Showing posts with label internet. Show all posts
Showing posts with label internet. Show all posts

Friday 11 January 2013

Java 0-day In The Wild - Disable Java Plugin NOW

Security researchers have discovered yet another critical Java 0-day exploit being used by majority of the browser exploit packs such as Blackhole and Cool. Users are urged to DISABLE the Java plugin RIGHT NOW.

French researcher Kaffeine discovered that the java 0-day has been spotted to be making big hits daily, in a blog post. This particular exploit has proven to be very serious threat for the users. The folks at AlienVault Lab have also reproduced the exploit and it seems to work over all the java versions across all platforms which is a very serious threat.

As for now, the users are highly urged to disable their JAVA plugins right now so that they do not get hit by these 0-days.

So what are you waiting for?

Important links:


How To Disable Java Plugin

Kaffeine's blog post

Alien Vault Labs Post


Read more...

Thursday 27 December 2012

The Scale Of Universe [A Must Watch]

Well this is so absofuckingly awesome that I decided it is worth making post about this particular site. Without further delay, I present you this awesome link

Scale of Universe


I hope you loved the site like I did :)




Read more...

Wednesday 12 December 2012

GitHub Snippet Sharing Gist Gets Revamped

GitHub team has today announced the new Gist, their online snippet sharing tool. Gist is a simple way to share snippets and pastes with others offering syntax support for several languages, configuration file formats and document formats.

The great thing about Gist is that all gists are git repositories, so they are automatically versioned, forkable and usable as a git repository. Whether it's a simple snippet or a full app, Gist is a great way to get your point across.

The new Gist is re-written completely from scratch using better libraries and following appropriate style guide.

Read rest of the story at GitHub


Read more...

Tuesday 11 December 2012

Inj3ct0r Team Hacked ExploitHub, Stole Private Exploits Worth $242333

Inj3ct0r team, which provides the ultimate database of exploits and vulnerabilities and serves as a great resource for vulnerability researchers and security professionals, has hacked ExploitHub.com, the site similar to inj3ct0r and stolen several private exploits worth $242333.

In the post from inj3ct0r team, they have provided the details for motivation of hack and the process of hack. At the time of writing this, ExploitHub.com seems to be down.

The post gives the process to accomplish the hack as below: I am very much surprised when he learned of Magento eCommerce Software and search /install/ 1) We scan server and site 2) We reinstall Magento CMS https://www.exploithub.com/install/ <= We reinstall Magento CMS 3) Upload shell and phpinfo https://www.exploithub.com/phpinfo.php 4) Back all files and database. 5) Upload piece of the database https://www.exploithub.com/export/ 6) Increased privileges


Read more...

Monday 5 November 2012

ImageShack and Symantec Hacked And Dumped

2012 has been a year of leaks and hacks and continues to be so. Hackers hacked into ImageShack and Symantec servers and have leaked several critical information regarding the servers and employees.

Hackers have disclosed in an e-zine that the security practices of these major companies have been a joke: In case of ImageShack, all MySQL instances as root, really old (2008) kernels, hardcode database passwords, enable register_globals, etc.

The e-zine says:

ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own.

Likewise, they have dumped the database of Symantec, one of the leading AV companies which includes the critical information of the researchers at Symantec.

Links

Pastebin

AnonPaste


Read more...

Thursday 30 August 2012

How To Automatically Start Firefox In Private Browsing Mode

In this post, I will provide the instructions for few of the methods to automatically start firefox in private browsing mode.

Method 1


Go to Edit -> Preferences and then select the Privacy tab. From the History dropdown list, choose the Firefox will Use custom settings for history and then check the Always use the private browsing mode option.


Method 2


The second method involves changing the firefox configuration which can be accessed by typing about:config in the address bar. The first method described above essentially changes one particular preference name browser.privatebrowsing.autostart in background and this second method involves doing that background job manually on our own.


Once you open about:config configuration page, search for private and from the resulting list, modify the boolean value of browser.privatebrowsing.autostart to true by double clicking on it.

I hope this helps. If you got any other method, please drop it as a comment. :)


Read more...

Monday 27 August 2012

How To Manually Install Flash Player 11 In Linux

This post will provide a step by step instructions for installing flash player 11 plugin in ubuntu 11.04 and other different versions and distros. This will be helpful for everybody who are having trouble with the software center like I had.


Make sure no firefox process is running and then fire up the terminal and type the following commands in order:

mkdir -p ~/flash && cd ~/flash

wget http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.238.orig.tar.gz

tar -zxvf adobe-flashplugin_11.2.202.238.orig.tar.gz

sudo cp -r libflashplayer.so /usr/lib/firefox/plugins

sudo cp -r usr/* /usr

Once you have finished copying the shared object and other necessary files in their respective target directories, you can open the firefox and you're good to go. :)


Read more...

Sunday 10 June 2012

How Does Windows 7 Determine Internet Access Status

So I was curious on how Microsoft is managing to determine the status of internet access. I am a linux user and I have been thinking of having something similar to windows in ubuntu as well. Due to curiosity, I was tempted to dig further upon this and here is my finding.

What tool would be better than wireshark to analyze network traffics so I fired up wireshark in my friend's laptop. I took out the ethernet cable, started the capture in the ethernet interface, and then plugged in the ethernet cable back. I waited till the internet access status was shown at the right bottom(right part of taskbar) and stopped the live capture.

Now to the fun part, I analyzed the capture with my noob skill.

One particular entry was the DNS query for . Curios, I opened the site to find 403 forbidden error. I was now starting to think that Microsoft does the DNS lookup for this particular site and if it fails, Windows shows No Internet Access sign.

Wait!!! There's something more. Further analysis showed that a GET request is made for the file ncsi.txt to that website. Following the stream, I found out that the page contained the text Microsoft NCSI.



So this is what I concluded after this analysis:

Windows performs a dns lookup for www.msftncsi.com then after it succeeds, a request is made to http://msftncsi.com/ncsi.txt which should contain the text Microsoft NCSI.

I did a google search on Microsoft NCSI and THIS PAGE gives a detailed description on NCSI which stands for Network Connectivity Status Indicator.

If you guys have researched on this and found something different, please let us know by throwing a comment.


Read more...