Exploit

https://en.wikipedia.org/wiki/CRIME_(security_exploit) from http://tech.slashdot.org/story/13/07/09/1455200/ It works like this. You visit a site that has malicious JavaScript which sends a HTTPS request to some site (like your bank). This request will include whatever known plain-text that the JavaScript wants to send, plus any cookies you have stored for the target site, possibly including authentication cookies. If the plain text happens to match part of that authentication cookie, then the compressed headers will be smaller than if they if they don’t match. If the attacker can monitor this encrypted traffic and see the sizes of the packets, then they can systematically select the known plaintext to slowly learn the value of the authentication cookie. This can be done today in about half an hour. And the attack setup is feasible - consider a public WiFi access point that requires you to keep a frame open in order to use their WiFi. This gives them both the MITM and JavaScript access needed to perfo… ...

https://en.wikipedia.org/wiki/CRIME_(security_exploit) from http://tech.slashdot.org/story/13/07/09/1455200/ It works like this. You visit a site that has malicious JavaScript which sends a HTTPS request to some site (like your bank). This request will include whatever known plain-text that the JavaScript wants to send, plus any cookies you have stored for the target site, possibly including authentication cookies. If the plain text happens to match part of that authentication cookie, then the compressed headers will be smaller than if they if they don’t match. If the attacker can monitor this encrypted traffic and see the sizes of the packets, then they can systematically select the known plaintext to slowly learn the value of the authentication cookie. This can be done today in about half an hour. And the attack setup is feasible - consider a public WiFi access point that requires you to keep a frame open in order to use their WiFi. This gives them both the MITM and JavaScript access needed to perfo… ...

http://pastebin.com/gAs4EkyG Example of perl exploit script that runs on a compromised web server and provides remote shell, http proxy and DDoS agent. Works on *nix and windows

http://pastebin.com/gAs4EkyG Example of perl exploit script that runs on a compromised web server and provides remote shell, http proxy and DDoS agent. Works on *nix and windows

http://justanothergeek.chdir.org/2011/01/linux-security-one-year-later.html review of the security related things that happened in the linux kernel circles in 2010.

http://www.immunityinc.com/products-canvas.shtml Immunity Debugger, vulns, sploits, and other good stuff

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html explains Marsh Ray’s attack in details, pls patch to fix the TLS protocol

http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ detalied description about Flash vuln that was used to vin a recent hack contest (where vista and mac were hacked )