You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - mcinn

Pages: [1] 2 3 ... 5
Awesome post, thanks!  :D

Pwnie for Best Server-Side Bug

Cisco ASA IKEv1/IKEv2 Fragmentation Heap Buffer Overflow (CVE-2016-1287)
ImageTragick (CVE-2016–3714)
Stagefright via MMS (CVE-2015-1538)
glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
Apache Commons Collections Java Object Deserialization RCE (CVE-2015-4852)
Samsung Galaxy Edge Baseband Stack Overflow (CVE-2015-8546)

Pwnie for Best Client-Side Bug

MS16-006 Silverlight BinaryReader Out-Of-Bounds Write RCE (CVE-2016-0034)
glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
MS15-131 Microsoft Office RCE Vulnerability (BadWinmail) (CVE-2015-6172)
MS15-078 OpenType Font Driver Vulnerability (CVE-2015-2426)
Stagefright via Web Browser (CVE-2015-1538)

Pwnie for Best Privilege Escalation Bug

SETFKEY FreeBSD Kernel Vulnerability (CVE-2016-1886)
Widevine QSEE TrustZone Privilege Escalation (CVE-2015-6639)
AMD Piledriver Microcode VM Ring 3 to Host Ring 0
Linux iovec overrun memory corruption (CVE-2015-1805)
Apple Mac OS X WindowServer Use-After-Free (CVE-2016-1804)

Pwnie for Best Cryptographic Attack (new for 2016)

Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
BlueCoat's Intermediate CA Certificate
Got HW crypto? On the (in)security of a Self-Encrypting Drives series
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Pwnie for Best Junk or Stunt Hack (new for 2016)

WhatsApp Message Hacked By John McAfee And Crew
Remotely Killing a Jeep on the Highway
Hacking a Linux-Powered Rifle
"60 Minutes" Hacking Your Phone with a Hacked Phone
Security Analysis of Emerging Smart Home Applications

Pwnie for Best Branding
Nominees (with the best sites and logos):

Badlock Samba bug (CVE-2016-2118)
Mousejack wireless keystroke injection bug
MySQL crypto downgrade (CVE-2015-3152)
SSLv2 Cryto attack [DROWN Attack] (CVE-2016-0800)

Pwnie for Best Song

Host Unknown - Accepted the Risk
AMETIX - The Geek Song
Katie Moussouris - Cyber-lair
fbz- Root Rights are a Grrl's Best Friend

:D What do you guys think? Oh, btw, the awards will be given during this year's Black Hat USA Conference. Anyone attending?

Web Browsing Practices / Re: do you use DuckDuckGo?
« on: July 19, 2016, 10:33:21 am »
Hi there,

I recently switched to DuckDuckGo and I was wondering if people know about this search engine.

From their PP:

"At other search engines, when you do a search and then click on a link, your search terms are sent to that site you clicked on (in the HTTP referrer header). We call this sharing of personal information "search leakage."

For example, when you search for something private, you are sharing that private search not only with your search engine, but also with all the sites that you clicked on (for that search).

In addition, when you visit any site, your computer automatically sends information about it to that site (including your User agent and IP address). This information can often be used to identify you directly." etc

More here:

Also, I read that they have implemented Tor but I can't find it  :-\ Can you help?

Hi gal,

This is what I found:
It seems that Tor has switched to DuckDuckGo results by default :)

Web Browsing Practices / Vivaldi Browser - Is It Worth It?
« on: July 14, 2016, 08:54:54 pm »
Have you considered trying Vivaldi Browser?

It is definitely intriguing – its user approach seems to be quite unique and you will be able to modify your browsing experience however you like it.

This article has some answers, in case you're still wondering whether it's worth it or not :)

Software Reviews / Re: What is Heimdal PRO?
« on: June 21, 2016, 12:56:15 pm »
a second generation security tool  ;D

We may not spend too much time thinking about the safety of the information we share (or the information we permit access to), but we spend enough time on our smartphones to be exposed to various perils.

Needless to say, the lack of attention only enhances the likeliness of abusive behavior on behalf of developers, advertisers and even legal entities.

Here's the whole article on the subject:

Web Browsing Practices / Your Thoughts on Private Browsing
« on: June 03, 2016, 02:54:26 pm »
As we all know, private browsing, generally referred to as 'p0rn mode', is one of the easy ways to sustain some level of online confidentiality. Unfortunately, private browsing is not enough if you truly wish to remain ‘unseen’. There are several basic myths that surround the private browsing mode:

  • Private browsing doesn’t make you entirely anonymous
  • Your downloads will be saved, as well as your bookmarks
  • Private browsing doesn’t spare you from being spied on
  • Private browsing may not work properly due to technical issues

More here:

So, what are your thoughts?

Windows Updates / Re: KB 3105210
« on: June 03, 2016, 11:19:51 am »

Whatever happens, I bet that the cyber criminals operating this ransomware won't just give up and will likely come up with a new and better crypto virus...

Off-Topic Discussions / The things computers do in the movies!
« on: May 05, 2016, 10:38:05 am »
I found this online and I think it's hilarious  ;D What would you add to the list? Any concrete examples you can think of?

