Home Blog Page 15

Projects

WordPress Securify Plugin WordPress Securify (WPSec) is a security plugin for WordPress. Every hour the tests specified within WPSec will be executed. A count of “warnings” is displayed in the top right of the WordPress Admin panel. WordPress Securify ShellScript This project has been split into two parts. The first was a chunky shell script that uses security through obscurity approach. The...

Adobe Universal XSS

Discussion In September pdp and I did some really fun work involving backdooring PDF files. It opened alot of eyes and some back accounts in getting it fixed. Now Stefano Di Paola and Giorgio Fedon have found a way to perform universal XSS attacks on systems with Adobe Reader and Professional installed. Affected Versions According to pdp the following versions have been...
Update: http://michaeldaw.org/md-hacks/rss-injection-in-sage-part-2/ I would often keep abreast of new vulnerabilities and exploits via my RSS feeds. Visiting page after page was just never fun. RSS allowed me to categorise, organise and track the security mayhem on the Internet. What was the point of employing a security analyst who was outdated and outgunned? I decided to play with Sage, which is a popular...
2 months ago, both pdp any myself released a vulnerability Cross Context Scripting in Sage. This issue was resolved in Sage release 1.3.7 (see: http://mozdev.org/bugs/show_bug.cgi?id=15101). I found a new vulnerability which affects the latest version, Sage 1.3.8. In addition to the XSS vulnerability, it should be noted (as in the previous vulnerability) that this issue occurs within the Local...
Some had a good nights sleep last night. Generally it will be those who heeded our suggestions given last year September with Backdooring PDF Files, while others most likely didnt get any sleep at all. I woke up this morning and started getting ready for work. As usual, I turned on my laptop and cruised over to Michael Daws SecNews...