Jump to content

akkiliON

Active Members
  • Content Count

    1086
  • Joined

  • Last visited

  • Days Won

    8

akkiliON last won the day on January 14

akkiliON had the most liked content!

Community Reputation

449 Excellent

About akkiliON

  • Rank
    Retired
  • Birthday 07/22/1990

Recent Profile Visitors

1204 profile views
  1. Salutare tuturor, A trecut ceva timp de când n-am mai postat ce am găsit pe aici. Am găsit un XSS reflected în https://pay.google.com. Din păcate, merge doar pe Internet Explorer 11 din cauză că browser-ul nu suportă CSP-ul. Partea bună, este că vulnerabilitatea pe care am găsit-o a fost validată. Cam atât pot spune în momentul de față. Numai bine.
  2. English | ISBN-13: 978-1466592612 | 532 pages | PDF | 23 MB In this book, web security expert Wu Hanqing reveals how hackers work and explains why companies of different scale require different security methodologies. With in-depth analysis of the reasons behind the choices, the book covers client script security, server applications security, and Internet company security operations. It also includes coverage of browser security, cross sites script attacks, click jacking, HTML5/PHP security, injection attacks, authentication, session management, access control, web frame security, DDOS, leaks, Internet transactions security, and the security development lifecycle. Link : Dropbox - Web Security: A WhiteHat Perspective
  3. Happy birthday @M2G !
  4. Un prieten de-al meu a gasit un SQL Injection si a primit duplicate. Am raportat si eu un XSS (Flash), dar degeaba. Am primit duplicate.
  5. Felicit?ri, ?i-au validat problema ?
  6. Even as Bitcoin is starting to shake things up in the US, all is not well in the cryptocurrency world. China-based Bitcoin exchange Bter was hacked on Valentine’s Day and $1.75 million worth of Bitcoin was stolen. The company hasn’t revealed much about the breach, except that 7,170 BTC was taken from its cold (offline) wallet on February 14 via a single transaction (link) and that the platform is suspending operations until further notice. The company has offered a bounty of 720 BTC – about $170,000 – for the retrieval of the stolen currency. It says it will arrange withdrawals of unaffected funds at a later date. This is the second major Bitcoin hack in the past two months. Slovenian exchange Bitstamp lost about $5 million worth of currency in January but has since resumed service. More positively, Coinbase launched the first US Bitcoin exchange last month, ahead of the launch of Lunar, a competitor backed by the Winklevoss twins. It’s likely that this year’s debate around Bitcoin will center more on security than whether businesses or individuals choose to adopt the currency. Bter blockchain.info Source: $1.75 Million in Bitcoin Stolen from Chinese Exchange Bter
  7. akkiliON

    Yahoo XSS

    Request-ul se f?cea prin POST Method.
  8. akkiliON

    Yahoo XSS

    Am zis c? n-are rost s? mai creez un alt topic. Vreau doar s? spun c? am g?sit un XSS Stored în portal.office.com (Microsoft), care se putea exploata. Am fost recompensat cu 1500$ + un loc in Hall of Fame. Vulnerabilitatea a fost fixat?.
  9. Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google’s tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn’t appears to be a right decision either. In both cases, the only one to suffer is the innocent users. The revelation of the security flaw was also a part Google's Project Zero, an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them. This time the search engine giant has discovered a flaw in the CryptProtectMemory memory-encrypting function found within Windows 7 and 8.1 and presents in both 32- and 64-bit architectures, which can accidentally disclose sensitive information or allow a miscreant to bypass security checks, apparently. MICROSOFT WILL DELIVER PATCH IN FEB, 2015 Google first notified Microsoft of the vulnerability in Windows 7 and 8.1 on October 17, 2014. Microsoft then confirmed the security issues on October 29 and said that its developers managed to reproduce the security hole. The patch for the vulnerability is scheduled for Feb. 10, next Patch Tuesday. The vulnerability was found by James Forshaw, who also discovered a "privilege elevation flaw" in Windows 8.1, which was disclosed earlier this week and drew strong criticism from Microsoft. The newly discovered bug actually resides in the CNG.sys implementation, which failed to run proper token checks. This is third time in less than a month when the Google’s Project Zero released details of the vulnerability in Microsoft’s operating system, following its 90-day public disclosure deadline policy. Few days ago, Google released details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system just two days before Microsoft planned to patch the bug. Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows - Hacker News
  10. akkiliON

    Yahoo XSS

    Nu, înc? nici nu e fixat? problema.
×
×
  • Create New...