Securityexploits

SANS pen tester  has an excellent example (guest written by Chris Andre Dale)  and also a new Zero-day Cross Site Scripting(XSS) example at SANS pen testing blog http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata   The vulnerability is based on exif data in jpegs: http://www.digital-photo-secrets.com/tip/38/what-is-exif/ You can view the EXIF data in Windows7 by right clicking on the image, choosing Properties and … Read more

beyondtrust.com has the information MS14-066 was patched in November patch Tuesday (Nov 11).  and here is the details: Unfortunately for those machines that do not patch regularly, the Microsoft patch allows the reverse engineer to figure out what was patched and then create a hack/Proof of Concept – POC)   We can now see that … Read more

The site http://insecam.com/  has set up  thousands of links to insecure cameras that are online.  4717 cameras in USA including many that are inside homes.  A couple in New Jersey  http://www.insecam.cc/cam/bycity/Absecon/ Including Chesterfield, MO http://www.insecam.cc/cam/bycountry/US/?page=120 Please log into your camera and change the default password. Changing default passwords should be  done to all devices right when you … Read more

Garwarner Blog post reveals some details of  various posts on the Internet that discuss the paper written by Google and other University of San Diego residents Here is the Abstract: “Online accounts are inherently valuable resources—both for the data they contain and the reputation they accrue over time. Unsurprisingly, this value drives criminals to steal, … Read more

This router has a big security hole:   Integrity Labs says there is a guest wifi Zero-day exploit, this means that an unportected (without a password) wifi zone can be attacked and the machine can be taken over by the hacker.   If you have a Belkin N750 you should consider replacing it ASAP. Believe … Read more