You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - mcinn

Pages: [1] 2 3 4
Pwnie for Best Server-Side Bug

Cisco ASA IKEv1/IKEv2 Fragmentation Heap Buffer Overflow (CVE-2016-1287)
ImageTragick (CVE-2016–3714)
Stagefright via MMS (CVE-2015-1538)
glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
Apache Commons Collections Java Object Deserialization RCE (CVE-2015-4852)
Samsung Galaxy Edge Baseband Stack Overflow (CVE-2015-8546)

Pwnie for Best Client-Side Bug

MS16-006 Silverlight BinaryReader Out-Of-Bounds Write RCE (CVE-2016-0034)
glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
MS15-131 Microsoft Office RCE Vulnerability (BadWinmail) (CVE-2015-6172)
MS15-078 OpenType Font Driver Vulnerability (CVE-2015-2426)
Stagefright via Web Browser (CVE-2015-1538)

Pwnie for Best Privilege Escalation Bug

SETFKEY FreeBSD Kernel Vulnerability (CVE-2016-1886)
Widevine QSEE TrustZone Privilege Escalation (CVE-2015-6639)
AMD Piledriver Microcode VM Ring 3 to Host Ring 0
Linux iovec overrun memory corruption (CVE-2015-1805)
Apple Mac OS X WindowServer Use-After-Free (CVE-2016-1804)

Pwnie for Best Cryptographic Attack (new for 2016)

Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
BlueCoat's Intermediate CA Certificate
Got HW crypto? On the (in)security of a Self-Encrypting Drives series
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Pwnie for Best Junk or Stunt Hack (new for 2016)

WhatsApp Message Hacked By John McAfee And Crew
Remotely Killing a Jeep on the Highway
Hacking a Linux-Powered Rifle
"60 Minutes" Hacking Your Phone with a Hacked Phone
Security Analysis of Emerging Smart Home Applications

Pwnie for Best Branding
Nominees (with the best sites and logos):

Badlock Samba bug (CVE-2016-2118)
Mousejack wireless keystroke injection bug
MySQL crypto downgrade (CVE-2015-3152)
SSLv2 Cryto attack [DROWN Attack] (CVE-2016-0800)

Pwnie for Best Song

Host Unknown - Accepted the Risk
AMETIX - The Geek Song
Katie Moussouris - Cyber-lair
fbz- Root Rights are a Grrl's Best Friend

:D What do you guys think? Oh, btw, the awards will be given during this year's Black Hat USA Conference. Anyone attending?

Web Browsing Practices / Vivaldi Browser - Is It Worth It?
« on: July 14, 2016, 08:54:54 pm »
Have you considered trying Vivaldi Browser?

It is definitely intriguing – its user approach seems to be quite unique and you will be able to modify your browsing experience however you like it.

This article has some answers, in case you're still wondering whether it's worth it or not :)

We may not spend too much time thinking about the safety of the information we share (or the information we permit access to), but we spend enough time on our smartphones to be exposed to various perils.

Needless to say, the lack of attention only enhances the likeliness of abusive behavior on behalf of developers, advertisers and even legal entities.

Here's the whole article on the subject:

Web Browsing Practices / Your Thoughts on Private Browsing
« on: June 03, 2016, 02:54:26 pm »
As we all know, private browsing, generally referred to as 'p0rn mode', is one of the easy ways to sustain some level of online confidentiality. Unfortunately, private browsing is not enough if you truly wish to remain ‘unseen’. There are several basic myths that surround the private browsing mode:

  • Private browsing doesn’t make you entirely anonymous
  • Your downloads will be saved, as well as your bookmarks
  • Private browsing doesn’t spare you from being spied on
  • Private browsing may not work properly due to technical issues

More here:

So, what are your thoughts?

Off-Topic Discussions / The things computers do in the movies!
« on: May 05, 2016, 10:38:05 am »
I found this online and I think it's hilarious  ;D What would you add to the list? Any concrete examples you can think of?

Things Computers Can Do in Movies

1. Word processors never display a cursor.
2. You never have to use the space-bar when typing long sentences.
3. Movie characters never make typing mistakes.
4. All monitors display inch-high letters.
5. High-tech computers, such as those used by NASA, the CIA or some such governmental institution, will have easy to understand graphical interfaces.
6. Those that don't have graphical interfaces will have incredibly powerful text-based command shells that can correctly understand and execute commands typed in plain English.
7. Note: Command line interfaces will give you access to any information you want by simply typing, "ACCESS THE SECRET FILES" on any near-by keyboard.
8. You can also infect a computer with a destructive virus by simply typing "UPLOAD VIRUS". (See "Fortress".)
9. All computers are connected. You can access the information on the villain's desktop computer even if it's turned off.
10. Powerful computers beep whenever you press a key or the screen changes. Some computers also slow down the output on the screen so that it doesn't go faster than you can read. (Really advanced computers will also emulate the sound of a dot-matrix printer.)
11. All computer panels operate on thousands of volts and have explosive devices underneath their surface. Malfunctions are indicated by a bright flash of light, a puff of smoke, a shower of sparks and an explosion that causes you to jump backwards.
12. People typing on a computer can safely turn it off without saving the data.
13. A hacker is always able to break into the most sensitive computer in the world by guessing the secret password in two tries.
14. You may bypass "PERMISSION DENIED" message by using the "OVERRIDE" function. (See "Demolition Man".)
15. Computers only take 2 seconds to boot up instead of the average minutes for desktop PCs and 30 minutes or more for larger systems that can run 24 hours, 365 days a year without a reset.
16. Complex calculations and loading of huge amounts of data will be accomplished in under three seconds. Movie modems usually appear to transmit data at the speed of two gigabytes per second.
17. When the power plant/missile site/main computer overheats, all control panels will explode shortly before the entire building will.
18. If you display a file on the screen and someone deletes the file, it also disappears from the screen (See "Clear and Present Danger").
19. If a disk contains encrypted files, you are automatically asked for a password when you insert it.
20. Computers can interface with any other computer regardless of the manufacturer or galaxy where it originated. (See "Independence Day".)
21. Computer disks will work on any computer has a floppy drive and all software is usable on any platforms.
22. The more high-tech the equipment, the more buttons it will have (See "Aliens".)
23. Note: You must be highly trained to operate high-tech computers because the buttons have no labels except for the "SELF-DESTRUCT" button.
24. Most computers, no matter how small, have reality-defying three-dimensional active animation, photo-realistic graphics capabilities.
25. Laptops always have amazing real-time video phone capabilities and performance similar to a CRAY Supercomputer.
26. Whenever a character looks at a monitor, the image is so bright that it projects itself onto their face. (See "Alien" or "2001")
27. Searches on the internet will always return what you are looking for no matter how vague your keywords are. (See "Mission Impossible", Tom Cruise searches with keywords like "file" and "computer" and 3 results are returned.)

Apparently, a new version of the infamous TeslaCrypt has been released in the wild, already infecting victims and encrypting their files.

Some technical features of the ransomware have been changed. Read more about it here:

However, the most striking change is the simplification of the ransom note, which has been deprived of the colorful explanation. Only the payment methods have been left.

If you're a TeslaCrypt victim, we encourage you to leave a comment and share information.

Off-Topic Discussions / IT Jokes and Overall PC Stupidity
« on: April 27, 2016, 03:14:32 pm »
Let's share either some personal experience with inexperienced users (come on, tech support people!) or jokes we found online and thought were worth sharing!

Let me start:

Tech Support's guy favorite customer:

Tech Support: "May I ask what operating system you are running today?"
Customer: "A computer."


When the customer has no idea but doesn't want to give a wrong answer rightaway:

Tech Support: "Do you know what operating system you're on?"
Customer: "Hmmm...what would be a good answer?"


A classic one:

Q: How many programmers does it take to change a light bulb? A: None, that's a hardware problem.


And another one:

Wikipedia: I know everything! Google: I have everything! Facebook: I know everybody! Internet: Without me you are nothing! Electricity: Keep talking bitches!


Do you ever go there?

Where's the best place to hide a body? Page two of Google.



The Internet: where men are men, women are men, and children are the FBI...


The kid is probably into programming today...

Kid: Daddy, how was I born?
Dad: Ah, very well, one day you need to find out anyway! Mom and Dad got together in a chat room. Dad set up a date via e-mail with your Mom and we met at a cyber cafe. We snuck into a secluded room, and then your mother downloaded from your dad's memory stick. As soon as dad was ready for an upload, it was discovered that neither one of us had used a firewall. Since it was too late to hit the delete button, nine months later the blessed virus appeared. And that's the story.

