House of Hackers

Auditor's notes

dev0id Male
Moscow, Russian Federation

Dev0id's Friends

Latest Activity

bEn-G and dev0id are now friends
bEn-G dev0id
Aug 22
smith and dev0id are now friends
smith dev0id
Aug 4
dev0id added a song:
play Pendulum — Blood Sugar
Jul 16
dev0id added 4 songs.
play Infected Mushroom — Infected Mushroom Vs Skazi - I Wish (Brutal Rmx by Skazi)
play Juno Reactor — juno_reactor_-_pistolero
play Aprodite — aphrodite_-_ganja_man_featuring_deadly_hunta
play Aprodite — aphrodite_-_stalker_
Jul 14

dev0id's Groups

dev0id's discussions

Metasploit Server ARP Poisoning -> Idea

Replied Jun 7

RSS

Vuln: CitectSCADA ODBC Server Remote Stack Based Buffer Overflow Vulnerability

Vuln: Google Chrome Arbitrary File Download Vulnerability

Vuln: Apache Tomcat UTF-8 Directory Traversal Vulnerability

Vuln: Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability

Bugtraq: Re: RES: Google Chrome Automatic File Download

Bugtraq: Google Chrome Auto download exploit ..

Bugtraq: [ MDVSA-2008:188 ] tomcat5

Bugtraq: [ GLSA 200809-05 ] Courier Authentication Library: SQL injection vulnerability

More rss feeds from SecurityFocus

 

Profile

Real Name:
dev0id
Website:
http://www.google.com
Blog:
http://houseofhackers.ning.com/profiles/blog/list?user=1ry8xj94ys8fs
Description:
Professional security auditor.

Security and everything related

Interested in security assessments, audits and compliance testings.

penetration testing
programming
bugs hunting

Everything.

Do not leave unwanted comments

Dev0id's Blog

Substantive procedures (part I)

The purpose of this articel to describe substantive audit procedure related to IT audit. This article will cover the following areas:

* The objective of substantive procedures
* The risk factors
*

Continue

Posted on July 4th, 2008 at 8:30pm — 2 Comments (Add)

Online banking: Controls to be implemented

For those who read my article Cracking access to Bank this paper may be interesting from the securing transactions point of view.
As we identified that that the m…

Continue

Posted on June 9th, 2008 at 5:38pm — No Comments (Add)

Script-Kiddies

Why hackers do not like script-kiddeis ? May be you think that hackers hate tham just because guys do not know how to intrude the system or do not know how to craft an exploit... may be... some of kiddies really annoying. However, nobody was born clever. And if we ju…

Continue

Posted on June 9th, 2008 at 11:00am — 4 Comments (Add)

Cracking access to Bank

The purpose of this article is to show the real threat for banks' clients that use on-line banking services for processing bank documents and transactions in "real-time". On-line banking services are used in our days by 99% of legal entities. In my practice I have see…

Continue

Posted on June 7th, 2008 at 8:00pm — 4 Comments (Add)

TrendMicro HOUSECALL_ACTIVEXLib Multiple vulnerabilities

Be careful! Once you scanned your workstation using TrendMicro HOUSECALL this ActiveX component will stay in your system. That means that anyone can exploit this vulnerability. The vulnerable methods are listed below: showAlert() setOption() isOptionAvail…

Continue

Posted on June 6th, 2008 at 5:30am — No Comments (Add)

Bank clients are under attack?

Do you know what is Client-Bank application ? That is electronic transaction system that allows to work with bank account through the Internet. The on of the types of Client-Bank applications is the web-based client bank, that check signatures and e-tokens data using the ActiveX control. I reviewed the one (http://bssys.com/eng). The result was (integer overflow):

Exception Code: ACCESS_VIOLATION Disasm: 1D0BB96 MOV EDI,[ESI+3C] (…

Continue

Posted on June 6th, 2008 at 5:00am — No Comments (Add)

Operational vulnerability in Aeroflot tickets sales business process

Yesterday I was really surprised to know that Aeroflot has operational vulnerability in reservation of tickets process (the part of tickets sales). As it happens Aeroflot allows to perform tickets reservations via WEB and this reservations include desired s…

Continue

Posted on June 4th, 2008 at 5:00am — 2 Comments (Add)

Controls VS Risks

What are the risks and why we always looking for controls? How can we pass controls over and what do we need it for? These questions are normal! I am going to describe simplified audit procedures related to Information Technologies and Information Security audits.…

Continue

Posted on June 2nd, 2008 at 9:30am — No Comments (Add)

Vulnerability in RegWizCtrl

Fuzzing the ActiveX components installed in my operating system i discovered vulnerability in RegWizCtrl ActiveX

The first vulnerability identified in this component was in InvokeRegWizard method; however, this vulnerability identified by mine was in IsRegistered pr… Continue

Posted on May 31st, 2008 at 3:00pm — No Comments (Add)

Hacking Flash

Guys! I am going to give a mouth about the cheating in flash. Talking about the flash you may think only about flash games since they are still popular; however, flash is used for WEB design and you should remember the following: *The main engine of the flash can be built on flash *Flash always runs on clients machine - not server. *Flash could be decompiled. Ok. Let's start. Talking about flash we always look back and see where it is used, what kind of sites. First of all - that are the sites… Continue

Posted on May 31st, 2008 at 2:11pm — No Comments (Add)

Comment Wall (1 comment)

You need to be a member of House of Hackers to add comments!

Join this network

At 2:35am on June 25th, 2008, /\/\єтαlKιทg said…
Nice page!
 
 

About House of Hackers

Petko D. (pdp) Petkov Petko D. (pdp) Petkov created this social network on Ning.

Create your own social network!

 

© 2008   Created by Petko D. (pdp) Petkov on Ning.   Create your own social network

Report an Issue  |  Feedback  |  Privacy  |  Terms of Service