Evolution of Phishing Website

Take a look at the following phishing website: Just another phishing website? Think again.. Take a look at the page source body { background-image: url(bg02.jpg); background-repeat: no-repeat; } The phisher is using image instead of HTML. And YES, this technique can bypass DontPhishMe. I’ve worked on new method to solve this problem and now, DontPhishMe […]

Analysis on Java Web Start Argument Injection Exploit

The recent discovery of Java Web Start Argument Injection vulnerability (CVE-2010-0886 and CVE-2010-0887) has opened a new opportunity for the bad guy to utilize it in drive-by download attack. Here is a short write up on the example (in the wild) found early today, which exploiting this vulnerability. The exploit was found on http://buckomre.com/ and […]

Yara Rule For CVE-2010-0805

The Internet Explorer Tabular Data Control ActiveX Memory Corruption (CVE-2010-0805) exploit was recently ported to Metasploit, so we decided to release the detection rule for Yara. Yes it can also be used with JSunpack! rule MSIETabularActivex { meta: ref = “CVE-2010-0805” impact = 7 hide = true strings: $cve20100805_1 = “333C7BC4-460F-11D0-BC04-0080C7055A83” nocase fullword $cve20100805_2 = […]

Yet another PDF Analyz3r

[A blog post by Ahmad Azizan, practical student @ MyCERT] Until today, the attack on client-side through Adobe Reader’s vulnerabilities are not slowing down. Even though the patches for known Adobe Reader’s vulnerabilities has been released to public for quite a moment, but there is still a lot of  website that hosted the malicious PDF […]

Attention – Mail server upgrade

Attention! On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run […]

Securing PHP : Disabling Dangerous PHP Functions

PHP is a very popular language nowadays. But at the same time, it’s also one of the main sources for user accounts and servers getting compromised. Every PHP developer and hoster should understand the primary attack vectors being used by attackers against PHP applications. They also should be able to classify PHP functions that allowed […]