Pages

Monday, February 16, 2015

The research: Mobile Internet traffic hijacking via GTP and GRX

Most users assume that mobile network access is much safer because a big mobile-telecoms provider will protect subscribers. Unfortunately, as practice shows, mobile Internet is a great opportunity for the attacker.


Positive Technologies experts have detected vulnerabilities in the infrastructure of mobile networks, allowing an attacker to intercept unencrypted GPRS traffic, spoof the data, block the Internet access, and determine the subscriber's location. Not only cell phones are exposed to threats, but also special devices connected to 2G/3G/4G networks via modems: ATM machines and payment terminals, remote transport and industrial equipment control systems, telemetry and monitoring tools, etc.

Friday, February 6, 2015

How to Protect Yourself From an IE Zero-day Vulnerability That is Threatening Your Website

A new, previously unknown cross-site scripting vulnerability in Microsoft Internet Explorer, which lets remote users bypass the same-origin policy and inject arbitrary JavaScript into HTML pages, was revealed yesterday by deusen.co.uk.

Researchers from deusen.co.uk published sample exploit code to demonstrate how to hack dailymail.co.uk — Great Britain’s  leading online daily newspaper.  A specially formed link takes users to dailymail.co.uk, followed by the message “Hacked by Deusen”.


Message on dailymail.co.uk website