"The vulnerability allows a remote attacker with a valid domain account" - aka what the rest of us call "a local user" (which makes this flaw a lot less serious)
Posts by mark?
12 publicly visible posts • joined 19 May 2010
Nvidia fixes hole that turns PCs into remote-control toys for hackers
PoC code uses super-critical Windows bug to crash PCs
'Self-aware' bank account robbing code unleashed by hacker
Scareware slingers stumped by Google secure search
As expected
It's quite easy to test (I'm using Firefox 8.0):
.
http->http (http://google.com->http://ssltest.net)
Referer sent: true
.
http->https (http://google.com->https://ssllabs.com)
Referer sent: true
.
https->https (https://google.com->https://ssllabs.com)
Referer sent: true
.
https->http (https://google.com->http://ssltest.net)
Referer sent: false
Firm at heart of biggest oil spill spews toxic web attack
To SQL inject or Not, that's the question!
“We don't know exactly how the compromise happened but as the attackers were able to upload the exploit files to the server it's not a SQL injection attack (which usually involves redirection to an external server),”
Well, it IS possible to upload code through SQLi.
SELECT something INTO OUTFILE 'backdoor.ext'
Groundhog day: more Sony breaches
Meanwhile in Indonesia...
"• Indonesia – This attack seems less serious: a page was altered on Sony Music Indonesia’s Website, and in response, the site has been closed."
How is this less serious? If your able to alter a page, then what stops you from running a local exploit to gain root access? $ony whole infrastructure sucks, so with root access to one of the servers, you can probably get root access to the rest of the boxes...