gammarays has release a paper and a video showing proof of concept on how to bypass yahoo security by simply generating his own cookie and totally leaving login.yahoo.com out of the picture.....If you own a yahoo account, then this may be of a concern to you.....Doesn't surprise me that something like this would happen to another microsoft shop...seeing as this is only one layer user authentication....Security matters...I hope they resolve this issue faster than I can finish playing bee on guitar hero...Who needs to hijack cookie when you have yahoo cookie generator, eh...Next we should see viruses and spam coming from your trusty contacts... Just like CAPTCHA, I tell you. It's not in the algo you use to construct the image. It's in how you present it to the user that determines it's strength.
edited:
video:
milw0rm.com/video/watch.php?id=84
paper:
milw0rm.com/papers/270
more on this from Rizki:
ilmuhacking.com/web-security/yahoo-session-cookie-generator/
Tuesday, January 27, 2009
Saturday, January 24, 2009
learn dd command
nice thread about dd command.....check it
linuxquestions.org/questions/linux-newbie-8/learn-the-dd-command-362506/
If you want a good book on this subject also check out File System Forensic Analysis by Brian Carrier (creator of TSK)
No sense in me, doubling someones efforts...
linuxquestions.org/questions/linux-newbie-8/learn-the-dd-command-362506/
If you want a good book on this subject also check out File System Forensic Analysis by Brian Carrier (creator of TSK)
No sense in me, doubling someones efforts...
Thursday, January 1, 2009
SSL broken! Hackers create rogue CA certificate using MD5 collisions
Wow, what a way to start the new year.
It was a matter of time before SSL would be broken.
It's about time. Will be interesting to see what will come of this.
blogs.zdnet.com/security/?p=2339
HAPPY 2009!
It was a matter of time before SSL would be broken.
It's about time. Will be interesting to see what will come of this.
blogs.zdnet.com/security/?p=2339
HAPPY 2009!
Subscribe to:
Posts (Atom)