Jeremiah Grossman: Top Ten Web Hacks of 2007 (Official)
Web Hacks of 2007:
Top Ten
XSS Vulnerabilities in Common Shockwave Flash Files
Universal XSS in Adobe’s Acrobat Reader Plugin
Firefox’s JAR: Protocol issues
Cross-Site Printing (Printer Spamming)
Hiding JS in Valid Images
Firefoxurl URI Handler Flaw
Anti-DNS Pinning ( DNS Rebinding )
Google GMail E-mail Hijack Technique
PDF XSS Can Compromise Your Machine
Port Scan without JavaScript
Honorable Mention:
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC)
The rest of the top web hacks:
Cross-Site Printing (Printer Spamming)Stealing Pictures with PicasaHScan ReduxISO-8895-1 Vulnerable in Firefox to Null InjectionMITM attack to overwrite addons in FirefoxMicrosoft ASP.NET Request Validation Bypass Vulnerability (POC)Non-Alpha-Non-Digit 3Steal History without JavaScriptPure Java™, Pure Evil™ PopupsGoogle Adsense CSRF holeThere’s an OAK TREE in my blog!?!?!BK for Mayor of Oak Tree ViewGoogle Docs puts Google Users at RiskAll Your Google Docs are Belong To US…Java Applets and DNS RebindingScanning internal Lan with PHP remote file opening.Firefox File Handling WoesFirefoxurl URI Handler FlawBugs in the Browser: Firefox’s DATA URL Scheme VulnerabilityMultiviews Apache, Accept Requests and free listingOptimizing the number of requests in blind SQL injectionBursting Performances in Blind SQL Injection - Take 2 (Bandwidth)Port Scan without JavaScriptFavorites Gone WildCross-Browser Proxy UnmaskingSpoofing Firefox protected objectsInjecting the script tag into XMLLogin Detection without JavaScriptAnti-DNS Pinning ( DNS Rebinding ) : Online Demonstration Username Enumeration Timing Attacks (Sensepost)Google GMail E-mail Hijack TechniqueRecursive Request DoSExaggerating Timing Attack Results Via GET FloodingInitiating Probes Against Servers Via Other ServersEffects of DNS Rebinding On IE’s Trust ZonesPaper on Hacking Intranets Using Websites (Not Web Browsers)More Port Scanning - This Time in FlashHTTP Response Splitting and Data: URI scheme in FirefoxRes:// Protocol Local File EnumerationRes Timing AttackIE6.0 Protocol GuessingIE 7 and Firefox Browsers Digest Authentication Request SplittingHacking Intranets Via Brute ForceHiding JS in Valid ImagesInternet Archiver Port ScannerNoisy Decloaking MethodsCode Execution Through Filenames in UploadsCross Domain Basic Auth Phishing TacticsAdditional Image Bypass on WindowsDetecting users via Authenticated RedirectsPassing Malicious PHP Through getimagesize()Turn Any Page Into A Greasemonkey PopupEnumerate Windows Users In JSAnti-DNS Pinning ( DNS Rebinding ) + Socket in FLASHIframe HTTP PingRead Firefox Settings (PoC)Stealing Mouse Clicks for Banner Fraud(Non-Persistent) Untraceable XSS AttacksInter Protocol ExploitationDetecting Default Browser in IEBypass port blocking in Firefox, Opera and Konqueror.LocalRodeo DetectionImage Names Gone BadIE Sends Local Addresses in Referer HeaderPDF XSS Can Compromise Your MachineUniversal XSS in Adobe’s Acrobat Reader PluginFirefox Popup Blocker Allows Reading Arbitrary Local FilesIE7.0 Detectoroverwriting cookies on other people’s domains in Firefox. Embeding SVG That Contains XSS Using Base64 Encoding in FirefoxFirefox Header Redirection JavaScript ExecutionMore URI Stuff… (IE’s Resouce URI)Hacking without 0days: Drive-by JavaGoogle Urchin password theft madnessUsername Enumeration VulnerabilitiesClient-side SQL Injection AttacksContent-Disposition HackingFlash Cookie Object TrackingJava JAR Attacks and FeaturesSevere XSS in Google and Others due to the JAR protocol issuesWeb Mayhem: Firefox’s JAR: Protocol issues (bugzilla)0DAY: QuickTime pwns FirefoxExploiting Second Life
United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.
Saturday, January 26, 2008
السعودية تصدر قانونا جديدا لمكافحة جرائم المعلوماتية
أصدرت وزارة الداخلية السعودية اليوم قانونا جديدا لمكافحة جرائم المعلوماتية التي تشمل التهديد والإبتزاز والتشهير بالآخرين في مواقع الإنترنت وانشاء مواقع الإنترنت الإرهابية. النظام الجديد يشمل 16 مادة تتضمن عقوبات صارمة ضد مرتكبي هذه الجرائم تتراوح بين سنة و10 سنوات سجنا وغرامات مالية تصل الى خمسة ملايين ريال سعودي.
For More details visit the link below:
السعودية تصدر السعودية تصدر قانونا جديدا لمكافحة جرائم المعلوماتية
For More details visit the link below:
السعودية تصدر السعودية تصدر قانونا جديدا لمكافحة جرائم المعلوماتية
Monday, January 14, 2008
Credit card fraud could rise in 2008
For more information visit: Gulfnews: Credit card fraud could rise in 2008.
Tuesday, January 8, 2008
Secur Middle East - 18-19 February 2008 - JW Marriott, Dubai, UAE.
Marcus Evans presents the inaugural Secur Middle East Congress. CISSPs earn up to 12 CPEs at the event which will focus on: "Implementing a successful, proactive approach against information security breaches".
It features a 2-Day conference coupled with a major IT security-specific exhibition. (ISC)2 members receive a 15% discount off the conference price.
Specific sessions include:
Feb 18
Session 1: Securing Wireless Technology
Session 2: Identification & Authentication
Session 3: Hacking & Threats Counter Measures
Feb 19
Session 1: Enterprise Security Architecture
Session 2: Network Security for Corporate Defence
Session 3: Information Security
For more information, visit the Secur Middle East Website.
Subscribe to:
Posts (Atom)
SecurityStreet:
PandaLabs Blog
Webroot Threat Blog
Daily Infosec News
HITBSecNews
Naked Security - Sophos
Taddong
Zone-H.org News
CGISecurity
ArsTechnica:
HACK A DAY
Help Net Sec
The Spanner
Middle East Technology News
CRIME
Selil Blog
HACKING IN THE NEWS
Special Defacements
The Certified Geek
DoS Files ≈ Packet Storm
E Hacking News
Banned in UAE:
The following websites are blocked by ISPs in UAE.
News ≈ Packet Storm
DARKNET
MySecured.com
All rights reserved.