This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.

This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.



BeGone Money Hack

BeGone is a free online multi-player first person shooter (FPS)  game where each team tries to eliminate the opposing team before time runs out. It's a game which can be played from within a user's browser. After playing this game for a while, I became curious if it would be possible to trick the game achievements. Normally [...]

By | December 16th, 2014|Security|3 Comments

Internet Explorer Arbitrary Code Execution

Today a serious issue was discovered, Internet Explorer Arbitrary Code Execution: While browsing the internet I came across a piece of HTML code that is able to run arbitrary code while using Internet Explorer. This was tested on Windows 8.1 with Internet Explorer 11 on a fully patched system. The video demonstrates the arbitrary code [...]

By | November 13th, 2014|Security|0 Comments

Technicolor TC7200 – Auth Bypass & DoS

One of our members - __jn - reported that the Technicolor TC7200 is vulnerable to an authentication bypass. After some more digging it was also found that the TC7200 is vulnerable to slow HTTP Denial of Service attacks. Authentication Bypass The problem is that the TC7200 allows any internal user to download the unencrypted gateway [...]

By | February 23rd, 2014|Security|0 Comments

NSA: To Protect and Infect (part 2)

The following video is a presentation by Jacob Applebaum at the 30c3, a detailed technical talk about the tools used by the National Security Agency (NSA) and how they protect and infect our systems. The slides of his presentation can be found here.

By | January 3rd, 2014|Security|0 Comments

IE 11 Autocomplete Ignore Workaround

As of Internet Explorer 11, Microsoft decided to ignore the Autocomplete=Off setting. This setting tells the browser not to use the store password option in order to protect the user from saving their username and password on their machine. The reason Microsoft did this, is that they think that the user should be in control. I happen [...]

By | December 17th, 2013|Security|13 Comments
Web Design MymensinghPremium WordPress ThemesWeb Development

Android devices at risk again

August 8, 2015August 8, 2015
Security researchers from Checkpoint revealed new security issues that allow attackers to compromise hundred of million Android devices by a simple text message. The problem resides the way Google’s partners use certificates to sign remote support tools. Certificates are supposed to guarantee the authenticity of applications in order to allow them to access different parts of the Android Operating System. The vulnerabilities in Android allows attackers to clone these certificates and use them in a malicious way. It is possible to send a text message to a phone to force those remote access tools to launch commands. Revoking the cloned certificates is not considered a proper solution as these certificates will no longer be valid for the support tools as well. In order to resolve this issue, the manufacturer partners and carriers are required to work together to update the vulnerable plugins. Among the vulnerable plugins are RSupport, TeamViewer and Communitake.  

FBI Cracks TrueCrypt Password

August 8, 2015
According to recent reporting by South Florida's Sun Sentinel, the FBI has managed to crack a TrueCrypt password in the case of Christopher Glenn. Army counter intelligence expert Gerald Parsons noted that in his estimation, it would have taken "billions" of years to do so by traditional methods with current capabilities. Source:

GHOST: GNU C Library RCE Vulnerability

January 28, 2015January 28, 2015
In more detail, a heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call.

RCE in PolarSSL

January 19, 2015January 19, 2015
Dutch researchers have discovered RCE in PolarSSL. RCE is short for Remote Code Execution, which allows malicious users - in certain cases only  - to run code on the server. When a web server that uses PolarSSL processes an "evil certificate', the attack (Remote Code Execution) can be executed. An example when the attack is possible, is when a server is configured to check for client certificates. In this case the malicious user is not required to have a valid certificate or credentials. Sending a false certificate to the server is sufficient enough to execute the attack. In certain cases it is also found possible to attack users that connect to a web server that uses PolarSSL. The Dutch National Cyber Security Center released this document. The CVE-ID for this vulnerability is: CVE-2015-1182. More information can be found at PolarSSL.

UK: Ban encrypted messaging apps

January 13, 2015January 13, 2015
The British Prime Minister David Cameron is considering to ban encrypted messaging apps like Snapchat, CryptoCat, WhatsApp and Apple’s iMessage if the companies don't give the UK government backdoor access to their encrypted communications. Cameron said the Paris terror attacks outlined the need for greater access on the encrypted communications. In his remarks, the attacks were aimed at messaging apps that encrypt messages to secure users' communications. If he wins the next election and re-elected, he would seek to ban the encrypted communication apps as part of his plans for new surveillance powers. "The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe.", Cameron said. Encryption became a hot topic in the wake of the National Security Agency whistle blower Edward Snowden’s revelations on NSA surveillance. The leaked files revealed that Skype has a backdoor, highlighted a broad online global surveillance of encryption companies. However, messaging companies such as WhatsApp remained committed to keeping their services encrypted so that the communications between their users remain unable to be read by authorities. The Prime Minister didn’t name specific apps that could be subject to the ban but a number of popular messaging apps that use encryption in some or the other form, including Snapchat, WhatsApp, iMessage and FaceTime, should be considered in the list.

XBOX One SDK Leaked

January 3, 2015January 3, 2015
The XBOX One SDK leaked earlier this week by a group that call themselves H4LT. The software development kit (or SDK) for the Xbox One is circulating on the internet. This potentially opens the door for homemade applications and allowing unapproved developers to create homebrew for the system. [caption id="attachment_851" align="alignleft" width="300"]XBOX One SDK Setup XBOX One SDK Setup[/caption]                 [caption id="attachment_850" align="alignleft" width="300"]Install the XBOX One Software Development Kit Install the XBOX One Software Development Kit[/caption]                 H4LT said that there are currently no exploits available which allow a developer to run homebrew code on the XBOX One. By leaking it to the public they hope that someone familiar with the inner workings of Windows 8 will be able to dig through the files and find something interesting in the near future. H4LT quoted: "Once the SDK is out, people who have knowledge or has in the past reversed files related to the Windows (8) operating system should definitely have a go at reversing some files in there," the group added. "Why? Well, the Xbox One is practically a stripped Windows 8 device and has introduced a new package format that hasn't had much attention. This format is responsible for updating the console and storing applications (Games are under the category of 'Applications' on the Xbox One) and is a modification of Virtual Hard Disks."