Skip to content

{ Category Archives } Web

I Sent You a Spam DM on Twitter

This morning, I received a SPAM direct message on Twitter, and of course, I thought that the person’s account had been somehow compromised, and as usual, I sent a small tweet saying, “Your account has been compromised, you might have to change your password”.  An instant later, I received a tweet from the same person, […]

Tagged , , ,

Blackhole.BN exploit analysis and removal

Yesterday, a friend told me that a website we know had be infected by the blackhole exploit kit, and showed me a screen capture of his antivirus disallowing the access to the page. I immediately decided to open a virtual machine, and load the website to have a closer look. The paged didn’t looked suspicious […]

Tagged , , , ,

Infinite Loop with Dashlane

Today I ran into my first problem using Dashlane,  do you remember this post where I said : “Guys you should use Dashlane because it’s awesome, especially in case of a password leak” ? I remember it well ! and I believe that Dashlane is an awesome tool to “avoid” your  passwords to be leaked. However […]

Tagged , , ,

Facebook HOAX [Phone Numbers Have Names]

Today I have seen a few people on my news feed talking about  : “Your Phone Number has a Name on Facebook“, as I am a curious person I wondered what the fuzz was all about and read the small image til the end. 1) enter @ followed by [ then a 3 digit number followed […]

XSS in the iOS Facebook App

A few months ago, I found an XSS on the iOS mobile Facebook app, and contacted facebook about the flaw via their white hat page, unfortunately for me, I wasn’t eligible for anything because the flaw had already been reported (guys, even t-shirt would have been fun). Since the iOS mobile app had to be updated, I decided […]

Tagged , , , ,

PlainText Passwords at HMV

Today I received a mail from HMV telling me that my two years old points where going to expire, and that’s how I decided to log in on the website and spend them. Unfortunately I did not remember my password and clicked directly on the button “password reminder”.  A few minutes later, I received an e-mail […]

Tagged , , ,

Password Leaks and Password Managers

These last months have been very busy in password leaks, LinkedIn, Last FM, Yahoo, Le Figaro, PhAndroid, and finally today, I received an e-mail from Nvidia. After the Sony PS3 Network leak, I thought that I should use a secure password manager online, first because I ran out of passwords, then because I couldn’t memorize […]

Tagged , , , , , ,

“Hacking” Friends Hotmail’s Accounts

There are a few existing ways of hacking an hotmail account, such as brute-force, or the secrete answer/question, but today I(and friends) found another “way” of doing it (that I never heard before) Long story short : To make it work, the hacker needs to know the “save” e-mail address, and hope, this address has […]

Tagged , , , ,

Patch WordPress UserName Disclosure

This 26 may, a researcher (Veronica Valero of Talsoft S.R.L.) posted  a security threat  affecting  WordPress blogs on Direct Object Reference. A reply posted by “Zerial” on the mailing list explained another vulnerability on WordPress. It is possible via a simple test on the login box to know if a username is  used on a […]

FaceBook worm quick and dirty review

Introduction: Facebook is very popular among the world, and loads of “hackers”/ “script kiddies”  would like to send messages to your contacts for fun and profit. In this little quick and dirty review I will briefly analyse a worm that spreads on Facebook. Analyse: A few minutes ago, I was invited by a friend to […]

Tagged , , , ,