Anonymous Releases Very Unanonymous Press Release
Today, December 10th, Anonymous, an Internet gathering, released a press release which you can read below. In it, a description is provided of what Anonymous is about, what Operation Payback is, and where the media is getting it wrong. Also in it, its author forgot to remove his name in ... Read More
Paypal Sender Country XSS
A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm. NVP is Paypal’s API for Merchants to use when interacting with the Paypal web site, it stands for ... Read More
Turning an ATM into a Slot Machine
Security researcher Barnaby Jack, currently at IOActive but a veteran of Foundstone, eEye, and Juniper with almost ten years in the industry, has demonstrated two exploit methods for ATM’s (Automated Teller Machines) in a presentation that is thus far the talk of the Black Hat 2010 conference. In a discussion ... Read More
114,000 iPad Owners: The Script that Harvested Their E-mail Addresses
Here is the script referenced in the Gawker story from earlier that describes how a number of early iPad 3G subscribers, including names like Harvey Weinstein, Michael Bloomberg, Diane Sawyer, and Rahm Emanuel had their e-mails revealed via a poorly designed web application hosted by AT&T. Goatse Security, named for ... Read More
Thou Shalt Not Send Naked Pictures…To Anyone Ever
It’s becoming a familiar story, an angry parent of a student reports finding inappropriate images, self taken naked pictures and videos, on that student’s cell phone. The images and video were sent to the student by a high school football coach. The mother of the student e-mailed the pictures to ... Read More
