United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.

Saturday, January 26, 2008

Top Web Based Hacks of 2007

Jeremiah Grossman: Top Ten Web Hacks of 2007 (Official)

Web Hacks of 2007:

Top Ten
XSS Vulnerabilities in Common Shockwave Flash Files
Universal XSS in Adobe’s Acrobat Reader Plugin
Firefox’s JAR: Protocol issues
Cross-Site Printing (Printer Spamming)
Hiding JS in Valid Images
Firefoxurl URI Handler Flaw
Anti-DNS Pinning ( DNS Rebinding )
Google GMail E-mail Hijack Technique
PDF XSS Can Compromise Your Machine
Port Scan without JavaScript

Honorable Mention:
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC)

The rest of the top web hacks:

Cross-Site Printing (Printer Spamming)Stealing Pictures with PicasaHScan ReduxISO-8895-1 Vulnerable in Firefox to Null InjectionMITM attack to overwrite addons in FirefoxMicrosoft ASP.NET Request Validation Bypass Vulnerability (POC)Non-Alpha-Non-Digit 3Steal History without JavaScriptPure Java™, Pure Evil™ PopupsGoogle Adsense CSRF holeThere’s an OAK TREE in my blog!?!?!BK for Mayor of Oak Tree ViewGoogle Docs puts Google Users at RiskAll Your Google Docs are Belong To US…Java Applets and DNS RebindingScanning internal Lan with PHP remote file opening.Firefox File Handling WoesFirefoxurl URI Handler FlawBugs in the Browser: Firefox’s DATA URL Scheme VulnerabilityMultiviews Apache, Accept Requests and free listingOptimizing the number of requests in blind SQL injectionBursting Performances in Blind SQL Injection - Take 2 (Bandwidth)Port Scan without JavaScriptFavorites Gone WildCross-Browser Proxy UnmaskingSpoofing Firefox protected objectsInjecting the script tag into XMLLogin Detection without JavaScriptAnti-DNS Pinning ( DNS Rebinding ) : Online Demonstration Username Enumeration Timing Attacks (Sensepost)Google GMail E-mail Hijack TechniqueRecursive Request DoSExaggerating Timing Attack Results Via GET FloodingInitiating Probes Against Servers Via Other ServersEffects of DNS Rebinding On IE’s Trust ZonesPaper on Hacking Intranets Using Websites (Not Web Browsers)More Port Scanning - This Time in FlashHTTP Response Splitting and Data: URI scheme in FirefoxRes:// Protocol Local File EnumerationRes Timing AttackIE6.0 Protocol GuessingIE 7 and Firefox Browsers Digest Authentication Request SplittingHacking Intranets Via Brute ForceHiding JS in Valid ImagesInternet Archiver Port ScannerNoisy Decloaking MethodsCode Execution Through Filenames in UploadsCross Domain Basic Auth Phishing TacticsAdditional Image Bypass on WindowsDetecting users via Authenticated RedirectsPassing Malicious PHP Through getimagesize()Turn Any Page Into A Greasemonkey PopupEnumerate Windows Users In JSAnti-DNS Pinning ( DNS Rebinding ) + Socket in FLASHIframe HTTP PingRead Firefox Settings (PoC)Stealing Mouse Clicks for Banner Fraud(Non-Persistent) Untraceable XSS AttacksInter Protocol ExploitationDetecting Default Browser in IEBypass port blocking in Firefox, Opera and Konqueror.LocalRodeo DetectionImage Names Gone BadIE Sends Local Addresses in Referer HeaderPDF XSS Can Compromise Your MachineUniversal XSS in Adobe’s Acrobat Reader PluginFirefox Popup Blocker Allows Reading Arbitrary Local FilesIE7.0 Detectoroverwriting cookies on other people’s domains in Firefox. Embeding SVG That Contains XSS Using Base64 Encoding in FirefoxFirefox Header Redirection JavaScript ExecutionMore URI Stuff… (IE’s Resouce URI)Hacking without 0days: Drive-by JavaGoogle Urchin password theft madnessUsername Enumeration VulnerabilitiesClient-side SQL Injection AttacksContent-Disposition HackingFlash Cookie Object TrackingJava JAR Attacks and FeaturesSevere XSS in Google and Others due to the JAR protocol issuesWeb Mayhem: Firefox’s JAR: Protocol issues (bugzilla)0DAY: QuickTime pwns FirefoxExploiting Second Life

السعودية تصدر قانونا جديدا لمكافحة جرائم المعلوماتية

أصدرت وزارة الداخلية السعودية اليوم قانونا جديدا لمكافحة جرائم المعلوماتية التي تشمل التهديد والإبتزاز والتشهير بالآخرين في مواقع الإنترنت وانشاء مواقع الإنترنت الإرهابية. النظام الجديد يشمل 16 مادة تتضمن عقوبات صارمة ضد مرتكبي هذه الجرائم تتراوح بين سنة و10 سنوات سجنا وغرامات مالية تصل الى خمسة ملايين ريال سعودي.

For More details visit the link below:

السعودية تصدر السعودية تصدر قانونا جديدا لمكافحة جرائم المعلوماتية

Tuesday, January 8, 2008

Secur Middle East - 18-19 February 2008 - JW Marriott, Dubai, UAE.



Marcus Evans presents the inaugural Secur Middle East Congress. CISSPs earn up to 12 CPEs at the event which will focus on: "Implementing a successful, proactive approach against information security breaches".

It features a 2-Day conference coupled with a major IT security-specific exhibition. (ISC)2 members receive a 15% discount off the conference price.

Specific sessions include:

Feb 18
Session 1: Securing Wireless Technology
Session 2: Identification & Authentication
Session 3: Hacking & Threats Counter Measures
Feb 19
Session 1: Enterprise Security Architecture
Session 2: Network Security for Corporate Defence
Session 3: Information Security


For more information, visit the Secur Middle East Website.

NEWS FEEDS:

SecurityStreet:

PandaLabs Blog

Webroot Threat Blog

Daily Infosec News

HITBSecNews

Naked Security - Sophos

Taddong

Zone-H.org News

CGISecurity

ArsTechnica:

HACK A DAY

Help Net Sec

The Spanner

Middle East Technology News

CRIME

Selil Blog

HACKING IN THE NEWS

Special Defacements

The Certified Geek

DoS Files ≈ Packet Storm

E Hacking News

Banned in UAE:

The following websites are blocked by ISPs in UAE.

News ≈ Packet Storm

DARKNET

MySecured.com

Copyright © 2008-2009 UAE Hackers.com .
All rights reserved.