Here is the story: A couple of days ago I was interested in putting together some research on client-side vulnerabilities found within Adobe AIR applications. The material was supposed to go into my Black Hat talk, which is happening on 27-28 March, btw. I’ve heard that Pownce’s IM client uses Adobe AIR, so I thought that this could be a perfect example I can make use of. Although, there are some very obvious vulnerabilities within the client, which I’ve tested offline btw, I noticed that parts of the requests delivered from the server does not seem to be sanitized at all. After further investigation, I noticed that my personal profile is vulnerable to attack known as Persistent Cross-site Scripting, which is the most serious type of all Cross-site Scripting attacks.
The Cross-Site Scripting condition occurs within a very obscure place and it is restricted to 16 characters. Because of the space restrictions, I was able only inject things like alert(1) and this was pretty much it. Obviously, this is not enough for even an alert(1) command, so other methods for execution were needed in order to make the vector successfully exploitable.
Some Russian mathematicians claim that when the atom-smashing machine at the European Particle Physics Centre near Geneva opens for business at the end of April, one of the results of wee particles being smashed together at insane speeds could be a rip in the fabric of time itself, allowing for tiny particles to jump in time. If we figure out how to hold open said rip, maybe, just maybe, we could go back or forward in time.
Grandma death thinks time travel is possible at the CERN lab.
After a torrid moment shared in the backseat of America's largest investment firms, Yahoo decided, at the behest of friends and family, that things just wouldn't work out with Microsoft. But it isn't over. In a very heartfelt public statement today set to the backdrop of In Your Eyes, Microsoft let it be known that it's still interested in "consummating" with Yahoo, and even got a little aggressive sounding in "reserving the right to pursue all necessary steps to ensure that Yahoo!'s shareholders are provided with the opportunity to realize the value inherent in our proposal." You old sweetheart, you're shaking!
Old news, but I thought that picture was hilarious.
Developers create open-source OS kernels using .NET tools
Topic: Miscellaneous
3:46 pm EST, Feb 9, 2008
Developers are working to create experimental open-source operating systems with modular microkernels using the C# programming language. The SharpOS and Cosmos projects both announced their first major milestone releases last month, demonstrating the technical viability of the concept.
Glad to see some work on a C# OS beyond Singularity. Also good to see some interesting goals beyond research.
BlueProximity - Bluetooth device distance detection and automatic locking tool
Topic: Miscellaneous
11:11 am EST, Feb 9, 2008
This software helps you add a little more security to your desktop. It does so by detecting one of your bluetooth devices, most likely your mobile phone, and keeping track of its distance. If you move away from your computer and the distance is above a certain level (no measurement in meters is possible) for a given time, it automatically locks your desktop (or starts any other shell command you want).
Once away your computer awaits its master back - if you are nearer than a given level for a set time your computer unlocks magically without any interaction (or starts any other shell command you want).
(ATLANTA) — The sexually transmitted virus that causes cervical cancer in women is poised to become one of the leading causes of oral cancer in men, according to a new study.
