SEARCH RESULTS
 
Showing 1-10 of 39 records
 
Expand article

Can I get your Username and Password ?

2008-03-24 17:25:00 by Random InfoSec Guy in Security Coin
 
...username and password to reset the flag Wow!" I almost yelled in excitement " A real live telephone scammer!" I quickly noted the possibly-fake telephone number (yeah - Nitesh alerted me about spoofcard.com a long time ago!) and attempted to get a number where I could call him back. Surprisingly - he was fine with letting me call him back at...
 
Tags: security, security flags, major benefits provider, security flag, benefits, call, flag, quickly, quickly noted
 
 
 
 
Expand article

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit
 
...USERNAME . "|" . EXPIRY TIME . "|" . MAC Where: COOKIEHASH: MD5 hash of the site URL (to maintain cookie uniqueness) USERNAME: The username for the authenticated user EXPIRY TIME: When cookie should expire, in seconds since start of epoch MAC: HMAC-MD5(USERNAME . EXPIRY TIME) under a key derived from a secret and USERNAME . EXPIRY TIME So you...
 
Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness
 
 
 
 
Expand article

Wordpress 2.5 cookie integrity protection vulnerability

2008-04-25 16:03:19 by Steven J. Murdoch in Light Blue Touchpaper
 
...USERNAME . | . EXPIRY TIME . | . MAC Where: COOKIEHASH MD5 hash of the site URL (to maintain cookie uniqueness) USERNAME The username for the authenticated user EXPIRY TIME When cookie should expire, in seconds since start of epoch MAC HMAC-MD5( USERNAME . EXPIRY TIME ) under a key derived from a secret and USERNAME . EXPIRY TIME This scheme...
 
Tags: cookie, time, user expiry time, wordpress, secure cookie protocol, expiry time, vulnerability, username, maintain cookie uniqueness
 
 
 
 
Expand article

New Year's Resolutions for choosing online retailers

2007-12-20 09:31:28 by Andras Cser in Security & Risk Management
 
...Usernames and passwords are a thing of the past: you can safely assume that you will use a computer to log in which has a keylogger or trojan capturing your keystrokes, and with it your username and password Savvy customers are increasingly turning towards online retailers and financial institutions which provide at least some form of...
 
Tags: user inconvenience, low user inconvenience, users desktop, users desktop software, software, medium user inconvenience, low, imagic software, user
 
 
 
 
Expand article

Serving Malware Through Advertising Networks

The Article has images
2008-02-18 10:58:53 by HASH0x8bfe2fc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...username=kamilet (72.167.54.150 search-fantasy.info/go.php?u=fxlayer (208.109.178.115 netsearch.cc/go.php?u=fxlayer (208.109.90.122 upperhits.com/index.php?id=kamilet (72.52.154.96 itsptp.com/promote.php?uid=160 (72.232.241.20 validall.com/portal.php?ref=kamilet (207.150.179.58 feisearch.com/portal.php?r=0&username=fxlayer (63.246.133.63...
 
Tags: malware, php attempt, php, neosploit malware kit, xtraff, exploit, live exploit urls, urls, htm
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 06:09:00 by Keith Brown in Security Briefs
 
...Username Authentication in WCF from Windows Forms How To - Use SQL Role Provider with Windows Authentication in WCF from Windows Forms How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms How To - Use WsHttpBinding with Windows Authentication and Message Security in WCF from...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 12:09:00 by keith-brown in Security Briefs
 
...Username Authentication in WCF from Windows Forms How To - Use SQL Role Provider with Windows Authentication in WCF from Windows Forms How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms How To - Use WsHttpBinding with Windows Authentication and Message Security in WCF from...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

WCF Security Guidance from P&P

2008-04-04 12:09:00 by keith-brown in Security Briefs
 
...Username Authentication in WCF from Windows Forms How To - Use SQL Role Provider with Windows Authentication in WCF from Windows Forms How To - Use Username Authentication with the SQL Membership Provider and Message Security in WCF from Windows Forms How To - Use WsHttpBinding with Windows Authentication and Message Security in WCF from...
 
Tags: wcf, wcf security, authentication, username authentication, windows forms, host wcf, windows authentication, message security, sql role provider
 
 
 
 
Expand article

BSDNews.com is hacked and user information is exposed

The Article has images
2008-04-25 08:10:33 by Evan Francen in The Breach Blog
...Username, password, email address, and in some cases real names Breach Description It appears that the BSDNews.com web site may have been compromised through an exploit of a file named "bottom.php3", which was used by the site. The attacker was able to access and download user account information. As of the time of this writing, BSDNews.com...
 
Tags: bsdnews, password, password management program, site administrator, site, password safe, similar password, similar, email
 
 
 
 
Expand article

How Does a Botnet with 100k Infected PCs Look Like?

The Article has images
2008-05-26 02:35:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...username in a username@hotmail.com fashion What you see is not always what you get, especially with more and more droppers requesting other malware with image file extensions, which gets locally saved in its real nature - %Windir%MediaSystem.exe for instance