Diary
Universal XSS Vulnerability in Google
It does worry me when Google services gets hacked with a Cross Site Scripting vulnerability that compromise just about everything.
Inferno released an advisory in Bugtraq stating that he discovered a method of exploiting the following Google items (to name a few):
1. Steal your emails.
2. Steal your contacts.
3. Steal your documents.
4. Steal your code.
5. Steal your [...]
10 must have tips for infosec people
We believe for anonymity in security through ambiguity and obscurity. Confuse them and they will come.
Yo XSS, what will we do today? The same thing we do everyday, try to “hack the planet”!
Hacking has no roots in kung-fu. Regardless of what anyone tells you, hackers are not master ninjas.
DO NOT use the title penetration tester [...]
Super Duper Invisible Trojan
A well-organized crime gang has stolen credentials for more than a half-million financial accounts in less than three years using a sophisticated trojan that remains undetectable to the vast majority of its victims, a report published Friday warns. (See The Register
A super, invisible trojan is the makings of a Hollywood movie but this is nothing [...]
Hacker Story Challenges
Obviously I have been pondering around the ultimate hacker story or collection of stories for some time. The greatest challenge is entertainment cost verse the the display of what real hackers could potentially do!
The Hollywood version of Hackers includes, hacking the Matrix, flying through Cyberspace and being hunted down by every known government agency.
There are [...]
Full-Disclosure Circles
Its been a week now since emailing the vendor a vulnerability that could potentially be used to break into 20,000+ sites.
Still waiting for a fix…
My original ramblings can be found on WithDK.com.
