~sneak

I'd like to share some (new??!.. I don't think so :P) XSS vectors. I found them playing with html5...
For info: references.

[# 4,6,7,8 need user interaction]

Firefox 3.6.6: # 1 2 4 5 6 7 8 9
Opera 10.60: # 1 2 4 5 6 7 8 [1, 5 return 2 alert windows!]
Chrome 5.0.375.99: # 1 4 6 7 8 9
Opera Mobile 10: # 1 2 3 4 5 6 7 8 9 [1, 5 return 2 alert windows!]

References:
- HTML5 Security Cheatsheet
- Hackvertor

Via: Online Schools

Is this a dramatic situation?! People should use safer operating system and browsers to solve some problems... (no IE, no win please..)

Take a look @ History of hacking for a nice "paper"..
It's a very interesting report, but from what he says, it seems that all hackers are criminals.. how sad..

Ciao ragazzi, ho deciso di modificare lo script precedentemente proposto aggiungendo nuove feature piuttosto funzionali. Da notare quindi:

• Logrotate function -> invio "periodico" del file di log all'email dell'amministratore e contemporaneo reset del file di log principale [access.log]. Verrà comunque mantenuto sul server un backup del file di log [accessDataOra.log], per ovviare ad eventuali problemi in fase di invio della mail stessa;
• Country identification based on IP address -> script basato su http://www.phptutorial.info/iptocountry/the_script.html, il quale utilizza il database fornito da software77.net;
• Pie charts -> realizzazione di grafici a torta mediante Google Chart Tools.

File utili:

• l0gg3r.php (contiene le funzioni necessarie al logging)
• list.php (lista formattata del file di log)
• stats.php (statistiche e grafici a torta)

Si raccomanda di modificare le righe 40,41 del file l0gg3r.php, in modo da indicare l'email cui inviare il file di log:

 ...
 $to = "admin@yoursite.com"; 
 $site_name = "www.yoursite.com";
 ...

Hello guys, I decided to modify the previously proposed script adding new functional features. See the list below:

• Logrotate function -> "periodic" log file sending to the admin mail address and main log file reset [access.log]. A backup log file will be maintained on the server [accessDateTime.Log] to avoid data loss if the mail sending fails;
• Country identification based on IP address -> script based on http://www.phptutorial.info/iptocountry/the_script.html, which uses the database provided by software77.net;
• Pie charts -> pie charts using Google Chart Tools.

Useful files:

• l0gg3r.php (it contains the functions needed for logging)
• list.php (log file formatted list)
• stats.php (statistics and pie charts)

It is recommended to change the lines 40,41of the file l0gg3r.php, to indicate the admin mail address:

 ...
 $to = "admin@yoursite.com"; 
 $site_name = "www.yoursite.com";
 ...

Download Source Code:

php_l0gg3r_0.2.2.tar.gz

stats.php (output example)

list.php (output example)

(Icon by dimpoart)

Ciao ragazzi, se vi può interessare è uscito un mio articolo che riguarda il mondo mobile sulla rivista Hakin9, versione in inglese. Per informazioni a riguardo, Mobile Exploitation.

Di cosa si parla?? Esso tratta l'eventualità di utilizzare un dispositivo mobile come hacking tool, mostrando anzitutto i fondamenti del mobile web ed in secondo luogo tutta una serie scenari di attacco. Inoltre si fa ampio riferimento alla privacy evidenziando un esempio carino di spoofing.
Qualora avesse intenzione di leggerlo, è necessario acquistarlo online (mail a customer_service@hakin9.org o subscription_support@software.com.pl) o avere un abbonamento alla rivista (info).

Hello guys, my article about the mobile web has been pubblished on Hakin9 magazine, English version. For informations you can see here: Mobile Exploitation.

What's it about?? It concerns the possibility of using a mobile device as a hacking tool, showing first the basics of mobile web, and secondly, a range of attack scenarios. Furthermore, it makes an extensive reference to privacy, highlighting a nice spoofing example.
If you were going to read it, you must buy it online (email to customer_service@hakin9.org or to subscription_support@software.com.pl) or have a subscription (info).
You can also find this issue in: Barnes & Noble, Borders, B. Dalton, Microcentre.

Informazioni necessarie: Möbius strip | How to make it | Surface

Graffito che ho fotografato l'estate scorsa (2009) a Praga (Repubblica Ceca) :P - Ingrandisci la foto

Moebius Strip II 1963 - M.C.Escher