Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user’s information of over 70 Million accounts.
The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the email address of any user on Pinterest.
Pinterest is a very popular social media, over 70 million users including high profile figures and brands that ordinary use it, such a flaw could have a serious impact on their privacy.
More from Security Affairs
Monday, August 26, 2013
Friday, August 23, 2013
Researchers hack Verizon device, turn it into mobile spy station!
(Reuters) - Two security experts said they have figured out how to spy on Verizon Wireless mobile phone customers by hacking into devices the U.S. carrier sells to boost wireless signals indoors.
Femtocells, which act as tiny cellphone towers, can be purchased directly from Verizon for $250.
Used models can be obtained online for about $150. Ritter and his colleague, Doug DePerry, demonstrated for Reuters how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked. (Reuters video showing part of demonstration: reut.rs/12AeGbG)
http://www.reuters.com/article/2013/07/15/us-verizon-hacking-idUSBRE96E06X20130715
Femtocells, which act as tiny cellphone towers, can be purchased directly from Verizon for $250.
Used models can be obtained online for about $150. Ritter and his colleague, Doug DePerry, demonstrated for Reuters how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked. (Reuters video showing part of demonstration: reut.rs/12AeGbG)
http://www.reuters.com/article/2013/07/15/us-verizon-hacking-idUSBRE96E06X20130715
Tuesday, August 20, 2013
NMap 6.40 is out
Includes 14 new NSE scripts, hundreds of new OS and service detection signatures, a new --lua-exec feature for scripting Ncat, initial support for NSE and version scanning through a chain of proxies, improved target specification, many performance enhancements and bug fixes, and many others.
Download you copy now @ http://nmap.org/download.html
Download you copy now @ http://nmap.org/download.html
Thursday, August 15, 2013
iVerify
Pretty neat tool for iOS devices!
iVerify is an integrity validator for iOS devices capable of reliably detecting modifications such as malware and jailbreaks, without the use of signatures. It runs at boot-time to thoroughly inspect the device, identifying any changes and collecting relevant artifacts of these changes for offline analysis. This will let you know if the device has simply been jailbroken or if it has been modified in a much sneakier way.
https://github.com/trailofbits/iverify-oss
https://github.com/trailofbits/iverify-oss
Wednesday, August 14, 2013
Survival of the Fittest: New York Times Attackers Evolve Quickly
Attackers behind the breach of the New York Times’ computer network late last year appear to be mounting fresh assaults that leverage new and improved versions of malware according to FireEye.
The newest campaign uses updated versions of Aumlib and Ixeshe.
http://www.fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html
The newest campaign uses updated versions of Aumlib and Ixeshe.
http://www.fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html
Saturday, August 10, 2013
Friday, August 9, 2013
Chinese Comment Crew caught taking over a fake Water Plant
Chinese Hacking Team Comment Crew caught taking over ahoneypotsimulating a Water Plant, the infinite offensive of Chinese Cyber Units linked to PLA.
Wednesday, August 7, 2013
Microsoft Security Advisory (2876146) Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure
Microsoft announced a security advisory that affects Windows Phone 8 and Windows Phone 7.8.
"To exploit this issue, an attacker controlled system could pose as a known Wi-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim's encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource."
Here's the link for suggested actions from Microsoft...
http://technet.microsoft.com/en-us/security/advisory/2876146
"To exploit this issue, an attacker controlled system could pose as a known Wi-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim's encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource."
Here's the link for suggested actions from Microsoft...
http://technet.microsoft.com/en-us/security/advisory/2876146
Tuesday, August 6, 2013
It's been a while..
I know, I know .. it's been a long time. I'll try to make this page more better this time. Lot's of new technologies out there!!!! And yes, the new site is now called 135OIC.com. :-) More to follow!
Subscribe to:
Posts (Atom)
