I received a mail stating that there are some congestions in Yahoo-accounts service and hence they will be closing down unused accounts. They wanted me to send them few of my personal details. If I fail to do so my account will be discontinued. Who will want their account to be discontinued which they have been using for a long time? So should I send them my details? The mail which I received was:
——————————————————————————– Read more »
I posted an article on palisade magazine on “Web Services Security – The Basics”.
Stumbled upon this pretty little nice page which can help you generate your .htaccess file. Can come handy for many web admins.
For those who are still not aware of .htaccess files you can have a look here & here.
Interesting read here:
“Scam-Detective: How much money did you earn from scamming people?
Read more »
Well..Sorry for the long gap. Was stuck with some work as usual 
First of all wish you all a happy New Year!! A bit late to wish but better late than never
The recent (stale) news much around about the Google/Adobe hack a.k.a “Operation Aurora” is suspected to be executed successfully using a zero-day IE exploit. The exploit code is publicly available & Metasploit has also released a module for the same. So now you can expect lotta script-kiddies out in action attacking your corporate/home network.
Microsoft had suggested a workaround for the same earlier this week. But the exploit had been much in wild that it had to release an out-of-band patch for the same. We strongly recommend to implement this patch on higher priority. This vulnerability could allow remote code execution if a user simply views a specially crafted Web page using Internet Explorer.
Read more »
Information Security, Penetration Testing, Vulnerability Assessment | w0lf | January 22, 2010 | 
Comments (0)
exploit, Google Adobe hack, internet explorer, metasploit, microsoft, ms10-002, Operation Aurora, out-of-band
HI All
“Attackers are exploiting a known vulnerability in Yahoo’s network to
launch brute force attacks against users’ Yahoo mail accounts. The
attackers are using hijacked mail accounts to send spam. The main Yahoo login page has mechanisms in place that protect accounts from brute force attacks, but the recent attacks have been exploiting a web
application (services) that automates the authentication process and does not have the attack protection in place.”
Users should choose strong password to stay SAFE.
Read more »
This is in continuation of advanced notification released by Microsoft few days back. It has now released MS09-34 and MS09-35 out-of-band patches yesterday. Well we would recommend having MS09-34 (Internet Explorer related bulletin) on your top list.
MS09-35 (Visual Studio active template library) is basically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin. Developers who have built components and controls using ATL should download this update and recompile their components and controls following the guidance provided in the following MSDN article.
Read more »
Information Security, Network Security, Penetration Testing, Vulnerability Assessment | w0lf | July 30, 2009 | Comments (0)
active X, black hat USA 2009, inter, internet explorer, killbit bypass, MS09-032, ms09-034, ms09-035
This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical.
The severity for Internet Explorer patch has been rated as CRITICAL whereas for Visual Studio has been rated as MODERATE.
Read more »
Hi
I came across this funny post @ Schneier’s Blog. It displays two images as shown below where the pin numbers on the keypads have mysteriously disappeared… : P
Read more »
Alright..I agree this is no big news. But the reason, I thought would mention the thing here is the full disclosure by the attacker (anti-sec group). For those who are new to infosec world can have an idea how attackers can tear you (your site) apart. Luckily, astalavista was not any financial institution. So other webmasters out there, keep vulnerabilities (atleast known) a-bay from your application/OS/webserver etc….
Full disclosure here.
