The Wassenaar Arrangement. Maybe you have already heard about that. With the implementation of this multilateral export control regime on conventional arms, dual-use goods and technologies, security researchers like me could be called lords of war and weapons dealers now – sounds cool, but unfortunately it’s
This is quite a sad story and also a perfect example of the ignorance or maybe arrogance of many software vendors. I’ve reported the Buffer Overflow vulnerability to the vendor named “Photodex” and also received an answer, which sounds like they
According to a quite interesting blog post from Brian Krebs, there is currently a Plesk exploit sold (for around 8000$) on underground forums, with the capabilities of: Printing the Admin Password Remote Code Execution Read files from Server Be aware.
Have you read one of my last articles regarding webmasters ? The university of Salzburg didn’t or at least didn’t want to. In April I tried to contact the internal university IT staff about a possible Cross-Site Scripting security flaw on
Just a short notice about CVE-2012-1889 which is currently exploited in the wild. Microsoft says: Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution
A critical security advisory (CVE-2012-2122) has been published, which describes a quite easy way to bypass the authentication mechanisms used in MySQL and MariaDB. The short story: When you connect to your MySQL instance a token of the password is
CSDN, One of the biggest programming communities in China, leaked 6M user data. A text file with 6M CSDN user info: user name, password, emails, all in clear text, is hot on internet. You could easily get the download link