Tuesday, January 27, 2009

yahoo session cookie generator

gammarays has release a paper and a video showing proof of concept on how to bypass yahoo security by simply generating his own cookie and totally leaving login.yahoo.com out of the picture.....If you own a yahoo account, then this may be of a concern to you.....Doesn't surprise me that something like this would happen to another microsoft shop...seeing as this is only one layer user authentication....Security matters...I hope they resolve this issue faster than I can finish playing bee on guitar hero...Who needs to hijack cookie when you have yahoo cookie generator, eh...Next we should see viruses and spam coming from your trusty contacts... Just like CAPTCHA, I tell you. It's not in the algo you use to construct the image. It's in how you present it to the user that determines it's strength.

edited:
video:
milw0rm.com/video/watch.php?id=84

paper:
milw0rm.com/papers/270

more on this from Rizki:
ilmuhacking.com/web-security/yahoo-session-cookie-generator/

Saturday, January 24, 2009

learn dd command

nice thread about dd command.....check it

linuxquestions.org/questions/linux-newbie-8/learn-the-dd-command-362506/

If you want a good book on this subject also check out File System Forensic Analysis by Brian Carrier (creator of TSK)

No sense in me, doubling someones efforts...

Thursday, January 1, 2009

SSL broken! Hackers create rogue CA certificate using MD5 collisions

Wow, what a way to start the new year.

It was a matter of time before SSL would be broken.

It's about time. Will be interesting to see what will come of this.


blogs.zdnet.com/security/?p=2339


HAPPY 2009!