Usb To Rca Cable - Best Buy

And the winner is ...

Like every month, the Microsoft approach to publishing, the "sécurosphère" is boiling. What will it take to patch this month? A total of 8 bulletins, 6 critical. list here . We will say that this is a menu "usual" (Although some habits should be lost ...:)).

But this month ... Chef's surprise: a 0-day flaw in IE7. And as is the 0-day, the patches released today, including the MS08-073, do not correct the fault. And to accompany that of the PoC (Proof of Concept) were released into the wild.

What does this little beast? It operates mismanagement XML malicieu to inject code into memory.

The SANS Institute tells us more in advising us an alternative browser and Secunia advises us not to click links "Trusted".

And if you test Firefox ? :)

Other sources:
eEye Digital Security - Research - link
Blog - ZDNet - link
McAfee Avert Labs Blog - link


Update of 11/12: A peeling the attack was carried out by CERT-LEXSI. Their blog .

Ellectro Gay Men Group

Security by obfuscation. An analyzer

Always on a mission away from my country, I still resides at the hotel. And the evenings are long and cold this season ... This pretty hotel has WiFi ... Unsecured, but one that requires a login / password to browse the Web. Let's take a closer close ...

Already I was told at the beginning of the stay mdp connection changes daily. And it gives me a paper with written on it: Client / Edf45sEr. Here is the login / password. Brute-force? No it means bof bof. Looking shorter.

So Let's login to the WiFi. Trying to connect to my friend Google ... A nice login screen appears:

And in the url, a bunch of parameters:
https: / / 192.168.2.1/cgi-bin/hotspotlogin.cgi? Res = & notyet uamip = 192.168.2.1 & uamport = 3990 & challenge = 3c1d263bd4ac9a9dcaaf25e62d416650 userURL & = & Nasidi etap = & mac = 00-AA-DE-8B-78-A4

It shows the MAC address, port and other info. Good and what is hidden in the site root?
Aahhh damn, I can not connect to localhost ... :) Well it not replace the IP address ... ;)


And duh, what I get ... Administration Console users. With the couple login / password for the account "customer."


And if you looked at the list of other users ... Ah ben y 'admin account ... Bravo calf! :)


So login and pwd for connection can be found as soon as one is connected to a WiFi network. Not glop: (lol

Conclusion:
obfuscation Security through these limitations and is very very limited as security strategy ... You still hide your keys under the flowerpot of the entry you? And ben ... there is such

By scratching a little more, we see that it is an apache that runs the service ... it would have been wise to separate the authentication client to the administration and restrict access with a setting like "Allow from localhost . Hoping a screen to be connected ...:)