Notepad++ hacked by LizardSquad

Today, the famous hacker crew “Chameleon Liberty”, also known as #LizardSquad, hacked the Notepad++ website to demonstrate the power of Lizards and Chameleons. The lizard-chameleons demand a list of claims: Here are our claims: Remove Chameleon logo from your shitty product Release all domestic Chameleons Stop exploiting Chameleons in the movies even if they are…

The golden age of Zero Day exploits 2015

The golden age of 0day exploits. I feel like back in the 90’s. #tbt — Dan Wendler (@DanFromGermany) February 5, 2015 It’s plain hilarious. Just a smart list of what’s going on at the moment. Adobe Flashplayer (01/2015) Yet another WordPress Plugin (FancyBox, 01 / 2015) As usual: Internet Explorer 11 (01 / 2015) 2…

WebRTC deanonymizing Tor / VPN / Proxy users

  Software engineer Daniel Roesler recently discovered how the WebRTC implementation in Mozilla Firefox and Chrome expose your real WAN IP to the website you visit (deanonymizing). The Tor Browser Bundle does currently block WebRTC by default (or at least the demo doesn’t work). When I use Tor through the normal Firefox / Chrome, my real IP is…

How to enable click2play in Chrome

SECURITY ALERT: There are TWO active 0days against Flash in the wild. The latest Flash update only fixes one of them. Set Flash click2play. — InfoSec Taylor Swift (@SwiftOnSecurity) January 22, 2015   A lot of malware and viruses infect your computer through browser plugins. As of today, there are two critical holes in the…

Download 1800 Minecraft Accounts

I have found the list of leaked Minecraft accounts everybody’s talking about, download the three lists here to see whether your account got hacked: http://bit.ly/1CMA9NP (1.8k) (click the first result of the search in the link) http://bit.ly/1kGCEI9 (9k) http://bit.ly/1CMCgBk (4k)   I am not responsible for the contents of the linked file, nor for what you do with it. As…

Let's Encrypt - free, automated, open

Free, reliable, automated HTTPS certificates

Let’s Encrypt is a community-driven effort, so please consider helping out. Our code and protocol specs are available on GitHub. Remember, Let’s Encrypt isn’t operational yet. For now, these programs are only intended for development and testing. Stay tuned for more as we get closer to launching the CA in Q2 2015. Protocol The Let’s Encrypt CA talks…

A message from Edward Snowden

“One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives — no matter how innocent or ordinary those lives might be. Today, we can begin the work of effectively shutting down the collection of our online communications, even if the…

Skype for Android still logged in after logout

Skype for Android did never work very well but recently I discovered a really annoying bug: After logging out of Skype, I closed the App in the Appmanager and still receive push messages sent to my account. Most recent version from 18th of March 2014. Bugs known since summer ’13 are still not fixed.

Examine the Skype protocol: under the hood

How does Skype communicate, how does the protocol work? A very nice paper about the communication of Skype, use cases for abusing the network as a botnet, worms, techniques. Everything you need to code your own client (or bot), details about the protocol, a working Python library, … Paper by the Sans Institute. http://www.sans.org/reading-room/whitepapers/covert/skype-data-exfiltration-34560 (PDF)