Vulnerability

Turning an ATM into a Slot Machine

Turning an ATM into a Slot Machine

Security researcher Barnaby Jack, currently at IOActive but a veteran of Foundstone, eEye, and Juniper with almost ten years in the industry, has demonstrated two exploit methods for ATM’s (Automated Teller Machines) in a presentation that is thus far the talk of the Black Hat 2010 conference. In a discussion originally slated for last year […]

Read More →

Read More →

114,000 iPad Owners: The Script that Harvested Their E-mail Addresses

114,000 iPad Owners: The Script that Harvested Their E-mail Addresses

Here is the script referenced in the Gawker story from earlier that describes how a number of early iPad 3G subscribers, including names like Harvey Weinstein, Michael Bloomberg, Diane Sawyer, and Rahm Emanuel had their e-mails revealed via a poorly designed web application hosted by AT&T. Goatse Security, named for the famous Internet shock image, […]

Read More →

Read More →

The “Aurora” IE Exploit Used Against Google in Action

The “Aurora” IE Exploit Used Against Google in Action

The big news hit earlier this week that the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe, and some 29 other firms was an Internet Explorer zero day, a use after free vulnerability on an invalid pointer reference affecting IE 6, 7, and 8 but only used […]

Read More →

Read More →

SHODAN: Cracking IP Surveillance DVR

SHODAN: Cracking IP Surveillance DVR

We have been continuing to play around with the SHODAN Computer Search Engine after first looking at it last week. We continue to identify a variety of devices we sometimes note on security engagements (although usually on internal networks) that should not be externally accessible and are either still using factory default credentials or are […]

Read More →

Read More →

Top