02-17-2010 5:39
Telekom, Huawei, CSRF
Vecina Telekom ADSL modema je ranjiva na CSRF napade, ovim putem mozemo izmeniti vitalna podesavanja i ugroziti korisnike na vise nacina.

Linkovi:

- http://netsec.rs/18/huawei-hg510-multiple-vulnerabilities/493/
- http://www.securityfocus.com/bid/38261/info
- http://www.elitesecurity.org/t391845-Telekom-ADSL-amp-Huawei-CSRF-Auth-Bypass-DoS
- http://en.wikipedia.org/wiki/Cross-site_request_forgery >>

Ivan Markovic

03-12-2010 16:41
Smart PHP Subscriber Multiple Disclosure Vulnerabilities / Milos
Smart PHP Subscriber / 1.0 / http://www.scriptsez.net/?action=details&cat=Mailing%20List%20Managers&id=1071253339 Vulnerability: Multiple Disclosure Vulnerabilities Author: Milos Zivanovic http://packetstormsecurity.org/0912-exploits/smartphpsub-disclose.txt http://www.exploit-db.com/exploits/10437 http://secunia.com/advisories/23886  >>

chaossecurity

 -  chaossecurity:  odlican.net cms v.1.5 remote file upload vulnerability /Teo
 -  chaossecurity:  Mail Manager Pro CSRF Vulnerability / Milos
 -  m1k1:  Twitter u službi lopova

03-11-2010 21:30
Hakeri napali 150 sajtova u Crnoj Gori
Crnogorski sajtovi, njih oko 150, blokirano je danas zbog hakerskog napada na jedan od web hosting servera Crnogorskog Telekoma. Predstavnica Telekoma Jelena Radonjić kazala je da se napad na server dogodio u srijedu oko 22 sata, kada su hakeri izmijenili sadržaj na oko 150 sajtova, među kojima su i oni Pošte Crne Gore, Atlasmont i Hypo Alpe Adria banke...

Izvor: http://www.vesti.rs/Vesti/Hakeri-napali-150-sajtova-u-Crnoj-Gori.html >>

MyCity::Zastita

03-12-2010 19:04
Re: MSN virus ili nesto drugo
Izvinjavam se svima za postavljeni link. Zaista nisam zelio nikoga da zarazim. Dakle moj Avast moze u smece da ide, jer on nije nista nasao. Sa Malwarebytes sam se ( nadam se ) rijesi smeca. >>

ES::Zastita

 -  ES::Zastita:  Re: Problem koji nervira
 -  ES::Zastita:  Re: Proces lsass.exe?
 -  ES::Zastita:  Re: Program koji se pokrece pri startu win-a

03-10-2010 15:34
Forum nove regionalne politike i evropskih integracija

Forum mladih Igmanske inicijative i Fondacija Friedrich Ebert u Beogradu pozivaju sve zainteresovane da se prijave za učešće u radu I Foruma nove regionalne politike i evropskih integracija, koji će se održati od 12-14. maja 2010. godine na Fruškoj gori.

read more

 >>

Bezbednost

03-13-2010 5:25
Avast! Free Antivirus 5.0.462
ITsvet.com: Avast! Free Antivirus predstavlja najbolju antivirus zaštitu koja je trenutno dostupna na tržištu. Ova edicija je besplatna za nekomercijalnu i kućnu upotrebu. Njene karakteristike uključuju: ugrađenu anti-spyware zaštitu, web shield, ugrađeni anti-rootkit, automatsko ažuriranje, proveru virusa, integraciju u sistem, jednostavan korisnički interfejs, integrisani čistač virusa, podršku za 64-bitne verzije Windows-a, P2P i IM shield-ove, lokalizaciju na različite jezike. >>

Vesti.rs

 -  infigo:  Konzum webshop - ISO 27001 certified

02-24-2010 8:18
Hacking Linksys IP Cameras (pt 6)

This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4), Hacking Linksys IP Cameras (pt 5).

As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camer >>

Feedproxy Security

03-12-2010 20:58
Password Managers, is this the best option user’s have?
Before reading the following, ask yourself if you’d recommend to the average user that they store their passwords in a local password manager.

Today there are four primary ways users lose control over their web-based passwords. Phishing Scams (email or SEO), Malware (installing malware or drive-by-downloads), website break-ins (SQLi, RFI, misconfiguration, etc.), and website brute-force attacks. For a user to protect themselves I’ve outlined the client-side technologies they can  >>

Feedproxy Security

 -  ha.ckers:  Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass
 -  Ilia Alshanetsky:  ConFoo PHP 5.3 == Awesome! Slides
 -  ha.ckers:  RSA Conference Wrapup

03-10-2010 15:51
Sophos Email Security Appliance Receives Five Star Rating and Named 'Best Buy' in SC Magazine Group Test
Sophos Email Security Appliance Receives Five Star Rating and Named 'Best Buy' in SC Magazine Group Test >>

