulnerability in the Windows DNS service. Nirbot is a typical botworm that gives an attacker full control over an infected computer via an Internet Relay Chat channel, McAfee said. “An attacker can gain control [...]
This morning, the US-CERT team of the Department of Homeland Security acknowledged Microsoft’s advisory this morning, stating that it’s investigating instances where Windows servers running the DNS service can be tricked into running any code remotely in a local system context, with the same privileges as the DNS service itself. As an indication [...]
Just as Microsoft Corp. omitted a patch for a two-month-old flaw in Word 2000 and 2002 from its monthly updates yesterday, three more bugs in the company’s Office suite were disclosed by a security researcher. Microsoft confirmed it is investigating but downplayed any threat. Mati Aharoni, of Offensive Security, used a pair of [...]
Alex has added 4 new exploits to the exploits section of his website. These are for bugs that have been fixed in recent CPU’s. The exploits are: 1. SQL Injection via Oracle KUPV$FT in Oracle 10g R1 2. SQL Injection via Oracle KUPM$MCP in Oracle 10g R1 3. SQL Injection via Oracle KUPW$WORKER [...]
French band wants to know its fans better
A security researcher has documented malware that uses a vulnerability in Apple’s QuickTime movie player to make a computer download and run a Javascript. A MySpace account promoting a French music group is exploiting the flaw to siphon information about users visiting the page and send it [...]
The aim of this paper is to explain the threat of PLSQL injection on Oracle databases and show how principles from the world of computer forensics can be transferred to Oracle in order to deduce vulnerability to past and future exploits with a high level of certainty. This paper will enable the reader [...]
Andrea Purificato has a site called RawLAB that is quite useful. It has a good list of Oracle exploits written in Perl. These include the following exploits written to use cursor injection: dbms_exp_extV2.pl dbms_cdc_subscribeV2.pl dbms_meta_get_ddlV2.pl kupw-workerV2.pl kupv-ft_attach_jobV2.pl
Read more…
Does anybody else think it's funny that Hollywood makes a movie (great movie, by the way) that criticizes how the flag-raisers at Iwo Jima were exploited to sell war bonds, something important, and then exploits one of the raisers' sons for an awards show.
It's right to honor them. Just don't criticize people who want to remember a glorious moment in American history as if you're so much more sophisticated; especially if you're going to do the same thing.
