Monday, August 26, 2013

Critical Pinterest Exploit threatens the privacy of millions of users

Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user’s information of over 70 Million accounts.

The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the email address of any user on Pinterest.

 Pinterest is a very popular social media, over 70 million users including high profile figures and brands that ordinary use it, such a flaw could have a serious impact on their privacy.


More from Security Affairs

Friday, August 23, 2013

Researchers hack Verizon device, turn it into mobile spy station!

(Reuters) - Two security experts said they have figured out how to spy on Verizon Wireless mobile phone customers by hacking into devices the U.S. carrier sells to boost wireless signals indoors. 

Femtocells, which act as tiny cellphone towers, can be purchased directly from Verizon for $250.

Used models can be obtained online for about $150. Ritter and his colleague, Doug DePerry, demonstrated for Reuters how they can eavesdrop on text messages, photos and phone calls made with an Android phone and an iPhone by using a Verizon femtocell that they had previously hacked. (Reuters video showing part of demonstration: reut.rs/12AeGbG)


http://www.reuters.com/article/2013/07/15/us-verizon-hacking-idUSBRE96E06X20130715

Tuesday, August 20, 2013

NMap 6.40 is out

Includes 14 new NSE scripts, hundreds of new OS and service detection signatures, a new --lua-exec feature for scripting Ncat, initial support for NSE and version scanning through a chain of proxies, improved target specification, many performance enhancements and bug fixes, and many others. 

Download you copy now @ http://nmap.org/download.html

Thursday, August 15, 2013

iVerify

Pretty neat tool for iOS devices! iVerify is an integrity validator for iOS devices capable of reliably detecting modifications such as malware and jailbreaks, without the use of signatures. It runs at boot-time to thoroughly inspect the device, identifying any changes and collecting relevant artifacts of these changes for offline analysis. This will let you know if the device has simply been jailbroken or if it has been modified in a much sneakier way.


https://github.com/trailofbits/iverify-oss

Wednesday, August 14, 2013

Survival of the Fittest: New York Times Attackers Evolve Quickly

Attackers behind the breach of the New York Times’ computer network late last year appear to be mounting fresh assaults that leverage new and improved versions of malware according to FireEye.

 The newest campaign uses updated versions of Aumlib and Ixeshe.

http://www.fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html



Wednesday, August 7, 2013

Microsoft Security Advisory (2876146) Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

Microsoft announced a security advisory that affects Windows Phone 8 and Windows Phone 7.8.

 "To exploit this issue, an attacker controlled system could pose as a known Wi-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim's encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource."

 Here's the link for suggested actions from Microsoft...

http://technet.microsoft.com/en-us/security/advisory/2876146

Tuesday, August 6, 2013

It's been a while..

I know, I know .. it's been a long time. I'll try to make this page more better this time. Lot's of new technologies out there!!!! And yes, the new site is now called 135OIC.com. :-) More to follow!

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c