Sophos

03-10-2010 23:38
Let’s talk about the “End” in End-to-End Trust, Part I
Let’s talk about End in End-to-End Trust, or, in other words, the Human Being. Focus on the human subject – the beneficiary of technology We’re pretty good at dealing with everything from the digital perimeter through to the protected resources the person wants to access. But the big problem, the very old problem, that we’ve made little progress in solving, is reliably and confidently authenticating the person to the digital perimeter. Let’s keep in mind the kind of attacks on informat >>

Feedproxy Security

 -  :  Multiple DOM-Based XSS in Dojo Toolkit SDK
 -  thespanner:  Hackvertor and JSReg
 -  1raindrop:  Notes Richard Bejtlich OWASP Podcast

03-08-2010 9:38
Mondo: Čuvajte se lažnog Microsoftovog antivirusa
Mondo Kompanija Microsoft upozorila je korisnike na pojavu antivirusa koji ima slično ime kao i legitimni antivirus ove kompanije, ali se zapravo radi o trojancu. Originalni naziv legitimnog antivirus programa glasi Microsoft Security Essentials, dok se lažni softver razlikuje u jednom slovu i nosi naziv Secirity Essentials 2010. Problem nastaje kada korisnici, koji u naslovu vide natpis Microsoft, automatski krenu sa učitavanjem lažnog antivirusa, ne znajući da time u kompjuter >>

Naslovi

03-07-2010 15:37
Personal magazin: Google Street View nepoželjan i u Sloveniji
Vozila sa kamerama koje snimaju ulične prizore za Googleovu aplikaciju Street View ne smeju u Sloveniju bez prethodne najave, jer bi mogla povrediti privatnost informacija ili ljudsko dostojanstvo. Prema izveštajima slovenačkih medija, ekipe sa vozilima koje snimaju kadrove koji se onda mogu naći na internetu uočene su blizu slovenačke granice sa Austrijom, ali poverenica slovenačke vlade za zaštitu privatnosti Nataša Pirc Musar upozorava [...]
Vaš komentar  >>

Naslovi

 -  Naslovi:  Nacionalna klasa: NK TEST: Toyota Prius 1.8 Sol
 -  Naslovi:  IT svet: Spam rat u Evropi traje

03-12-2010 15:54
AVG Anti-Virus Free Edition 9.0 Build 790a2730
AVG Anti-Virus Free Edition is an anti-virus scanner that offers Resident Protection, e-mail Scanner, On-Demand Scanner, and Virus Vault for safe handling of infected files and automatic updates. ... >>

net-security

03-12-2010 9:37
iScanner v0.4 released - Malicious codes scanner
iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.
Features
Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects.
Extensive log shows the infected files and the malicious  >>

security-database

03-13-2010 3:00
Troj/Agent-MRR

 >>

Sophos

03-13-2010 3:00
Troj/FakeAV-AZW

 >>

Sophos

 -  XSSed:  www.bobparsons.me XSS
 -  XSSed:  store.dakar.com XSS
 -  XSSed:  www.reuters.com XSS

03-10-2010 23:18
SecretService 0.3
SecretService enables you to encode text in all OS X aware applications with just one click. Simply highlight the text to encode or decode and select SecretService from the Services menu, plain text w... >>

net-security

03-11-2010 23:07
Safari 4.0.5 now available in Software Update

Filed under: Software Update, Security

New browser time -- and unfortunately, time to restart your Mac. Safari has been updated (for 10.4, 10.5 and 10.6 on the Mac side, and Windows XP/Vista/7 on the Win side); it includes the improvements noted: Performance improvements for Top Sites Stability improvements for plug-ins, and for sites with SVG graphics and online forms Fixes issues affecting settings changes to some Linksys routers and iWork.com user comments There ar >>

tuaw

03-10-2010 23:38
Let’s talk about the “End” in End-to-End Trust, Part I
Let’s talk about End in End-to-End Trust, or, in other words, the Human Being. Focus on the human subject – the beneficiary of technology We’re pretty good at dealing with everything from the digital perimeter through to the protected resources the person wants to access. But the big problem, the very old problem, that we’ve made little progress in solving, is reliably and confidently authenticating the person to the digital perimeter. Let’s keep in mind the kind of attacks on informat >>

Feedproxy Security

03-12-2010 20:11
Multiple DOM-Based XSS in Dojo Toolkit SDK

We released an advisory today to Bugtraq regarding a DOM-Based XSS bug I found in the Dojo Toolkit SDK 1.4.1 and earlier versions. The Dojo team was informed on February 19, 2010 and released the fix today along with some other security bugs. If you want some more information on this bug as well as the other bugs that were fixed, see their security bulletin.

The files identified with the XSS issues are primarily designed for testing; however a quick Google search will identify numerous >>



 -  thespanner:  Hackvertor and JSReg
 -  1raindrop:  Notes Richard Bejtlich OWASP Podcast
 -  ha.ckers:  Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass