Archive for the ‘Remote Exploits’ Category


1. Secure your WIFI connection

secure your digital life from hackersHome users are particularly prone to leaving their routers open without passwords, in order to make sure that you’re protected check your router settings to verify whether encryption is turned on or not. leaving access unencrypted can be just a minor issue of bandwidth being stolen by unauthorized users freeloading off your connection to more serious cybercrimes like credit card fraud or hacking taking place using your internet connection, which may be traced back to you.

The majority of routers support encrypted connections, support either WEP or WPA/WPA2, always opt for WPA/WPA2 as it’s far more secure. If you have the option hide SSID broadcast, turn that on as well, it basically allows you to make your wireless router invisible to outsiders and they need to know your SSID to access the network.

2. Encrypt your hard drive

secure your digital life from hackersIt’s important to keep your data secure in case of loss of hardware or even theft. An encrypted hard drive basically prevents its contents from being access without the password. It is obviously more important to encrypt thumb drives and laptop drives. Windows 7 Ultimate and Business editions come with a built in hard drive functionality using a software called BitLocker which will encrypt your entire hard drive, but users with Home Premium or Basic users shouldn’t feel left out as there is a free way to encrypt your hard drive using trucrypt.

Mac users can use FileVault to encrypt their folders, and OSX Lion will allow you to encrypt your entire hard drive as well.You can also get hardware encryption which will use fingerprint recognition to unlock data inside the drive like the Lacie Rugged Safe.

3. Keep your software updated

secure your digital life from hackersIt’s a given that you need to keep your operating system, antivirus and web browser up to date in order to protect yourself from exploits, and if you haven’t got automatic update turned on for them, you should do it now.

However a lot of users often overlook other software such as Acrobat Reader, Flash, Java and iTunes when it comes to keeping software updated. It’s important to realize that many of these applications have direct access to the operating system, and an exploit in these applications can be used as a gateway into your system files. Flash and Acrobat are used heavily with web browsers which is the number one source of malware infections.

4. Upgrade your antivirus suite.

secure your digital life from hackersIt’s as important to keep your virus suite updated as much as it is to keep your virus definitions updated. The reason for this is because antivirus software evolve in the way they deal with malware, such as introducing heuristic technologies which identify common traits of viruses, the way they interact with the system and actively block these scripts. This is why having an outdated antivirus software, despite updated virus definitions may not provide the best possible protection. If you’re using an older version of antivirus software you may entitled to discounted upgrades to newer versions.

5. Secure your smartphones

secure your digital life from hackersMany people completely overlook this fact, but smartphones are essentially mini computers which hold swathes of personal information about you. They often hold logins to your facebook/twitter accounts which are set on auto login, online banking and other financial information as well as access to email. If someone gets hold of all these details it can cause a lot of stress and havoc to your life.

It’s vital to keep your devices with password lock activated, additionally you should take some precautionary measures in case you lose your device.

Apple has a very cool security software called Find my iPhone which is a free app by Apple, which lets you track your phone by GPS, lock and remotely delete data from it. You can even use it just to locate your iPhone if you misplace it, causing it to sound an alarm.

For Android users it’s important to stay protected, smartphones are just as vulnerable to viruses as a PC, although the android platform is more prone to them than apple due to the open platform nature of the former. Android phones require antivirus protection, all the popular desktop antivirus brands offer android support as well.

The app store is less prone to malware due to the fact that all apps are vetted by Apple before publishing, although if you’ve jail broken your iPhone, antivirus protection may be something you need to look at.

6. Vet web page links using a link checker

Cyber criminals are using sophisticated strategies to drive users onto their web pages, increasingly innocent websites are being targeted using exploits to find security holes to hack and implant code on them which can launch JavaScript applications and infect computers when users visit the infected site. Link checkers scan links on your search results and optionally other websites and indicate whether links are safe, websites are scanned by their own servers so it does not impair your computer performance. Link checkers are available with most anti malware security suites such as with AVG, McAfee and Symantec.

