作者:MJ0011
Malware Defender(简称MD)是一个HIPS & Anti-Rootkit工具。
Malware Defender最新版本1.1.3(2008-09-24)的内核驱动存在多处内核拒绝服务漏洞,任意权限的用户在安装了MD可引发蓝屏出问题的组件:mdcore.sys(安装后随机命名) 版本1.1.0.0 CheckSum = 0x0003C26C TimeStamp = 0x48d88131
阅读全文 »
来源:Web安全手册
<?php
# Name -> Blind SQL Injection by Dichotomy Function
# Credits -> charles "real" F. <charlesfol[at]hotmail.fr>
# Date -> 13-04-08
阅读全文 »Finally NoScript 1.8.2.1 is out, featuring the announced new anti-clickjacking countermeasures enabled by default, independent from IFRAME and plugin content blocking settings.
The most specific and ambitious is called ClearClick: whenever you click or otherwise interact, through your mouse or your keyboard, with an embedded element which is partially obstructed, transparent or otherwise disguised, NoScript prevents the interaction from completing and reveals you the real thing in “clear”. At that point you can evaluate if the click target was actually the intended one, and decide if keeping it locked or unlock it for free interaction. This comes quite handy now that more dangerous usages of clickjacking are being disclosed, such as enabling your microphone or your webcam behind your back to spy you through the interwebs.
阅读全文 »
来源:ha.ckers.org
Today is the day we can finally start talking about clickjacking. This is just meant to be a quick post that you can use as a reference sheet. It is not a thorough advisory of every site/vendor/plugin that is vulnerable – there are far too many to count. Jeremiah and I got the final word today that it was fine to start talking about this due to the click jacking PoC against Flash that was released today (watch the video for a good demonstration) that essentially spilled the beans regarding several of the findings that were most concerning. Thankfully, Adobe has been working on this since we let them know, so despite the careless disclosure, much of the work to mitigate this on their end is already complete.
阅读全文 »
