therealworld
Access control and privilege escalation…
Just an off-the-cuff article here from personal experience. I’ve seen a number of privilege escalation of issues with web applications. Nothing strange in that. Except that they have been happening in Microsoft .Net applications. The .Net framework does have some mature security get-out-jail-for-free cards but it does cover everything. I’ve seen id enumeration available on [...]
Facebook leaks birthdays
As I have maintained to people never put out too much information about yourself. In fact putting some false content to pad your profile on there is not unwise. Facebook has been known to keep a lot of information. I mean after all it is very hard to actually remove yourself from it. And all [...]
Sail the recruitment seas for some trawling & phishing…
Welcome to the murky waters of recruitment sites. I am sure you have had your fair share of dealing with agents. So much so you’d rather deal with Internet sites? Well be careful of what details you put on those job boards! There has been a trojan that has been harvesting information and passed it [...]
Earthquake Scammer & Homer Spammer
Two stories here. A Chinese man was jailed after he attempted to divert donations from a Red Cross website to a bank account of his choice. That is really low exploiting a system, which meant to do good for your own ends. In lighter news, it would appear Homer Simpson’s email address that appears in [...]
Malicious Sites
Half of malicious sites are tied to just 10 Chinese networks.
