ush.it - a beautiful place

Bad url redirections (AKA: Many thanks to our partners!)

January 30, 2007 at 1:36 am - Filed under Hacks, Language EN - 724 words, reading time ~2 minutes - Permalink - Comments

This story is mostly funsec, if you can't handle funsec stop reading :) You have just developed you brand new application, it's name is EVIL.EXE. It's a very good application but nobody will install it without good partners.. You need somebody trusted from users that is willing to distribuite it. So.. Let's go! Find out some good partners.

Pseudo threading with BASH

January 27, 2007 at 7:17 pm - Filed under Hacks, Language EN - 567 words, reading time ~1 minutes - Permalink - Comments

This night i was in the process of mirroring all the tmbo.org daily pics for fast viewing. Their site has to be hosted on an ADSL link (like ush.it, hey this site is on a 200kbs/300kbs link, very unprofessional but no one can raid [stupid wordpress plug-in, this is not RAID in the sense of Redundant Disk Array but raid the verb] our server without our knowledge, think about the autistici/inventati aruba raid for example).

Adobe Acrobat Reader Plugin: Multiple Vulnerabilities

January 4, 2007 at 3:09 am - Filed under Insecurity, Language EN - 262 words, reading time ~0 minutes - Permalink - Comments

From 23 to 31 December i was in Berlin for the CCC congress with other Italian security researchers and friends. We had good time enjoying Berlin, drinking beer and exchanging informations. Also Stefano Di Paola and Giorgio Fedon disclosed some Adobe Acrobat Reader bugs in a larger talk titled Subverting AJAX.

Adobe Acrobat Reader Plugin: Multiple Vulnerabilities

January 4, 2007 at 1:56 am - Filed under Insecurity, Language EN - 993 words, reading time ~3 minutes - Permalink - Comments

At CCC my friends Stefano Di Paola and Giorgio Fedon releades some of their latest findings, note that this is a translation in italiano of the original advisory aviable on wisec.it (http://www.wisec.it/vulns.php?page=9) that of course is in english. The advisory is focused on some specific bugs, one of these is called UXSS (Universal Cross Site Scripting) in PDF files.

THP USH Wisec DigitalBullets