ClubHack 2007 Presentations

Reading today some feeds I found the Clubhack 2007 presentation online.
I have taken a quick look to this and there are some interesting topics as:
- Vulnerabilities in VoIP Products and Services.
- Hacking Web 2.0 Art and Science of Vulnerability Detection.
- Backdoor 2.0: Hacking one’s Firefox to steal his web secrets.
- Analysis of Adversarial Code: The [...]

16 December, 2007
Categories: Events, Vulnerabilities . . Author: David Lopez . Comments: Leave a Comment

BT Home hub/Speedtouch 7G vulnerability

High Critical vulnerability has been discovered in this multifunctional device, quite popular all around the UK.
The problem:
The router can be totally owned remotely (Full Admin control).
Requirements:
The “victim” has to visit a malicious site. That’s it, no more no less, this could be easily done with a bit of Social engineering.
How:
Using an exploit to enable a [...]

9 October, 2007
Categories: General, Vulnerabilities . Tags: , , , , , , , . Author: David Lopez . Comments: Leave a Comment

Adobe vulnerability in versions 8.1 or earlier.

I know this is not brand new, but again all points to Microsoft fault, I mean it’s not only Adobe’s fault, at least this last one published a workaround to avoid the problem, you can find it here.
 Surprisingly this bug doesn’t affect to Vista machines which is a point for Microsoft and for Vista too [...]

8 October, 2007
Categories: General, Vulnerabilities . . Author: David Lopez . Comments: Leave a Comment

Attack to CISCO

Special thanks to net-security.org

3 October, 2007
Categories: General, Vulnerabilities . . Author: David Lopez . Comments: Leave a Comment

Are you thinking in sharing your wifi?

Please before doing it please be aware of the risks you are taking.
 There is a very good article about it.
 A simple risk analysis
 Take a look.
 If you are on the other side…
Tools
More tools
Hope you enjoy it!!

30 September, 2007
Categories: Tools, Vulnerabilities . . Author: David Lopez . Comments: 1 Comment

“iPods, What You Don’t Secure Could Hurt You”

I read before about this kind of “in-security”, and many test about physical security but I found this article and I thought maybe someone interested in this kind of security should know, the whitepaper only shows in paper what most of us know yet.
 For me there are some facts about users in IT World:
 - They [...]

24 September, 2007
Categories: General, Vulnerabilities . . Author: David Lopez . Comments: Leave a Comment

Another XSS vulnerability

This time the vulnerability comes through Google’s hands, yes, The Google Appliance has a vulnerability that allows to steal cookies, sessions, etc,  the appliance is affected by everything you can do running a browser script, which is not very good for Google and for many organizations that use this device, for example the British MI-5, MI-6, and so on.
This [...]

22 September, 2007
Categories: Vulnerabilities . . Author: David Lopez . Comments: 1 Comment

Hooked on a feeling!

Matousec have found a number of vulnerabilities in implementations of SSDT (System Service Descriptor Table) hooks in many different products.  It’s incredible that proffesional developers of products based on Windows didn’t read the Common Driver Reliability Issues paper published/updated by Microsoft on May 5, 2003. Then we all will be surprised when a rootkit based on this bad not [...]

18 September, 2007
Categories: Rootkits, Vulnerabilities . . Author: David Lopez . Comments: Leave a Comment