PasswordFox — Reveal the user names/passwords stored in Firefox. Very useful utility to actually show all your passwords stored on Firefox. It’s not a recovery tool as you still need to type in the master password. However even without master password it shows all the websites you have kept password for, which means I might [...]
Read this story on Slashdot. “Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn’t switched to via fast user switching. Secure? I [...]
Went to the Aussie Bloggers forums this morning and spotted this post on an urgent WordPress upgrade (yes, I usually troll in the forums early in the morning instead of reading RSS feeds). WordPress 2.3.3 has been released fixing a few minor bugs and a security issue. Yes, again — less than two months [...]
eWeek: Opening a PDF file on your Windows PC can get you pwn3d, recently discovered by researcher Petko D. Petkov (his blog is no longer online at this point in time). It’s the same guy who discovered Apple’s Quicktime flaw and how you can infect someone’s PC via Firefox and Quicktime. Interestingly the open source [...]
Got an email from MyBlogLog about 2 days ago. Hi ScottYang, I would like to add you as a co-author of my MyBlogLog community below: Blog/Site: Blogmemes Belgium (http://www.blogmemes.be)MyBlogLog community: http://www.mybloglog.com/buzz/community/Blogmemes_Belgium/ Your MUST click on the link below to accept this request: <Link Deleted> Thanks,Blogmemes_Belgium Instead of clicking on the link, I went straight to its community site on MyBlogLog. And there [...]
Via OpenDNS Blog, PhishTank is a website that collects URLs of phishing websites that conduct fraudulent activity by tricking people believing they are on a legitimate website. I’m getting phishing emails almost everyday telling me either my PayPal is not working, asking me to confirm an eBay purchase, or my bank needs my password. Great [...]
I watched Harrison Ford’s Firewall on DVD on Tuesday. It is an interesting and engaging thriller. Jack Stanfield is an IT security expert in a Seattle bank, and his family has been kidnapped. The kidnappers wanted 100 million dollars transferred to his off-shore account, and need Jack to get “behind the firewall” to activate [...]
Bruce Schneier Facts Database, along the line of Chuch Norris Facts. For example, “Bruce Schneier eats 0s and 1s for breakfast. And snacks on pi.” Being a Schneier fan myself, it is very funny indeed. Via ELER.
Prrof of concept of port scanning arbitary IP addresses from nothing but client side Javascript. From the code it looks like creating IFRAMEs and setting the SRC attribute to try to connect to ports, and has a list of web server signatures to check against. Pretty scary in what client side JS can do. I [...]
Via B. Schneier, Security Research at Cambridge has worked out a way to penetrate through China’s Great Firewall, by ignoring the reset TCP packet sent back by the Chinese routers to keep the connection going. Very interesting analysis, although the article also stated that censorship in China is more than just “Great Firewall”. Might be [...]
Playground is the personal weblog of Scott Yang, a Chinese-Australian Christian who works as a software developer in Sydney Australia.