* Posts by mark?

12 publicly visible posts • joined 19 May 2010

Nvidia fixes hole that turns PCs into remote-control toys for hackers

mark?
FAIL

"The vulnerability allows a remote attacker with a valid domain account" - aka what the rest of us call "a local user" (which makes this flaw a lot less serious)

PoC code uses super-critical Windows bug to crash PCs

mark?
Stop

30 days?

MS didn't say 30 days - the media did.

MS rated it as BELOW 30 days (e.g the exploit will be found asap)

'Self-aware' bank account robbing code unleashed by hacker

mark?
FAIL

omfg

It's a friggin' JS worm..... Nothing new.

Nothing to see here, move along

(also BeEF is so more better)

Scareware slingers stumped by Google secure search

mark?
Happy

As expected

It's quite easy to test (I'm using Firefox 8.0):

.

http->http (http://google.com->http://ssltest.net)

Referer sent: true

.

http->https (http://google.com->https://ssllabs.com)

Referer sent: true

.

https->https (https://google.com->https://ssllabs.com)

Referer sent: true

.

https->http (https://google.com->http://ssltest.net)

Referer sent: false

Firm at heart of biggest oil spill spews toxic web attack

mark?
Stop

To SQL inject or Not, that's the question!

“We don't know exactly how the compromise happened but as the attackers were able to upload the exploit files to the server it's not a SQL injection attack (which usually involves redirection to an external server),”

Well, it IS possible to upload code through SQLi.

SELECT something INTO OUTFILE 'backdoor.ext'

Groundhog day: more Sony breaches

mark?

Meanwhile in Indonesia...

"• Indonesia – This attack seems less serious: a page was altered on Sony Music Indonesia’s Website, and in response, the site has been closed."

How is this less serious? If your able to alter a page, then what stops you from running a local exploit to gain root access? $ony whole infrastructure sucks, so with root access to one of the servers, you can probably get root access to the rest of the boxes...

Source code leaked for pricey ZeuS crimeware kit

mark?
Happy

Even script kiddies..

.. should be able to find a download link by now ;)

Hacker swipes details of 4m Pirate Bay users

mark?
Thumb Down

Hacker ?

He is a script kiddie, not a hacker.

He got access to a mod account and used the account to get more access. You could only exploit the system with mod+ access, so if people (mods) just start using good/better passwords, then this would never happened.

YouTube vuln pwns Justin Bieber fans

mark?
Alert

XSS?

There was no cross-site scripting flaw. It was a html injection flaw!

You could NOT execute JS code on YouTube visitors, but you could use the "<body onload=CodeHere>" it was possible to do "bad" stuff to Justin Bieber fans :P

Rancid IE6 'more secure' than Chrome and Opera US bank says

mark?
WTF?

WTF?

What the fuck is he talking about?

MSIE > The safest (Chrome) + The fastest (Opera) browser in the world?

Rash of Facebook 'likejacks' still flaring

mark?
Thumb Up

Ever heard about NoScript?

It block clickjacking and your also able to block facebooks "like"-buttons on non facebook sites.

German cybercrime forum hacked

mark?
FAIL

Rapidshare = p2p?

"have been uploaded in three separate files onto to the Rapidshare P2P network"

since when has Rapidshare been a P2P network?