Yara Rule for CVE-2010-1885

June 11th, 2010 xanda 3 comments
rule HelpSupportCenter
{
   meta:  
      ref = "CVE-2010-1885"
      hide = true
      impact = 5 
   strings:
      $cve20101885 = /hcp:\/\/.*?(%u?[A-F]{1,4}.*?){90}/
   condition:
       all of them
}

257 Israel Websites Defaced

June 2nd, 2010 xanda 8 comments

Total notifications: 257 of which 81 single ip and 176 mass defacements

Most of them critic the attack of Israel on the Gaza aid ship

Details: Zone-h

*UPDATE*

2nd June: Total notifications: 664 of which 94 single ip and 570 mass defacements

Categories: IT Related Tags: , , , ,

Yara Rule for Safari window.parent.close()

May 8th, 2010 xanda No comments
rule SafariWindowParentClose
{
   meta:
      ref = "Safari window.parent.close()"
      impact = 7
   strings:
      $SafariWindowParentClose_1 = /.*?.prompt\(alert\)/
      $SafariWindowParentClose_2 = /.*?.prompt\(.*?\)/
      $SafariWindowParentClose_3 = /.*?.close\(\)/
   condition:
      all of them
}

Safari 0day

May 8th, 2010 xanda 1 comment

I love the smell of Safari 0day in the morning :)

DontPhishMe

April 21st, 2010 xanda 1 comment

DontPhishMe is an anti-phishing addon for Mozilla Firefox that utilizes pattern matching technique to provide the Malaysian Internet user with information and notification to protect them against online banking phishing website that is specifically targeting financial institutions in Malaysia.

[More info HERE]