backdoor

To content | To menu | To search

Sunday 4 November 2018

Una Internet libre es posible

Hola Hackers!

Una iniciativa impulsada por el creador de la web pretende devolver a los usuarios el control de de sus datos y liberar la red de la influencia de Facebook, Amazon o Google que ayudan a gobiernos cada vez más totalitarios vigilar a sus propios ciudadanos.

download.png

Tim Berners-Lee acaba de coger una excedencia en el MIT para lanzar una star-up. El padre de la world wide web ahora esta creando Solid, una plataforma diseñada para descentralizar la red. Los que lo han visto la describen como una mezcla de Google Drive, Microsoft Outlook, Slack, Spotify y WhatsApp, la diferencia con la Internet actual es que nuestros datos no discurre hacia los data centers de Amazon, Google o el gobierno Chino, sino que pertenece encapsulados en su propia nube individual, un objeto tipo USB llamado POD (personal online data). Cada POD está sujeto al control del usuario que es consciente en todo momento los datos que existen en el sistema y que aplicaciones tienen acceso a ellos.

1366_2000.png

"Piensa en Solid POD como si fuese tu propio sitio web privado, excepto que tus datos interactúan con todas tus aplicaciones, lo que significa que tiene su propia API personal que siempre te acompaña. Cuando publicas comentarios o vídeos en línea, tus amigos pueden verlos con la aplicación que deseen, como un visor de álbum o un feed social. Son tus datos, y se pueden configurar de cualquier forma". - Tim Berners-Lee en Medium.

Un claro ejemplo de como sería nuestra vida con Solid, una tienda de venta de ropa no necesitará almacenar datos sobre el usuario para mostrarle recomendaciones, sino que el POD almacenará su perfil y le permitirá a la tienda (si el usuario lo desea) acceder a este para dicho fin, pero los datos siempre estarán en poder del usuario, no en los servidores de dicha tienda.

Hacer que los usuarios dejen de lado Internet para pasarse a una alternativa más segura y privada es una tarea complicada. Ejemplo de ello es WhatsApp, gestionada por Facebook y con 1.500 millones de usuarios. Al otro lado Signal, una app de mensajería privada y de código abierto, mucho más segura y con una interfaz muy parecida a WhatsApp cuya cuota de mercado es ínfima. La gente convencional no quieren ver los peligros de Internet y de la 0 privacidad que esta da.

En resumen Solid una Internet descentralizada almacenada en pods locales. ¿Te vienes a Solid? Mas info aquí.

Saludos.

@n0ipr0cs

Sunday 29 April 2018

XSS Flexense all Products and versions

Dear Hackers,

About DiskBoss:

DiskBoss is an automated disk space analysis and file management solution allowing one to perform various types of disk space analysis, file classification, duplicate files search, file synchronization, disk change monitoring, file management, file delete and data wiping operations on local disks, network shares, NAS devices and enterprise storage systems. DiskBoss is developed and supported by Flexense Ltd. - an independent software vendor specialized in data management software products for automated disk space analysis, file classification, file synchronization, rule-based file management, server monitoring, file delete and data wiping operations. Flexense Ltd. sells its software products to more than 75 countries around the world and provides full support for all types of customers including consumers, small businesses, large enterprises, educational institutions and governments.

I know Diskboss for their vulnerabilty CVE-2018-5262 This is a Buffer Overflow, always will only use it for the capture the flag or ethical hacking XD. So I decided to research from this vendor.

This XSS in Flexense DiskBoss, affects all versions, tested from DiskBoss Enterprise v7.4.28 to v9.1.16. This attack allows an attacker code execution. The vulnerability affects the confidentiality of personal data, possible theft of confidential information, for example, credentials of session, cookie information, personal information, or a possible loss of control of the PC.

To be able to reproduce the vulnerability, you can view the evidence related:

Diskboss

- Vector attack: /?n0ipr0cs<script>alert('XSS')</script>n0ipr0cs=1

- Attack Type: Remote

- Reference: https://cwe.mitre.org/data/definitions/79.html

The vulnerability has assigned its CVE-2018-10294, I have asked please update the website in Diskboss new 12-Apr-2018 - DiskBoss v9.2, because the vulnerability has been fixed.The new product version (v9.2.18) fixes a number of bugs and security vulnerabilities, this include CVE-2018-10294.

This vulnerability has been discovered by Francisco Javier Santiago Vazquez aka "n0ipr0cs" Linkedin Twitter

See you soon.

UPDATE: The vulnerability which also involves to all products and versions. Asigned have been assigned the CVE:

XSS in Flexense Diskboss, affects all versions CVE-2018-10294

XSS in Flexense SyncBreeze, affects all versions CVE-2018-10563

XSS in Flexense DiskPulse, affects all versions CVE-2018-10564

XSS in Flexense DiskSavvy, affects all versions CVE-2018-10565

XSS in Flexense DupScout, affects all versions CVE-2018-10566

XSS in Flexense VX Search, affects all versions CVE-2018-10567

XSS in Flexense DiskSorter, affects all versions CVE-2018-10568

Monday 12 February 2018

Call for paper br3aking c0de

Dear Hackers,

In this article I want to inform you about br3aking c0de, a hackmeeting & hacklab 👽, an event of hacking alternative and different. Speak freely without censorship. Assistance only for guests or through acceptance of call for paper CFP. We are pleased to present the call for papers for br3akingc0de! We are accepting short talks of 30min and long talks of ~1h.

We acceptance the call for papers until 15 April by br3akingc0de at protonmail dot com I only can say that, are you interested to come to a Spain? If so, we are a hackmeeting & hacklab therefore we have no money because we have no sponsorships.

br3akingc0de.png

Different and original research, submit you CFP on topics such as: 3D Printers, Lookpicking, Social Engineering, Reversing, Exploiting, Satellite Hacking, Internet of Things (IoT), Development of Tools, Scripts, Python, Web Security, Anonymity Privacy, Forensics & Anti-Forensics, Hardware Hacking, Wireless Security, Cracking, Cryptography, Steganography, 0-Day, GSM, GPRS and CDMA Security, LeaTestingks, Hacking Radio, Antivirus Evasion, Embedded Systems Technologies, RFID Security, VoIP Security, IPv6 Security, Attack and Defense Techniques, Application, Aplicattion Security, , Fuzzing, Code Auditing, Virtualization Security, Malicious Code, Databases Security, Viruses, Worms, and Trojans, Artificial Intelligence, Big Data, Machine Learning, Data Science, Bio Hacking.

Security services and agencies, there will be Hackers everywhere but we are not cybercriminals. In first edition of br3aking c0de, there was a curiosity, the night before to the event someone up a wireless access point without any authentication…

C-GrwmUWAAAvr09.jpg

Only for your eyes, a few beers, a nice meal, friends and nobody else. Nothing will be public and all the things we talk will be privated. More information: br3aking c0de

Se you soon.

@n0ipr0cs

Saturday 11 March 2017

Hello World!

Welcome to all.

This is the first post, here you will find information about my research of hacking and security.

I am Javi and you can call me n0ip0cs, I am Security Researcher & Ethical Hacker, I also write within the Community Estación Informática. I have more than 7 years of career and I have been involved in the world of security congress as speaker and as a founder.

Coming soon.

Do not be evil.

@n0ipr0cs