Wordpress blog attacks... again

Published: 2010-05-19
Last Updated: 2010-05-19 21:58:28 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)

The good people at Websense have a new writeup on Wordpress blog attacks that have been occurring this week.  Read the blog entry here.

-Kyle Haugsness

Keywords: wordpress
0 comment(s)

Metasploit 3.4.0 released

Published: 2010-05-19
Last Updated: 2010-05-19 19:55:12 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)

Version 3.4.0 of Metasploit was released today and it appears to contain some very nice features.  Included now is some functionality for brute forcing credentials for daemons requiring authentication and many other new capabilities.  Full information here: http://blog.metasploit.com/2010/05/metasploit-framework-340-released.html

-Kyle Haugsness

Keywords: metasploit
0 comment(s)

EFF paper about browser tracking

Published: 2010-05-19
Last Updated: 2010-05-19 02:58:02 UTC
by Jason Lam (Version: 1)
1 comment(s)

Electronic Frontier Foundation (EFF) has published a paper on browsers being tracked by it's unique fingerprint. It turns out our browsers are more unique than we would like to think they are so it is possible for websites to track users around using the unique fingerprint. While it may not be possible to know the exact user's identity, tracking from one web location to another is definitely a possibility. User agent sting, system fonts, screen resolutions and much more of the computer attributes all contributes to the unique fingerprint of computer + browser combination.  For those of you really concerned about your privacy, maybe it's time to randomize the timezone settings, fonts and screen resolution frequently (joking). Disabling Javascript and active contents help with this a little bit but you need to decide whether privacy is worth losing the ability to view the active content. 

Full paper can be found at https://panopticlick.eff.org/browser-uniqueness.pdf

 

1 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives