blog

This is one of Johnny's most "famoustest" talks ever, and this is the evolution, which Johnny presents to audiences all over the world! Now it's available as a video exclusively to Informer subscribers! Enjoy!

Google docs network was vulnerable to PDF re purposing attacks. The vulnerability was disclosed to Google with a discretion. This is done to mitigate the risk . Google has worked over it and patched it with in a period of 5 days. The Google doc has been refined and support for adobe plugin is removed. The user security is the prime issue because millions of user were at risk if this attack persisted in the open environment. Integrated accounts were more susceptible as certain credentials could be used to access other accounts. Thanks to Google for considering the recommendation and changing the working behavior of specific components at risk.

The detailed advisory is released here:

WARNING - POSSIBLE IMMATURE CURSING AHEAD. OK *ACTUAL* IMMATURE CURSING, WTF... Well, apparently it was a real popular thing to give away a couple of 0day exploits, so more 0day is being given away! Again this is from the good old days at BindView when your buddy SN was on the RAZOR team.

This paper sheds light on the modified approach to trigger web attacks through JavaScript protocol handler in the context of browser when a PDF is opened in it. As we have seen, the kind of security mechanism implemented by Adobe in order to remove the insecurities that originate directly from the standalone PDF document in order to circumvent cross domain access. The attack is targeted on the web applications that allow PDF documents to be uploaded on the web server.

First come first serve...here's the Maltego license key that's good for 155 days:(see below). Not working anymore ? You should have been checking the site more regularly. Can't see the license key? Subscribe to the site and donate some money to those that really need it. Just do it.