7. Laptop Security for mobile workers

secure your digital life from hackersLaptops thefts are common, and are easy targets due to their transportable nature. If you work away from your office it’s important to invest in a Kensington Lock. While a lock won’t prevent trained thieves armed with cable cutters, it will prevent opportunistic thieves which is the overwhelming majority of laptop thefts.

It’s also important to keep prying eyes away from your data, always password protect your login, and when leaving your laptop unattended, using the screen lock feature in Windows to prevent unauthorized users from looking at or accessing your information.

If you work with particularly sensitive data a privacy screen may provide an added level of protection, the screen is only viewable to the person sitting directly in front, so people sitting around you cannot look at your screen. Targus and 3M are well known for producing privacy screens for all manner of monitor sizes.

8. HTTPS encryption for websites

secure your digital life from hackersMost people are well informed with the necessity of using https secure connections with online shopping when entering sensitive personal information. However, it can be argued that websites like facebook, twitter, gmail and others hold equally sensitive information about you.

Did you know you can elect to use https secure connections on these websites? For case by case uses, you can insert a ‘s’ after the http on the web address, if there isn’t one already to access the site securely. However if you want to access the sites securely every time you visit, you can login select the option to always use https in the profile settings.

9. Use online backup to keep an offsite storage of your files.

secure your digital life from hackersA great way for mobile workers to keep data kept safe and secure while on the move is to use online backup, this provides great peace of mind if your computer gets lost, as it allows you to recover your files from the cloud. Online backup services like Sugar Sync also provide users with high level synchronization features which can be used as a great time management tool as well, as it keeps data across all your computers consistent and up to date. You can look up various online backup reviews here to compare their features and read up user reviews.

10. Avoid public wifi and public computers.

Using public computers can be incredibly risky as malware and key loggers can be installed to track your keystrokes and cached files in order to gain access to your private information.

secure your digital life from hackersAdditionally, public wifi connections can be risky as the servers can be breached with malware additionally phantom hotspots can be set up which appear like legitimate hotspots, but are actually other ordinary laptops which act as a middleman eavesdropping into the connection.

An example on how cached data can be hijacked to login to your web accounts can be demonstrated using FireSheep.

Thankfully mobile 3G internet connections are becoming more affordable, and are often faster than public wifi hotspots. 3G connections are far more secure, additionally you may be able to tether your Smartphone internet connection to work on your laptop. I hope this article helped you all for sure. And do follow these above 10 steps and secure your digital life from hackers.

