Yahoo Sites Impacted by XSS Flaw in Comments Section

Cyber Security News, Information, Tips and Hacks

Yahoo has addressed a cross-site scripting (XSS) flaw that, prior to May 2, existed in the commenting platforms utilized by most of its services, including travel, food, tech, security, news, TV, music, shopping and weather.

An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May. An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May.

The vulnerability – which could enable information theft by simply posting a piece of code into the comments sections of the aforementioned Yahoo websites – was discovered by Behrouz Sadeghipour, an independent researcher known for hunting down bugs in popular services.

“An attacker could inject a malicious script, which could be used to obtain session tokens, cookies and other sensitive information stored in the users’ browser that is associated with Yahoo,” Satnam Narang, a Symantec researcher familiar with XSS flaws, told on Monday.

In a Friday post containing proof-of-concept videos, Sadeghipour is shown posting a…

Voir l’article original 192 mots de plus

Historic Global Cybercrime Take Down – BlackShades

Cyber Security News, Information, Tips and Hacks

An FBI-led investigation involving law enforcement agencies in 17 countries has led to one of the biggest cyber crime busts in recent history.

On Monday, officials charged nearly 100 individuals around the world, who were arrested over the weekend for using or distributing the malicious remote administration tool (RAT) dubbed “BlackShades.”

Lauri Love, a 28-year-old UK man, was arrested at his home Friday. Lauri Love, a 28-year-old UK man, was arrested at his home Friday.

The malware could give an attacker nearly complete control over a compromised machine, including the ability to siphon sensitive data, take screenshots, record video, and meddle with messaging applications and social networks, according toresearchers at Symantec.

The FBI detailed its investigation in criminal complaints filed Monday in Manhattan federal court against five individuals. Cooperation between the European Union’s Judicial Cooperation Unit (EUROJUST) in The Hauge and the European Cybercrime Centre (EC3) at Europol led to a two-day operation involving 359 home raids carried…

Voir l’article original 626 mots de plus

The Ideal Partner for Business Continuity Consultancy

Intrusion Detection System | Real-Time Adaptive Security

Today, websites have come to play a greater role in the success of brands. They are no longer a tool to reach out to a larger audience or popularize the services; websites have become the face of the brands. In most cases, the websites are the first contact point with customers and thus it is important that you keep them secured. Lack of Web Security can hamper critical business relationships and thus most companies now take security very seriously.


Get comprehensive web security from the leader

With advancement in technology, the nature of security threats has changed form. Other than infecting sites with malware to spread them further, the hackers steal customer information like names and email addresses for malicious practices. Stealing credit card information is also very common. Hackers also try to hijack sites and crash them. When implementing web security, a company has to keep in mind…

Voir l’article original 123 mots de plus

Wireless Networking Challenges

Heath Freel's BLOG

Not too many people are plugging their laptop into an ethernet cable anymore. In fact, just about everyone in our office relies on wireless for their connectivity. In the past, wireless was too slow and somewhat unreliable, but it has come a long way and the convenience of not having to plug in far outweighs the performance impact if any.

Coverage is obviously one of the key elements for a good wireless deployment. It needs to work in your office, in the boardroom, in the lunch room and maybe even at the picnic table just outside your building. Ideally it should work anywhere your phone, tablet or laptop goes.

What gets missed quite often is planning for capacity. Coverage ensures there is a signal, but each access point can only service so many clients before it becomes slow, unresponsive and ultimately useless. It is also important to understand the applications…

Voir l’article original 510 mots de plus

Different bandwidth per IP address on cisco router


The goal is next, we have two users in the same network who must have different bandwidth per IP address.

User-1 has IP address and 10 Mbit/s bandwidth to outside networks.

User-1 has IP address and 5 Mbit/s bandwidth to outside networks.

Network topology is present below:

Speed-limit per IP (policy)

We will do it with policy-map on Cisco router

First of all, we should create ACL to filter our user in upload and download directions:

ip access-list extended CLT=11_DOWNstreem
permit ip any host
ip access-list extended CLT=11_UPstream
permit ip host any
ip access-list extended CLT=13_DOWNstreem
permit ip any host
ip access-list extended CLT=13_UPstream
permit ip host any

Now, we create class-map that will be match user’s packets by our ACL:

class-map match-all CLT=11_UPstreem
match access-group name CLT=11_UPstream
class-map match-all CLT=11_DOWNstreem
match access-group name CLT=11_DOWNstreem
class-map match-all CLT=13_UPstreem
match access-group name CLT=13_UPstream
class-map match-all CLT=13_DOWNstreem

Voir l’article original 155 mots de plus

Let’s play with a NetFlow


I like to open my blogs with a scenario. That way the problem is much more easy to cope with. Today’s problem is this: we have a server that gets hit with some traffic from the Internet. We want to know what kind of traffic and to collect some data for investigation. Here is the diagram:

NetFlow Diagram

The router in the middle is Cisco router, of course 🙂

In order to see the traffic between two hosts going through the router, we could debug ip packets. Often a very bad idea! We could try to narrow debugging a little bit with access lists, but still… I had a situation with ACL controlled debugs that almost crashed a router. A bug perhaps.

Another way of doing this is a NetFlow. This is very powerful tool for gathering network statistics and detecting problems. We will do this two way. The first way introduces…

Voir l’article original 848 mots de plus