blog trackingRealtime Web Statistics Online Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Online’

Yahoo might be releasing an online video platform

Yahoo’s planning to launch an online video platform in the upcoming months. It intends to fill that online video platform with same faces and professionally made clips but the thing is HOW ? They’ll be doing by poaching some of the biggest stars of Youtube , according to Recode. Yahoo is offering them large guaranteed rates for the videos. Yahoo even promised them extensive marketing  and a chance to promote their videos by putting them on Yahoo’s well trafficked home-page.

Yahoo’s video service would not be open to everyone as Recode is saying that it will be not like Youtube which allows everyone to upload videos, The websites source claims that Yahoo might develop its own content management system or acquire some existing online video platforms like Vimeo , Dailymotion etc to make service available to more people. However , Yahoo won’t be able to beat YouTube as almost 70-75% of people around the world use YouTube daily and many of them use YouTube to learn something as YouTube is full of different kind of tutorials related to programming even.

Still , Its not sure that will Yahoo be able to beat YouTube or not as both companies are well trafficked and famous but still if we look at popularity , YouTube is more famous then Yahoo as we can see that YouTube is on the rank 3 all around the world and Yahoo is on rank 4 all around the world. Well , We’re not confirm that the upcoming video platform by Yahoo would be end-to-end secure and we’re not sure If yahoo would sell our data / documents to NSA as Microsoft did as we saw some invoices between Microsoft and FBI leaked by SEA.

View full post on Who Got Hacked – Latest Hacking News and Security Updates

EDGE Innovation Network opens online portal for quick access to off-the-shelf solutions for DHS

Top Priority Sector:  disaster_preparedness_emergency_response The DHS’s Science and Technology Directorate will use the Knowledge Management System (KMS) from Scottsdale, AZ-based

View full post on The Cyber Wars

OpenCart highly Vulnerable, Thousands of online shops at high risk

An independent Pakistani cyber security expert Sadat Ullah from Karachi who is previously well known for finding programming flaws in WHMCS , MyBB , Clicksharepro, iscripts, Playsms and many other have recently found a new flaw in OpenCart CMS which is widely used by online shopping stores and the customers data within these online websites have millions of credit card and other financial details.
however Sadat Ullah have submitted 0day to exploit-db and packetstorm.

Details:-

# Exploit Title     : OpenCart <= 1.5.6.1 SQL Injection
# Date              : 2014/3/26
# Exploit Author    : Saadat Ullah , saadi_linux@rocketmail.com
# Software Link     : http://www.opencart.com/index.php?route=download/download
                    : https://github.com/opencart
# Software web      : www.opencart.com
# Author HomePage   : http://security-geeks.blogspot.com/
# Tested on: Server : Apache/2.2.15 PHP/5.3.3
 
#Opencart suffers from multipe SQL injection in ebay.php the bug is more about
privilege escalation as attacker may need openbay module access .
 
Poc
Poorly coded file full of SQLi opencart/system/library/ebay.php
In file opencart/system/library/ebay.php
product_id is used in a SQL query without being sanitize.
 
public function getEbayItemId($product_id) {
        $this->log('getEbayItemId() - Product ID: '.$product_id);
 
        $qry = $this->db->query("SELECT `ebay_item_id` FROM `" . DB_PREFIX . "ebay_listing` WHERE `product_id` = '".$product_id."' AND `status` = '1' LIMIT 1");
..............
Function is called on many locations and paramter is passed without santize.
In opencart\admin\controller\openbay\openbay.php
public function editLoad() {
        ...
        $item_id        = $this->openbay->ebay->getEbayItemId($this->request->get['product_id']);
..............
Where $this->request->get['product_id'] comming from GET field.
Similarly More
 
public function isEbayOrder($id) {
        ...
        $qry = $this->db->query("SELECT `comment` FROM `" . DB_PREFIX . "order_history` WHERE `comment` LIKE '[eBay Import:%]' AND `order_id` = '".$id."' LIMIT 1");
 
In opencart\admin\controller\extension\openbay.php
        public function ajaxOrderInfo()
        ...
        if($this->openbay->ebay->isEbayOrder($this->request->get['order_id']) !== false){
..............
More
public function getProductStockLevel($productId, $sku = '') {
        ...
        $qry = $this->db->query("SELECT `quantity`, `status` FROM `" . DB_PREFIX . "product` WHERE `product_id` = '".$productId."' LIMIT 1");
..............
ebay.php has many more..
User should have openbay module access
http://localhost/opencart/admin/index.php?route=openbay/openbay/editLoad&token=5750af85a1d913aded2f6e2128616cb3&product_id=1'
 
#Independent Pakistani Security Researcher

View full post on Who Got Hacked – Latest Hacking News and Security Updates

SAFECode offers free online cybersecurity courses

Ashley Bennett Top Priority Sector:  education_training The Software Assurance Forum for Excellence in Code (SAFECode) is offering free online cybersecurity courses on its Website through its Securing Engineering Training by SAFECode program. It is offering several courses including Product Penetration Testing 101, Cross Site Scripting (XSS) 101, and Secure Java Programming 101. The courses consist of online Webcasts and are available on-demand to view and download. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post SAFECode offers free online cybersecurity courses appeared first on National Cyber Security.

View full post on National Cyber Security

PRIVO and Verizon launch pilot to protect children’s online activities

Top Priority Sector:  access_control_identification McLean, VA-based Privacy Vaults Online (PRIVO), has gathered a team of technology and identity companies and government agencies, including New York City-based Verizon Enterprise Solutions (VES), to create a pilot program aimed at safeguarding children’s online activities and personal information. Read More….

View full post on The Cyber Wars

U.S. Department of State hosts online information session for the Sochi Olympics

Ashley Bennett Top Priority Sector:  military_force_protection U.S. State Department Deputy Spokesperson Marie Harf hosted an online information session via Google Hangouts entitled “Traveling to Support Team USA in Sochi? Read More….

View full post on The Cyber Wars

Data Privacy Day emphasizes importance of cybersecurity and online privacy

Ashley Bennett Top Priority Sector:  it_security Data Privacy Day was held on January 28 and was part of the National Cyber Security Alliance’s (NCSA) efforts to increase the general public’s awareness of privacy and cyber security issues. Read More….

View full post on The Cyber Wars

Hackers ‘compromise’ 16 million German online accounts

Germany’s internet security agency said millions of Germans have had their passwords and usernames for websites stolen, with many of the targeted computers likely being infected with malware. The Federal Office for Online Security (BSI) said the 16 million compromised accounts surfaced as a result of information forwarded to it by law enforcement agencies and
[continue reading...]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Read: The Online Avengers  – How Anonymous hunts rapists and…

Read: The Online Avengers  – How Anonymous hunts rapists and bullies. View full post on Your Anon News Read More….

View full post on The Cyber Wars

Page 1 of 4112345»102030...Last »

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!