Highest Voted 'exploit' Questions - IT Security Stack Exchange

303

votes

3 answers

CRIME - How to beat the BEAST successor?

With the advent of CRIME, BEAST's successor, what possible protection is available for an individual and/or system owner in order to protect themselves and their users against this new attack on TLS?

tls exploit defense

asked Sep 08 '12 at 19:39

Kyle Rosendo

3,965
4
18
17

213

votes

5 answers

What is a specific example of how the Shellshock Bash bug could be exploited?

I read some articles (article1, article2, article3, article4) about the Shellshock Bash bug (CVE-2014-6271 reported Sep 24, 2014) and have a general idea of what the vulnerability is and how it could be exploited. To better understand the…

linux exploit known-vulnerabilities bash shellshock

asked Sep 25 '14 at 00:30

Rob Bednark

1,435
3
10
9

193

votes

7 answers

How can I protect myself from this kind of clipboard abuse?

Clipboard abuse from websites Many websites use JavaScript or CSS to stealthily insert or replace text in the user's clipboard whenever they copy information from the page. As far as I know this is mostly used for advertising purposes, but PoC for…

exploit unix web-browser clipboard

asked Jul 18 '13 at 00:08

sam hocevar

1,869
2
13
9

179

votes

9 answers

Can webcams be turned on without the indicator light?

I've made a series of penetration tests in my network and one of the things I've tried was to record webcam and microphone. Recording an end-user's microphone seems to be a stealth thing, but what about the webcam? In my tests, the indicator is…

attacks penetration-test exploit

asked Sep 01 '11 at 16:33

user4610

142

votes

14 answers

What "hacking" competitions/challenges exist?

I have always enjoyed trying to gain access to things I'm not really supposed to play around with. I found Hack This Site a long time ago and I learned a lot from it. The issue I have with HTS is that they haven't updated their content in a very…

professional-education exploit conference

asked May 05 '11 at 20:37

KilledKenny

1,662
4
19
28

137

votes

2 answers

What is 'tabnabbing'?

Wikipedia is not very explicit on this, The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time. What is 'tabnabbing', how does one do it?

web-browser exploit

asked Sep 08 '16 at 10:45

Matas Vaitkevicius

1,325
2
9
12

127

votes

2 answers

How do ASLR and DEP work?

How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work, in terms of preventing vulnerabilities from being exploited? Can they be bypassed?

exploit aslr dep shellcode

asked Aug 12 '12 at 15:13

Polynomial

132,208
43
298
379

116

votes

7 answers

Can "cat-ing" a file be a potential security risk?

I often use cat on the console to view the contents of files, and every now and then I accidentally cat a binary file which basically produces gibberish and system beeps. However today I've encountered a situation where the output from the cat…

linux exploit macos terminal

asked Apr 22 '14 at 02:29

Ivan Kovacevic

2,099
5
19
21

114

votes

5 answers

What should a website operator do about the Heartbleed OpenSSL exploit?

CVE-2014-0160 http://heartbleed.com This is supposed to be a canonical question on dealing with the Heartbeat exploit. I run an Apache web server with OpenSSL, as well as a few other utilities relying on OpenSSL (as client). What should I do to…

exploit openssl heartbleed

asked Apr 08 '14 at 03:10

Deer Hunter

5,297
5
33
50

109

votes

8 answers

Why do I hear about so many Java insecurities? Are other languages more secure?

I really like the Java programming language, but I continuously hear about how insecure it is. Googling 'java insecure' or 'java vulnerabilities' brings up multiple articles talking about why you should uninstall or disable Java to protect your…

exploit java

asked May 09 '14 at 17:39

gsgx

1,225
2
12
13

103

votes

19 answers

How to explain to traditional people why they should upgrade their old Windows XP device?

This is an issue I'm recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they're using their PCs. The particular issues vary, but this time…

exploit defense updates user-education

asked Nov 16 '19 at 20:06

gaazkam

5,607
11
24
37

94

votes

3 answers

Stack Overflows - Defeating Canaries, ASLR, DEP, NX

To prevent buffer overflows, there are several protections available such as using Canary values, ASLR, DEP, NX. But, where there is a will, there is a way. I am researching on the various methods an attacker could possibly bypass these protection…

exploit known-vulnerabilities buffer-overflow

asked Sep 21 '12 at 13:09

sudhacker

4,260
5
23
34

92

votes

4 answers

I was tricked on Facebook into downloading an obfuscated script

I got a notification on Facebook: "(a friend of mine) mentioned you in a comment". However, when I clicked it, Firefox tried to download the following file: comment_24016875.jse This is an obfuscated script which seems to download an executable…

exploit facebook obfuscation drive-by-download

asked Jun 25 '16 at 14:07

Nacib Neme

1,194
2
9
11

81

votes

13 answers

Is divide-by-zero a security vulnerability?

Even though sometimes software bugs and vulnerabilities are deemed as the same concept, there must be at least one distinct aspect between them, and I think the most prominent one is exploitability (the latter one having the property). What I'm…

exploit attacks vulnerability

asked Mar 04 '19 at 01:15

Gwangmu Lee

859
1
5
7

80

votes

6 answers

Can malicious code fit in 14 bytes?

I was reading this The New York Times (NYT) article about the hack of Jeff Bezos's phone. The article states: The May 2018 message that contained the innocuous-seeming video file, with a tiny 14-byte chunk of malicious code, came out of the…

malware exploit attacks

asked Jan 23 '20 at 02:22

Stud Sterkel

785
1
4
6

Questions tagged [exploit]