Things Computers Can Do in Movies

1. Word processors never display a cursor.
2. You never have to use the space-bar when typing long sentences.
3. Movie characters never make typing mistakes.
4. All monitors display inch-high letters.
5. High-tech computers, such as those used by NASA, the CIA or some such governmental institution, will have easy to understand graphical interfaces.
6. Those that don't have graphical interfaces will have incredibly powerful text-based command shells that can correctly understand and execute commands typed in plain English.
7. Note: Command line interfaces will give you access to any information you want by simply typing, "ACCESS THE SECRET FILES" on any near-by keyboard.
8. You can also infect a computer with a destructive virus by simply typing "UPLOAD VIRUS". (See "Fortress".)
9. All computers are connected. You can access the information on the villain's desktop computer even if it's turned off.
10. Powerful computers beep whenever you press a key or the screen changes. Some computers also slow down the output on the screen so that it doesn't go faster than you can read. (Really advanced computers will also emulate the sound of a dot-matrix printer.)
11. All computer panels operate on thousands of volts and have explosive devices underneath their surface. Malfunctions are indicated by a bright flash of light, a puff of smoke, a shower of sparks and an explosion that causes you to jump backwards.
12. People typing on a computer can safely turn it off without saving the data.
13. A hacker is always able to break into the most sensitive computer in the world by guessing the secret password in two tries.
14. You may bypass "PERMISSION DENIED" message by using the "OVERRIDE" function. (See "Demolition Man".)
15. Computers only take 2 seconds to boot up instead of the average minutes for desktop PCs and 30 minutes or more for larger systems that can run 24 hours, 365 days a year without a reset.
16. Complex calculations and loading of huge amounts of data will be accomplished in under three seconds. Movie modems usually appear to transmit data at the speed of two gigabytes per second.
17. When the power plant/missile site/main computer overheats, all control panels will explode shortly before the entire building will.
18. If you display a file on the screen and someone deletes the file, it also disappears from the screen (See "Clear and Present Danger").
19. If a disk contains encrypted files, you are automatically asked for a password when you insert it.
20. Computers can interface with any other computer regardless of the manufacturer or galaxy where it originated. (See "Independence Day".)
21. Computer disks will work on any computer has a floppy drive and all software is usable on any platforms.
22. The more high-tech the equipment, the more buttons it will have (See "Aliens".)
23. Note: You must be highly trained to operate high-tech computers because the buttons have no labels except for the "SELF-DESTRUCT" button.
24. Most computers, no matter how small, have reality-defying three-dimensional active animation, photo-realistic graphics capabilities.
25. Laptops always have amazing real-time video phone capabilities and performance similar to a CRAY Supercomputer.
26. Whenever a character looks at a monitor, the image is so bright that it projects itself onto their face. (See "Alien" or "2001")
27. Searches on the internet will always return what you are looking for no matter how vague your keywords are. (See "Mission Impossible", Tom Cruise searches with keywords like "file" and "computer" and 3 results are returned.)

Apparently, a new version of the infamous TeslaCrypt has been released in the wild, already infecting victims and encrypting their files.

Some technical features of the ransomware have been changed. Read more about it here:

However, the most striking change is the simplification of the ransom note, which has been deprived of the colorful explanation. Only the payment methods have been left.

If you're a TeslaCrypt victim, we encourage you to leave a comment and share information.

Off-Topic Discussions / Re: What if you didn't own a smartphone?
« on: April 27, 2016, 03:25:47 pm »
I agree, but I personally would prefer the Nokia 3310!
As the legend goes, it is unbreakable, and can also help break other stuff.

So it has multiple purposes like a smartphone, without the problems that arise from one. :)

Nokia - Opening beers since 3310!

Off-Topic Discussions / Re: IT Jokes and Overall PC Stupidity
« on: April 27, 2016, 03:23:35 pm »
Well, I'll be the first one to reply  ::) :

If at first you don't succeed, call it version 1.0.

Off-Topic Discussions / IT Jokes and Overall PC Stupidity
« on: April 27, 2016, 03:14:32 pm »
Let's share either some personal experience with inexperienced users (come on, tech support people!) or jokes we found online and thought were worth sharing!

Let me start:

Tech Support's guy favorite customer:

Tech Support: "May I ask what operating system you are running today?"
Customer: "A computer."


When the customer has no idea but doesn't want to give a wrong answer rightaway:

Tech Support: "Do you know what operating system you're on?"
Customer: "Hmmm...what would be a good answer?"


A classic one:

Q: How many programmers does it take to change a light bulb? A: None, that's a hardware problem.


And another one:

Wikipedia: I know everything! Google: I have everything! Facebook: I know everybody! Internet: Without me you are nothing! Electricity: Keep talking bitches!


Do you ever go there?

Where's the best place to hide a body? Page two of Google.



The Internet: where men are men, women are men, and children are the FBI...


The kid is probably into programming today...

Kid: Daddy, how was I born?
Dad: Ah, very well, one day you need to find out anyway! Mom and Dad got together in a chat room. Dad set up a date via e-mail with your Mom and we met at a cyber cafe. We snuck into a secluded room, and then your mother downloaded from your dad's memory stick. As soon as dad was ready for an upload, it was discovered that neither one of us had used a firewall. Since it was too late to hit the delete button, nine months later the blessed virus appeared. And that's the story.

Dear mcinn, I am infected with virus that blocks my files with ccc extension. Am I infected with this teslacrypt or ccc file extension virus? I followed a .ccc file extension ransomware removal guide[/url] but it failed to recover my files.. Why?

Hi Gabriel,

Have you tried using such software: to restore some of your files?

Pages: [1] 2 3 ... 5