Library Hackers Unite!

Java Zero Day Exploit Coming Soon To a Browser Near You

Posted on January 10, 2013 by Joe Atzberger

Automated hacking tools are already equipped to exploit this one:

http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/

Despite it still being common practice for thicker web apps, Java in browser remains a big problem for security. Consider disabling or uninstalling your browsers’ Java if you don’t positively need it.

New Rails SQL Injection Vulnerability Uncovered

Posted on January 2, 2013 by Joe Atzberger

A new SQL-injection vulnerability for the new year, this time in an otherwise common and innocuous-looking part of Ruby on Rails’ ActiveRecord:

Post.find_by_id(params[:id])

It is disappointing that the default ORM in Rails cannot yet safely query by identifier, a task made trivial by pre-compiled DBI queries using placeholders, or in this case, a single placeholder!

Check the original post for workaround.

Barnes & Noble P.O.S. Hacked

Posted on October 24, 2012 by Joe Atzberger

The likelihood of code exploit on a device as specialized as the PIN/signature pads is small relative to the networked general purpose point of sale systems they interface with. Look for more info to emerge on this one:

http://nj1015.com/barnes-and-noble-pin-pads-hacked-in-nine-states/

For now, B&N retail customers should watch their statements.

News and tips from the dark basements

Java Zero Day Exploit Coming Soon To a Browser Near You

New Rails SQL Injection Vulnerability Uncovered

Barnes & Noble P.O.S. Hacked

Interesting Things

Blogroll

Categories

Archives