Lost+Found: Password klutzes, cat payloads and a lulzy-PoC
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been been on The H's radar this week. In this edition: the offensive uses of plain text, proof of concepts for the lulz, 29C3 videos, payload enabled cats and Inception opens up Windows 8.
- On Plain Text Offenders, tales are told on web services that store user passwords in clear text. Over 1000 services have already been placed in the online pillory. Pages that mail users their access data in plain text have also been busted.
- The critical 0day vulnerabilities in Java are now available in a Metasploit module. The critical MoinMoin hole had a Proof of Concept on Pastebin which seems to have been created for the lulz. Meanwhile, Charles Somerville explains in detail how the Rails critical vulnerability works.
- The videos for 29C3 are now online – there are mirrors too. For those who want their infosecurity perspectives much shorter, try Infosec Reactions where they just touched it.
- Cats have payloads too. At least this cat did when it was delivered by the hacker who is being hunted by police for his use of a virus dubbed iesys.exe. The cat was found on an island near Tokyo with a memory card strapped to its collar containing details of the virus that only its creator would know.
- Inception steps up. The Firewire hacking tool Inception claims that since 0.2.2 it is able to unlock Windows 8 or make a duplicate of memory. Anyone who has actually done that and is able to confirm that should drop a line to The H Security.