Infosec Weekly Round-up June 17 – 24 , 2012

Hacker claims breach of 79 banks, releases customer data

“A hacker claiming to have broken into networks of dozens of banks and stolen customer data, has released as proof a file that contains names, addresses, e-mail addresses, and phone numbers in plain text, but no credit card numbers.”

http://news.cnet.com/8301-1009_3-57455693-83/hacker-claims-breach-of-79-banks-releases-customer-data/

XSS: Gaining access to HttpOnly Cookie in 2012

Soon after the popularity of XST, the TRACE method has been disabled by most web servers.  Later, browsers’ implementation of XMLHttpRequest also blocked “TRACE” method (i.e. xmlhttp.open(‘TRACE’, url, true)].  Later, a flawed implementation in Firefox’s XMLHttpRequest which can be used to access set-cookie response header was fixed.  

http://seckb.yehg.net/2012/06/xss-gaining-access-to-httponly-cookie.html

Getting root on a Sony TV

“The Sony Bravia series of HDTVs are a great piece of kit; they’re nice displays that usually have enough inputs for the craziest home theatre setups. These TVs also run Linux, but until now we haven’t seen anything that capitalizes on the fact these displays are wall-mounted Linux boxen. [Sam] sent in an exploit to root any Bravia TV – hopefully the first step towards replacing our home media server.”

http://hackaday.com/2012/06/20/getting-root-on-a-sony-tv/

AV Bypass for Malicious PDFs Using XDP

“Earlier today I was passed an interesting PDF sample that wasn’t a proper PDF, but instead an XDP. Running the file resulted in Adobe Reader starting up and successfully exploiting my machine. The dropped files were really nothing interesting, but the method in which the file was created was due to the limited detection.” 

http://blog.9bplus.com/av-bypass-for-malicious-pdfs-using-xdp

Anonymous Hackers shut down website of Colombia Justice Ministry

“Anonymous Hackers shut down website of Colombia Justice Ministry Anonymous hackers shut down the websites of Colombia’s Justice Ministry website on Friday evening.”

http://thehackernews.com/2012/06/anonymous-hackers-shut-down-website-of.html

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share
  • jennifer john

    Yup the method has been disabled by more web servers.