Johnny’s “No-Tech Hacking” talk!
This is one of Johnny's most "famoustest" talks ever, and this is the evolution, which Johnny presents to audiences all over the world! Now it's available as a video exclusively to Informer subscribers! Enjoy!
Advisory: Gmail – Google Docs Cookie Hijacking through PDF Repurposing
Google docs network was vulnerable to PDF re purposing attacks. The vulnerability was disclosed to Google with a discretion. This is done to mitigate the risk . Google has worked over it and patched it with in a period of 5 days. The Google doc has been refined and support for adobe plugin is removed.
The user security is the prime issue because millions of user were at risk if this attack persisted in the open environment. Integrated accounts were more susceptible as certain credentials could be used to access other accounts.
Thanks to Google for considering the recommendation and changing the working behavior of specific components at risk.
The detailed advisory is released here:
Hot packet-on-packet 0day action!!! Okay, simply more old 0day…
WARNING - POSSIBLE IMMATURE CURSING AHEAD. OK *ACTUAL* IMMATURE CURSING, WTF... Well, apparently it was a real popular thing to give away a couple of 0day exploits, so more 0day is being given away! Again this is from the good old days at BindView when your buddy SN was on the RAZOR team.
WhitePaper – PDF Silent HTTP Form Repurposing Attacks
This paper sheds light on the modified approach to trigger web attacks through JavaScript protocol handler in the context of browser when a PDF is opened in it. As we have seen, the kind of security mechanism implemented by Adobe in order to remove the insecurities that originate directly from the standalone PDF document in order to circumvent cross domain access. The attack is targeted on the web applications that allow PDF documents to be uploaded on the web server.
Maltego 155 day license!
First come first serve...here's the Maltego license key that's good for 155 days:(see below). Not working anymore ? You should have been checking the site more regularly. Can't see the license key? Subscribe to the site and donate some money to those that really need it. Just do it.
A Tale of Two Bugs
The following is a pre-release of a blog post by Simple Nomad. It contains colorful sailor language -- not descriptive nautical seafaring prose, but low-brow unnecessary pirate cursing. Proceed at your own risk. Arrrr!
Not one, but two 0days surpressed from the BindView RAZOR days....and I am letting them go now.Welcome to the Informer!
The Informer is a fund raising effort run by Hackers [...]