A new version of TeslaCrypt - TeslaCrypt 4.1b - apparently has surfaced the Web and has attacked several users. Since very little information is available about this latest version, you can leave any information you have about the ransomware.

In case you have been attacked or know someone who is a victim of TeslaCrypt 4.1b, please leave a comment here!

Read more about TeslaCrypt 4.1b:

MacX HD Video Converter Pro for Windows is an efficient tool for video conversion with a neat interface and great ease of use. A version for Mac users is also available. In both of its versions, MacX HD Video Converter Pro converts various video formats to a range of file types and keep their quality. It also allows you to create and edit picture sideshows.

Have you tried the program? If yes, what do you think about it?

Read more about it here:

Software Reviews / docLock - keep your files safe
« on: March 30, 2016, 04:25:50 pm »
A small and user-friendly tool that protects various types of files, documents included, by locking them and adding a .doclock extension to them.

The tool offers several encryption algorithms to choose from, as well as 4 cipher modes.

docLock is fast - during installation and locking files. Read more about it here:

Have you used it, and do you like it? Do you know any other similar tools to offer?

Hey guys,

Do you know that Bitdefender offers free protection against Locky, CTB-Locker and TeslaCrypt? The tool is called Bitdefenfer Anti-Ransomware Toolkit and can be downloaded from here:

I already installed it - you never know!

Do you know any other similar, and possibly free tools to prevent ransomware infections? Let's spread the word so more users get their hands on this useful tool!

Software Reviews / Revo Uninstaller Pro - Opinions
« on: March 28, 2016, 02:52:31 pm »
Deleting files via Windows Recycle Bin still leaves physical traces on the hard disk. This is where Revo Uninstaller Pro comes in handy - the program has Evidence Remover which enables you to completely and forever delete anything.

The program has a 30-day trial period, and you can decide whether you like it or not. Other interesting features of the program include:

  • Revo Uninstaller Pro's compatibility with Windows 10 and 64-bit apps;
  • Revo's capability to delete junk files and unwanted registry entries;
  • A bunch of useful features that will appeal to advanced users.

However, the program's interface is not the most progressive one. And its functionalities could have been better if it could remove browser plugins and toolbars.

What's your opinion on Revo Uninstaller Pro? Have a look at its review here:

If you're worried about the current state of cyber security, you should definitely consider installing Secunia PSI, now known as Flexera Software Personal Software Inspector.

The program is a great protection against vulnerabilities and exploits, and the best part is that it's totally free-of-charge. And no, it is not ad-supported which makes it even better :)

Read More about the interesting tool here:

Have you used this or similar type of software?

Software Reviews / Remo Recover for Android - is it worth paying for?
« on: March 24, 2016, 02:55:25 pm »
Remo Recover for Android is a simple and effective program that restores files lost to corruption, deletion or formatting (of SD card). It is installed on a Windows machine which then has to be connected to the mobile via USB cable.

Because of it's simple and user-friendly interface, the program is very easy to use. It is also designed to recover various files such as photos, videos and documents, and APK files. However, if you want to recover contacts or SMS messages, Remo will not do the work.

Have you used the program? If so, do you like it? You can also recommend other software like Remo - both paid or free. :)

Read more about Remo Recover for Android:

Software Reviews / EaseUS Todo Backup Home - Let's Review the Software
« on: March 22, 2016, 03:20:50 pm »
With all the ransomware and malware attacks currently targeting both home and enterprise users, it's more than evident than backup solutions are a must. Let's have a look at one of the most popular and used data backup software - EaseUS Todo Backup.

Some of EaseUS Todo's best features are:

  • Its good backup speed;
  • Its ability to exclude files from backing up;
  • Its ability to transfer data between different operating systems, virtual drives and computer systems;
  • Its smart backup configuration;
  • The fact that the program supports cloud backup;
  • The advanced scheduling option for automatic backup;
  • Its easy access to logs.

On the other hand, these are features that can be improved:

  • Easier access to the scheduling menu can be implemented;
  • The installer could be faster;
  • The program is a bit heavy.

Nonetheless, EaseUS Todo is a versatile and handy backup solution.

If you need more information about it, jump to this article:

Pages: [1] 2 3 4