Advertisements

Remote Exploits
Date D A V Description Plat. Author
2011-01-19 Exploit Code Downloads – Verified Novell iPrint <= 5.52 ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256) 85 windows Dr_IDE
2011-01-14 Exploit Code Downloads – Waiting verification Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution 207 windows Sean de Regge
2011-01-12 Exploit Code Downloads – Verified MS11-002: Microsoft Data Access Components Vulnerability 285 windows Peter Vreugdenhil
2011-01-10 Exploit Code Downloads – Verified MS10-081: Windows Common Control Library (Comctl32) Heap Overflow 338 windows Nephi Johnson
2011-01-09 Exploit Code Downloads – Verified KingView 6.5.3 SCADA HMI Heap Overflow PoC 466 windows Dillon Beresford
2011-01-08 Exploit Code Downloads Download Vulnerable Application Verified NetSupport Manager Agent Remote Buffer Overflow 426 multiple ikki
2011-01-01 Exploit Code Downloads Download Vulnerable Application Verified HP Photo Creative 2.x audio.Record.1 ActiveX Control Remote Stack Based Buffer Overflow 634 windows rgod
Local Exploits
Date D A V Description Plat. Author
2011-01-19 Exploit Code Downloads Download Vulnerable Application Waiting verification ALZip 8.12.0.3 Buffer Overflow (SEH) 116 windows C4SS!0 G0M3S
2011-01-18 Exploit Code Downloads Download Vulnerable Application Verified A-PDF All to MP3 Converter 2.0.0 (.wav) Buffer Overflow Exploit 81 windows h1ch4m
2011-01-15 Exploit Code Downloads Download Vulnerable Application Verified eXtremeMP3 Player Buffer Overflow (SEH) 135 windows C4SS!0 G0M3S
2011-01-13 Exploit Code Downloads – Verified MS10-073: Win32k Keyboard Layout Vulnerability 321 windows Ruben Santamarta
2011-01-11 Exploit Code Downloads – Verified Nokia Multimedia Player 1.0 SEH Unicode Exploit 176 windows Carlos Mario Pena.
2011-01-11 Exploit Code Downloads – Waiting verification Mono/Moonlight Generic Type Argument Local Privilege Escalation 153 linux Chris Howie
2011-01-11 Exploit Code Downloads – Waiting verification DriveCrypt <= 5.3 Local Kernel ring0 SYSTEM Exploit 168 windows mu-b
Web Applications
Date D A V Description Plat. Author
2011-01-20 Exploit Code Downloads – Verified PHP Lowbids viewfaqs.php Blind SQL Injection Vulnerability 68 php BorN To K!LL
2011-01-20 Exploit Code Downloads – Verified Phpcms 2008 SQL Injection Vulnerability 100 php R3d-D3v!L
2011-01-19 Exploit Code Downloads – Verified PHP auctions (viewfaqs.php) Blind SQL Injection Vulnerability 92 php BorN To K!LL
2011-01-19 Exploit Code Downloads Download Vulnerable Application Waiting verification Simploo CMS 1.7.1 PHP Code Execution 78 php David Vieira-Kurz
2011-01-18 Exploit Code Downloads Download Vulnerable Application Waiting verification N-13 News 3.4 Remote Admin Add CSRF Exploit 67 php anT!-Tr0J4n
2011-01-18 Exploit Code Downloads Download Vulnerable Application Waiting verification CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability 92 php felix
2011-01-18 Exploit Code Downloads – Verified allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability 99 php Salvatore Fresta
DoS/PoC
Date D A V Description Plat. Author
2011-01-21 Exploit Code Downloads – Verified Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption 13 windows Luigi Auriemma
2011-01-21 Exploit Code Downloads – Waiting verification Panda Global Protection 2010 local Dos 15 windows Heurs
2011-01-21 Exploit Code Downloads – Waiting verification Panda Global Protection 2010 local Dos (unfiltered wcscpy()) 10 windows Heurs
2011-01-21 Exploit Code Downloads Download Vulnerable Application Waiting verification Look n stop 0day Local Dos 12 windows Heurs
2011-01-18 Exploit Code Downloads – Waiting verification Google Chrome v8.0.552.237 address overflow DoS 85 windows Vuk Ivanovic
2011-01-16 Exploit Code Downloads – Verified ActiveX UserManager 2.03 Buffer Overflow 101 windows Blake
2011-01-16 Exploit Code Downloads – Waiting verification Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode DoS Exploit 74 windows MJ0011
Shellcode
Date D Description Plat. Author
2011-01-21 Exploit Code Downloads BSD x86 portbind + fork shellcode (111 bytes) 6 bsd/x86 Tosh
2011-01-21 Exploit Code Downloads BSD x86 connect back Shellcode (81 bytes) 11 bsd/x86 Tosh
2010-12-31 Exploit Code Downloads w32-speaking-shellcode 627 windows SkyLined
2010-12-09 Exploit Code Downloads Create a New User with UID 0 – ARM (Meta) 1815 arm Jonathan Salwan
2010-11-25 Exploit Code Downloads OSX/Intel – setuid shell x86_64 – 51 bytes 1892 osX Dustin Schultz
2010-11-25 Exploit Code Downloads Linux/ARM – add root user with password – 151 bytes 2431 arm Jonathan Salwan
2010-10-26 Exploit Code Downloads ARM ifconfig eth0 and Assign Address 2551 arm Daniel Godas-Lope.
Papers
Date D Description Author
2011-01-17 Exploit Code Downloads The Abuse of ASSOC Explained Mi4night
2011-01-17 Exploit Code Downloads Web Application Vulnerabilities in Context of Browser Extensions Taras Ivashchenko
2011-01-14 Exploit Code Downloads Session Hijacking Basic Filipe Barros
2011-01-12 Exploit Code Downloads Exploiting the otherwise non-exploitable Matthew Jurczyk a.
2011-01-12 Exploit Code Downloads Heap Overflow For Humans – 101 mr_me
2011-01-12 Exploit Code Downloads Go Null Yourself E-Zine #3 storm
2011-01-12 Exploit Code Downloads Go Null Yourself E-Zine #2 storm Wired4Geeks


