Feed on Posts or Comments | Font Size: Decrease Font Size Increase Font Size 21 December 2024

Filed under: Defacements, Hacktivism, Penetration Testing, Personal Opinions, Security Articles
posted by D1m on 09 Aug 2007

How Crackers Deface Websites? Why They Do It?

Through the following post I am not purposing to influence you to start defacing, but to briefly give you a better understanding of how and why it is done.

Almost everyday I visit Zone-H’s archive of special digital attacks, I find that at least 1 or 2 attacks were done against US governmental web servers. The domain suffix of the defaced websites was *.gov. Does this fact means that they are totally secure? I don’t think so… Obviously the web servers may host very confidential data. In this case the web server administrators seemed to have allowed threats against governmental assets. Any unwanted consequences that a breach of security can lead to, are mainly caused by the irresponsibility and lazyness of system administrators and web developers.

Read More » » »


Filed under: Phishing, Privacy, Security News, XSS
posted by D1m on 28 Mar 2007

Cross-Site Framed?

Have you heard of cross-site framing? The past few days I saw listed on our archive, several websites vulnerable to cross-site framing – listed as frame redirection. I will briefly describe a possible exploitation scenario, concluding with more emphasis on the negative impact that this type of vulnerability can have to the privacy of innocent individuals who are users of the affected websites.

Read More » » »


Filed under: Exploits, Penetration Testing, Security Articles
posted by D1m on 17 Mar 2007

Pen-Test Paper: How An Internal Network Becomes External

My friend SuRGeoN from Greece wrote a very interesting pen-test paper which explains how easy is to convert an internal network into an external with the port redirection technique. He demonstrates the attack scenarios – including network architecture diagrams – and goes into great technical details about them.

Read More » » »


Filed under: Exploits, Phishing, XSS
posted by D1m on 15 Mar 2007

Internet Explorer 7: Phishing Using Local Resource Vulnerability

Aviv Raff has published on his blog an interesting proof of concept of the vulnerability affecting Internet Explorer v7: a cross-site scripting in the navcancl.htm local resource.

Read More » » »


Filed under: Defacements, Security News, XSS
posted by D1m on 06 Mar 2007

XSSed.com: What, Who, Why?

The goals of XSSed.com are to provide informative resources on cross-site scripting(XSS) vulnerabilities and exploitation methodologies, and to archive XSS vulnerable websites for statistic purposes. Mirroring websites is a way to prove to vendors and webmasters that the vulnerability really existed – in case of denial. Users will become more aware on protecting themselves on some websites, as XSS vulnerabilities are mostly targeting the users and not the websites.

XSSed.com is also an attempt to spread education and awareness about XSS to IT professionals and amateurs involved or interested in secure web application development.

Read More » » »


« Previous PageNext Page »