Blog Posts Tagged with "Javascript"

03b2ceb73723f8b53cd533e4fba898ee

Crisis Malware Threatens Virtualized Environments

August 24, 2012 Added by:Pierluigi Paganini

Crisis Malware is an agent used to spy on victims by intercepting communications, and it is able to open a backdoor on the infected host once the user executes a JAR file made to look like an Adobe Flash Installer. The malware has been developed for several OSs, and a Mac version has been isolated...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Attack with Power... Point That Is

August 16, 2012 Added by:f8lerror

There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

The Rise of Multi-Platform Malware

July 12, 2012 Added by:Pierluigi Paganini

Using a JAR, the malware is able to identify the OS and download the right files to infect the targeted machine. After identifying the type of operating system a unit is running, a Java class file will download the appropriate malware, with the purpose to open a backdoor to allow remote access to the machine...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Blackhole Exploit Kit Upgrade Revealed

July 03, 2012 Added by:Headlines

"The Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain... The code then creates a hidden iframe, using the previously-generated domain as the source..."

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Applications vs. the Web: Enemy or Friend?

March 16, 2012 Added by:Danny Lieberman

A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

New Drive-By Malware Spam Infects Upon Opening Email

February 01, 2012 Added by:Pierluigi Paganini

According the announcement from researchers at Eleven, a German security firm, it is sufficient that a communication is merely opened in the email client to infect the target without the user clicking on a link or opening an attachment...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Mobile Application Security: New Platforms, Old Mistakes

January 24, 2012 Added by:Fergal Glynn

While Android may be a new platform, some of the security issues we found are reminiscent of old mistakes we have seen developers make. One example of this was the practice of hard-coding cryptographic keys directly into the application...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

How to Avoid Being Miscast in a SOPA Opera

January 20, 2012 Added by:Kevin McAleavey

LOIC was originally written in C#, but a later variant was created in Javascript which permits it to be deployed from any internet connected device. LOIC and its JS variant are simple toys, but in the hands of enough people they can create a formidable DDOS attack on a site...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Significance of 'Death of the Document Web' to Security

January 18, 2012 Added by:Rafal Los

Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...

Comments  (2)

6648b1abd4a9b964566c3690613f20a6

Following the Trail of Web-Based Malware

December 15, 2011 Added by:Mark Baldwin

The main.php script contained javascript that attempted to exploit several potential vulnerabilities. I downloaded the script and analyzed it. By inserting an “alert” statement into the script prior to the actual execution of the code, we can get a good idea of what the script does...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Lockheed Warns Adobe of New Exploit in the Wild

December 07, 2011 Added by:Headlines

"This U3D memory corruption vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows..."

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Free From Defect Software License

November 22, 2011 Added by:Keith Mendoza

This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?

Comments  (2)

53692ae1a8e713373b8a487ce89ee3e2

OS X Lion Captive Portal Hijacking Attack

October 07, 2011 Added by:Tom Eston

OS X Lion's new feature poses a security risk. When an OS X laptop joins a network which contains a captive portal, a window is automatically opened to prompt the user to interact with it. This presents a major security risk if an attacker can control this functionality...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Congressmen Call for FTC Investigation on Supercookies

September 28, 2011 Added by:Headlines

“I am very disturbed by news that supercookies are being used to collect vast amounts of information about consumers’ online activities without their knowledge. Companies should not be behaving like supercookie monsters, gobbling up personal, sensitive information without users’ knowledge..."

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Skype Vulnerable to HTML/JavaScript Code Injection

August 23, 2011 Added by:Headlines

"Does it make sense to allow users to 'embed' HTML code in their Skype profile and especially in those 'phone number' fields? Also, there is no option to define any HTML code in Skype client. I was able to find those bugs with Linux Skype client. I guess they don't focus so much on that client..."

Comments  (0)

Page « < 1 - 2 > »