Date D A V Description Plat. Author
2011-01-14 Exploit Code Downloads Waiting verification Real Networks RealPlayer SP ‘RecordClip’ Method Remote Code Execution 106 windows Sean de Regge
2011-01-12 Exploit Code Downloads Verified MS11-002: Microsoft Data Access Components Vulnerability 181 windows Peter Vreugdenhil
2011-01-10 Exploit Code Downloads Verified MS10-081: Windows Common Control Library (Comctl32) Heap Overflow 243 windows Nephi Johnson
2011-01-09 Exploit Code Downloads Verified KingView 6.5.3 SCADA HMI Heap Overflow PoC 389 windows Dillon Beresford
2011-01-08 Exploit Code Downloads Download Vulnerable Application Verified NetSupport Manager Agent Remote Buffer Overflow 354 multiple ikki
2011-01-01 Exploit Code Downloads Download Vulnerable Application Verified HP Photo Creative 2.x audio.Record.1 ActiveX Control Remote Stack Based Buffer Overflow 571 windows rgod
2010-12-30 Exploit Code Downloads Waiting verification CA ARCserve D2D r15 Web Service Servlet Code Execution 384 windows rgod
2010-12-30 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server Arbitrary (src .php) File Download 420 windows Pr0T3cT10n
2010-12-30 Exploit Code Downloads Download Vulnerable Application Waiting verification Chilkat Software FTP2 ActiveX Component Remote Code Execution 298 windows rgod
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server 1.9.1 Directory Traversal 336 windows John Leitch
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified httpdASM 0.92 Directory Traversal 234 windows John Leitch
2010-12-29 Exploit Code Downloads Verified DD-WRT Information Disclosure Vulnerability 384 hardware Craig Heffner
2010-12-26 Exploit Code Downloads Download Vulnerable Application Verified Kolibri v2.0 Buffer Overflow RET + SEH exploit (HEAD) 1591 windows TheLeader
2010-12-22 Exploit Code Downloads Download Vulnerable Application Verified WMITools ActiveX Remote Command Execution Exploit 0day 1418 windows WooYun
2010-12-22 Exploit Code Downloads Verified Citrix Access Gateway Command Injection Vulnerability 1120 linux George D. Gal
2010-12-21 Exploit Code Downloads Waiting verification Ecava IntegraXor 3.6.4000.0 Directory Traversal 444 windows Luigi Auriemma
2010-12-15 Exploit Code Downloads Verified Internet Explorer 8 CSS Parser Exploit 4036 windows Nephi Johnson
2010-12-14 Exploit Code Downloads Verified Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll) 0-day 888 windows Dr_IDE
2010-12-11 Exploit Code Downloads Verified Exim 4.63 Remote Root Exploit 2997 linux Kingcope
2010-12-10 Exploit Code Downloads Verified LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD 1278 freebsd Kingcope
2010-12-09 Exploit Code Downloads Waiting verification VMware Tools update OS Command Injection 1587 multiple Nahuel Grisolia
2010-12-05 Exploit Code Downloads Download Vulnerable Application Verified Freefloat FTP Server Buffer Overflow Vulnerability 0day 1722 windows 0v3r
2010-12-03 Exploit Code Downloads Verified Image Viewer CP Gold 6 ActiveX TifMergeMultiFiles() Buffer Overflow 876 windows Dr_IDE
2010-12-03 Exploit Code Downloads Verified iFTPStorage for iPhone / iPod touch <= 1.3 – Directory Traversal 892 hardware XEL
2010-12-02 Exploit Code Downloads Download Vulnerable Application Verified ProFTPD 1.3.3c compromised source remote root Trojan 2727 linux anonymous