The Bantown hacker group hijacked LiveJournal

Posted by mustapha under Security
[4] Comments | No Trackbacks
The Bantown hacker group hijacked hundreds of thousands of user accounts at LiveJournal. LiveJournal is an online community ("blogging") with 9,2 millions registered accounts. The hijacking was made possible by stealing "cookies" due to a series of Javascript security flaws in the LiveJournal site.

The hackers said on their site:

» Read More

 

It is programmed to attack next week

Posted by mustapha under Security
Add comment | No Trackbacks
ZDnet reported:
The Internet community will not know the scale of the February attack until it occurs. It depends on how many hosts are infected.
...
At the moment it's just sitting there quietly, and we won't know how many home users have been infected until Feb. 3.

» Read More

 

Mozilla Firefox Remote Command Execution Exploit

Posted by mustapha under Security
Add comment | No Trackbacks
The French Security Incident Response Team (FR-SIRT) has published yesterday a proof of concept of Mozilla Firefox "InstallVersion.compareTo()" Remote Command Execution Exploit. The FR-SIRT has published the perl code of the exploit. You can get it from http://www.frsirt.com/exploits/20060101.mozilla_compareto.pm.php

 

World's First XSS Worm called Samy

Posted by mustapha under Security
Add comment | No Trackbacks
PHPmagazine reported (Oct 17 2005):


In a quick note from Ilia Alshnetsky, "To all the people who carelessly claim that Cross Site Scripting (XSS) is not a real security problem here is definitive proof that the threat is quite real. A very creative user of MySpace, Samy created a little self propogating worm via a stored XSS attack."

» Read More