Dear All,
I would like to offer you 125x125 button ads in the right hand side of 2 blocks for 25$ a month. Secgeeks is a popular information security site and it consists of a nice community which influence the information security policy and decisions in their organizations.you will defiantly benefit by advertising on secgeeks.
Custom plans are also available which we can discuss further.
you can mail me at: secgeek@secgeeks.com
Looking forward to your replies.
Thanks,
SecGeek
Hi All,
I would like to sell secgeeks.com as i would like to focus on other priorities and tasks in my life.This is what i started as hobby for more then 2.5 years back.i learned many things during this tenure.I would like to thanks everyone who has made it possible for me to achieve this goal.all the advertisers,sponsors and partner deserves a special mention here as it was just because of them this sites survived in various ups and downs in my life.so a big thank you to all of them. read more »
I am a diehard fan of Pidgin,formerly Gaim. i m using it from almost 4 years now.but in the recent version i dont know whats the problem is?when i chat simalteniously with 2-3 people it just seems to get hanged.I am not sure if i am the only one who has this problem or there are others too who faces this.
but overall i m loosing my faith on this software.heared the trillian is good alternative but i dont like its GUI.so let me know if you know any other alternative to it.
After the Fake CNN alerts , scammers are not targetting MSNBC to spread malware.beware of such link.its good to know that my spam filters are catching them as spam.but i just wanted to let you know , i m seeing an increasing trends in such stuff and tomorrow it may some other news service.so be curious and just dont click on any of the link without checking where it is pointing to.
Today i came to know about a new feature in gmail.It basically display the ip address from which your email account has been accessed.you can see it in the bottom.
like this:
Last account activity: 5 minutes ago at this IP x.x.x.x
there is also a link to details.on clicking on it,it will display another window and will give you a option to delete all the sessions.it will help you to secure you account.suppoes you have logged in from office and forgot to signin and if you are afraid that someone might misuse your computer then simplay click on that button and you are done.
cool,yeah!!
A good friend of mine from enable security has written an nice article on "surf jacking". from the article:
"Say hello to a new security tool called “Surf Jack” which demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag. I’ve been working with two banks and some of the vulnerable sites to get this fixed before publishing my research. Mike Perry gave a talk at Defcon involving the exact same vulnerability - so there is no point in keeping this from the public."
you can read his article here.
Here is the video:
Surf Jacking Gmail demonstration from Sandro Gauci on Vimeo.
The following describes a long-standing and common implementation flaw in online affiliate programs allowing for fraud. For those unfamiliar affiliate programs, they provide a way for companies to allow 3rd parties/website owners to direct traffic to their site in exchange for a share of the profits of user purchases. Most view affiliate programs as a great way to monetize their traffic by strategically placing a few links on their sites. read more »
If you receive a mail saying that CNN alerts,beware of opening it.it contains a link which will force you to download an exe file.It will represent itself as an activex installation but actully it is a virus.
look at the bellow screenshot.
read more »
I use spider monkey or rhino to decode javascripts. both are nice tools.in rhino use version 1.6 as for 1.7 i am still not able to figure out how to run GUI,may be it is missing some files?
sans has posted a nice diary here.i m going to show you two tricks.
1)when a script uses document.write function,rhino or spider monkey does not work.because there is no document object and there is no document.write method.so to overcome this use following:
function doc(){
this->write=write();
}
function write(value)
{ read more »
Microsoft announced it's working with Sony of America and Toshiba Asia Pacific to pre-install Windows OneCare on new PCs. I say yippee because I'm tried of uninstalling Symantec slow-ware from new PCs. I long ago swore off Symantec's products because of their poor performance and how they slowed down (brought to a crawl in many cases) my PCs. OneCare on the otherhand has been a pleasure to use. I've have very little problems with OneCare and the performance hit is relatively marginal compare to Symantec and McAfee. read more »
I was reading this story it says cuil.com is a new google killer.I tried it with simply seaching for secgeeks and here is the results:
read more »
Halvar has posted an explanation on why you should attend the blackhat presentation by Dan Kaminsky.
I am fully agree with him.Technical details about the DNS vulnerability is publically available,there is one metasploit module available.But i think it is good to know how Dan Kaminsky will desscribe his finding at blackhat.so even i too waiting for his talk :)
The Bug is critical i can not imagine what will happen.only thing i will suggest is patch your softwares now.
here is link to a snort signature.please note that the signature is high load signature.please keep this in mind.
on the other side i was thinking about how it will be exploited in near future: read more »
I have been following various blogs and i inspired by some of them like techcrunch,mashable etc.From long time i was thinking about changing secgeeks.com theme and making it like them(ah you can call me copy cat). so finally i have removed the old theme and applied this theme.let me know what you think about it.
its simpler to use, i have also removed voting support.so please feel free to post your comments and i would love to hear that.
Thanks,
SecGeek
I was reading on various websites that the bug has been leaked.halvar flake posted something and after that people at matasano chargen posted another post in response to that.although they quickly took it down.but considering the popularity of their blog many people already read that post before they took it down.i come to know that it has been available on reddit now.
considering the fact that they had got the details about this bug directly from the dan kaminsky(person who discover this bug) through a voice conference,i am sure that blog post contains some accurate details. read more »
I m getting tons of spam daily.but this one is bit different.check it:
Special issue of news from CNN! Urgent Fresh News!
Usama bin Laden(Osama bin Laden) one of the largest organizers of terrorist activity, and similarly the largest leaders of terrorist organization of Al Kaeda, detained American soldiery force in Iraq. read more »
From last few months there is a rise in activex vulnerabilities.If we look at milw0rm than there are lots of POCs which exploits activex vulnerabilities.In this article i am going to show what is activex exploitation.
Introduction
ActiveX are com objects.Com is a technology used by microsoft,which allows using components written in one language to be used by another language.for example,suppose you have written one dll in VC++ then com allows you to use it in VB. read more »
Spammers are everywhere.they are using almost all the sites to send fake antivirus[trojan],viagra and all the shitty stuff.I am receiving some stupid mails these days.some of them containts links to wikidot.com
following is one the url:
http[://]israel-viagra[.]wikidot[.]com
and following is the text:
?????? ??????
?????? ??????
?????? ?????
?????? ????
not sure what does it means though :-p anyone has any idea?
on the other side on visitng indiasphere.com my antivirus popsup saying the it contains some html trojan clicker. read more »
many of the folks i interact with always says that sql injection and xss does not matter much these days.i say i m strongly disagree.it takes skills to write a buffer overflow/heap overflow and therefor not many people really preffer doing it that way.if you want to own some site i bet my first guess anyone will do is look for either sql injection or xss.
there are many such bugs discovered in various popular softwares.it is not possible to ignore this attacks.only thing i want to say here is take them seriously otherwise some kid will come an hack your site.
Get SecGeeks Feeds in your email:
add me on gtalk: secg33k@gmail.com
