Infosecstuff - infosecstuff.com - InfosecStuff
General Information:
Latest News:
The Death Knell for OpenX Source 11 Aug 2013 | 01:57 am
I have had a long an sordid history with OpenX Source. Do a simple Google search and you will find many reported vulnerabilities and exploitations related to this software over the last several years....
FreeBSD Servers Hacked: Lessons on SSH Public Key Authentication 24 Nov 2012 | 03:59 am
On November 17th FreeBSD.org released an announcement that two of its servers that are used to package third-party software with its popular operating system had been compromised. This incident was de...
FreeBSD Servers Hacked. Software Integrity Compromised. 24 Nov 2012 | 03:59 am
On November 17 2012, FreeBSD.org announced that two of its servers were compromised via a stolen SSH private key. This article examines the pitfalls of using SSH public key authentication.
Java 7 Zero Day Vulnerability 30 Aug 2012 | 07:55 pm
Earlier this week infosec researcher Esteban Guillardoy unveiled details of an unpatched vulnerability for Oracle’s Java 7 software. This vulnerability is being actively exploited in the wild and has ...
Companies go on the Offensive 23 Jun 2012 | 12:35 am
A recent Reuters report claims that some companies are retaliating against hackers who target their systems. Tired of simply trying to keep the attackers at bay, these businesses apparently believe th...
Microsoft RDP Vulnerability Wormable (MS12-036) 13 Jun 2012 | 09:22 pm
Yesterday Microsoft released their June 2012 security bulletin with a total of 7 advisories. Three of these are rated as critical and one in particular appears to be the type of vulnerability that cou...
OpenX Releases Patch for CSRF Vulnerability 11 May 2012 | 08:47 am
OpenX released a patch for the CSRF vulnerability I wrote about on April 29th. As is typical of their security announcements, there are very few technical details, or even specifics about what the upd...
New PHP Bug Allows Remote Code Execution 10 May 2012 | 02:29 am
A new vulnerability has been discovered in PHP that allows attackers to compromise websites that use this popular scripting language. The vulnerability only works when PHP is run in CGI mode, but it i...
OpenX CSRF Vulnerability Being Actively Exploited 30 Apr 2012 | 04:51 pm
OpenX is one of the most popular banner advertising platforms on the web. OpenX Enterprise is a SaaS product, but they also provide the OpenX Source product for free to those who wish to host their ow...
InfosecStuff Website Redesign 25 Apr 2012 | 06:21 am
If you have ever visited InfosecStuff before, then you probably have noticed that the site has changed dramatically. This overhaul was long overdue and has been months in the making. This is one rea...
