The Register® — Biting the hand that feeds IT

Feeds

* Posts by mark?

13 posts • joined Wednesday 19th May 2010 16:09 GMT

Posted in Nvidia fixes hole that turns PCs into remote-control toys for hackers
mark?
FAIL

"The vulnerability allows a remote attacker with a valid domain account" - aka what the rest of us call "a local user" (which makes this flaw a lot less serious)

Posted in PoC code uses super-critical Windows bug to crash PCs
mark?
Stop

30 days?

MS didn't say 30 days - the media did.

MS rated it as BELOW 30 days (e.g the exploit will be found asap)

Posted in 'Self-aware' bank account robbing code unleashed by hacker
mark?
FAIL

omfg

It's a friggin' JS worm..... Nothing new.

Nothing to see here, move along

(also BeEF is so more better)

This post has been deleted by a moderator

Posted in Scareware slingers stumped by Google secure search
mark?
Happy

As expected

It's quite easy to test (I'm using Firefox 8.0):

.

http->http (http://google.com->http://ssltest.net)

Referer sent: true

.

http->https (http://google.com->https://ssllabs.com)

Referer sent: true

.

https->https (https://google.com->https://ssllabs.com)

Referer sent: true

.

https->http (https://google.com->http://ssltest.net)

Referer sent: false

Posted in Firm at heart of biggest oil spill spews toxic web attack
mark?
Stop

To SQL inject or Not, that's the question!

“We don't know exactly how the compromise happened but as the attackers were able to upload the exploit files to the server it's not a SQL injection attack (which usually involves redirection to an external server),”

Well, it IS possible to upload code through SQLi.

SELECT something INTO OUTFILE 'backdoor.ext'

Posted in Groundhog day: more Sony breaches
mark?

Meanwhile in Indonesia...

"• Indonesia – This attack seems less serious: a page was altered on Sony Music Indonesia’s Website, and in response, the site has been closed."

How is this less serious? If your able to alter a page, then what stops you from running a local exploit to gain root access? $ony whole infrastructure sucks, so with root access to one of the servers, you can probably get root access to the rest of the boxes...

Posted in Source code leaked for pricey ZeuS crimeware kit
mark?
Happy

Even script kiddies..

.. should be able to find a download link by now ;)

Posted in Hacker swipes details of 4m Pirate Bay users
mark?
Thumb Down

Hacker ?

He is a script kiddie, not a hacker.

He got access to a mod account and used the account to get more access. You could only exploit the system with mod+ access, so if people (mods) just start using good/better passwords, then this would never happened.

Posted in YouTube vuln pwns Justin Bieber fans
mark?
Alert

XSS?

There was no cross-site scripting flaw. It was a html injection flaw!

You could NOT execute JS code on YouTube visitors, but you could use the "<body onload=CodeHere>" it was possible to do "bad" stuff to Justin Bieber fans :P

Posted in Rancid IE6 'more secure' than Chrome and Opera US bank says
mark?
WTF?

WTF?

What the fuck is he talking about?

MSIE > The safest (Chrome) + The fastest (Opera) browser in the world?

Posted in Rash of Facebook 'likejacks' still flaring
mark?
Thumb Up

Ever heard about NoScript?

It block clickjacking and your also able to block facebooks "like"-buttons on non facebook sites.

Posted in German cybercrime forum hacked
mark?
FAIL

Rapidshare = p2p?

"have been uploaded in three separate files onto to the Rapidshare P2P network"

since when has Rapidshare been a P2P network?