Articles by 'Gotham'

By Gotham, Posted in Security

August 8, The Register – (International) HP plugs password-leaking printer flaw. HP released patches for several models of LaserJet Pro printers that closes a vulnerability caused by hardcoded URLs in the printers’ firmware which could allow an attacker to extract plaintext user passwords. Source: http://www.theregister.co.uk/2013/08/08/hp_plug_password_leaking_ printer_vuln/ August 8, Help Net Security – (International) Chrome not the only browser that stores plain-text passwords. Google responded to a... read more.

  • August 09, 2013

By Gotham, Posted in Security

August 8, The Register – (International) HP plugs password-leaking printer flaw. HP released patches for several models of LaserJet Pro printers that closes a vulnerability caused by hardcoded URLs in the printers’ firmware which could allow an attacker to extract plaintext user passwords. Source: http://www.theregister.co.uk/2013/08/08/hp_plug_password_leaking_ printer_vuln/ August 8, Help Net Security – (International) Chrome not the only browser that stores plain-text passwords. Google responded to a... read more.

  • August 09, 2013

By Gotham, Posted in Security

August 7, Threatpost – (International) Fort Disco brute-force attack campaign targets CMS websites. A researcher at Arbor Networks reported that a botnet called Fort Disco is active in attacks targeting Web sites built on content management systems (CMS) to gain control of systems. Fort Disco is currently made up of around 25,000 compromised Windows machines. Source: https://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-websites/101723 August 7, Help Net Security – (International) Exp... read more.

  • August 08, 2013

By Gotham, Posted in Security

August 7, Threatpost – (International) Fort Disco brute-force attack campaign targets CMS websites. A researcher at Arbor Networks reported that a botnet called Fort Disco is active in attacks targeting Web sites built on content management systems (CMS) to gain control of systems. Fort Disco is currently made up of around 25,000 compromised Windows machines. Source: https://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-websites/101723 August 7, Help Net Security – (International) Exp... read more.

  • August 08, 2013

By Gotham, Posted in Security

August 6, Softpedia – (International) Experts identify OAuth bypass vulnerability in Microsoft’s social network Yammer. A Vulnerability Lab researcher identified an OAuth bypass vulnerability in Microsoft’s enterprise social network Yammer that could be used to hijack user accounts. The vulnerability was reported to Microsoft and patched July 2013. Source: http://news.softpedia.com/news/Experts-Identify-OAuth-Bypass-Vulnerability-in-Microsoft-s-Social-Network-Yammer-Video-373394.shtml August 6, The Regis... read more.

  • August 07, 2013

By Gotham, Posted in Security

August 6, Softpedia – (International) Experts identify OAuth bypass vulnerability in Microsoft’s social network Yammer. A Vulnerability Lab researcher identified an OAuth bypass vulnerability in Microsoft’s enterprise social network Yammer that could be used to hijack user accounts. The vulnerability was reported to Microsoft and patched July 2013. Source: http://news.softpedia.com/news/Experts-Identify-OAuth-Bypass-Vulnerability-in-Microsoft-s-Social-Network-Yammer-Video-373394.shtml August 6, The Regis... read more.

  • August 07, 2013

By Gotham, Posted in Security

August 5, Threatpost – (International) BREACH compression attack steals HTTPS secrets in under 30 seconds. Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) an attack that enables the reading of encrypted messages via plaintext injection into an HTTPS request, prompted an advisory after it was demonstrated at the Black Hat 2013 conference. Source: https://threatpost.com/breach-compression-attack-steals-https-secrets-in-under-30-seconds/101579 August 5, Wired.com – (In... read more.

  • August 06, 2013

By Gotham, Posted in Security

August 5, Threatpost – (International) BREACH compression attack steals HTTPS secrets in under 30 seconds. Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) an attack that enables the reading of encrypted messages via plaintext injection into an HTTPS request, prompted an advisory after it was demonstrated at the Black Hat 2013 conference. Source: https://threatpost.com/breach-compression-attack-steals-https-secrets-in-under-30-seconds/101579 August 5, Wired.com – (In... read more.

  • August 06, 2013

By Gotham, Posted in Security

August 1, The Register – (International) Gmail, Outlook.com, and e-voting ‘pwned’ on stage in crypto-dodge attack. Researchers demonstrated a man-in-the-middle attack at the Black Hat 2013 conference which can allow unauthorized access to email by preventing logout requests. The attack could also be used against certain electronic voting systems. Source: http://www.theregister.co.uk/2013/08/01/gmail_hotmail_hijacking/ August 1, V3.co.uk – (International) Google Code developer site targeted by hackers. A... read more.

  • August 02, 2013

By Gotham, Posted in Security

August 1, The Register – (International) Gmail, Outlook.com, and e-voting ‘pwned’ on stage in crypto-dodge attack. Researchers demonstrated a man-in-the-middle attack at the Black Hat 2013 conference which can allow unauthorized access to email by preventing logout requests. The attack could also be used against certain electronic voting systems. Source: http://www.theregister.co.uk/2013/08/01/gmail_hotmail_hijacking/ August 1, V3.co.uk – (International) Google Code developer site targeted by hackers. A... read more.

  • August 02, 2013