PayPal to pay security researchers for reported vulnerabilities

Written By Mr.Crime Time on Jun 27, 2012 | 4:20 AM

PayPal to pay security researchers for reported vulnerabilities


Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner.

If you manage to find a security flaw in any of PayPal’s products, you may be entitled to a cash reward. "I'm pleased to announce that we have updated our original bug reporting process into a paid 'bug bounty' program," PayPal's Chief Information Security Officer Michael Barrett said in a blog post on Thursday. While Barrett disclosed vulnerability categories, he did not say how much cash the firm will be offering.

Thwart-site scripting (XSS), thwart-site request falsification (CSRF), SQL injection (SQLi) and certification bypass vulnerabilities will be eligible for bounties, the amount of which will be chose by the PayPal security band on a case-by-case footing. Researchers need to be inflicted with a verified PayPal tab in order to receive the fiscal rewards.

PayPal follows in the track of companies like Google, Mozilla and Facebook with the intention of have implemented wellbeing reward programs for their online air force during the last link of years. “While a tiny handful of other companies be inflicted with implemented bug bounties, we judge we are the first financial air force company to do so,” Barrett understood.

Avram found and reported over 10 security issues in PayPal's main and mobile websites during the past two weeks. Some of them were of high severity, he said, adding that PayPal's staff responded every time.
4:20 AM | 0 comments | Read More

Nmap v6.01

Written By Mr.Crime Time on Jun 26, 2012 | 6:33 AM

Nmap version 6.01


Nmap ("Network Mapper") is a free and open source tool for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in new ways to determine what hosts are available on the Internet, what services (application name and version), which hosts offering, what operating systems (and OS versions) they are running, what type of packet filters / firewalls in use, and scores of other properties. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major operating systems, and official binary packages are available for Linux, Windows and Mac OS X. In addition to the classic command-line nmap executable, the nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, routing, and troubleshooting tools (Ncat) and a tool to compare the results of the scan (Ndiff).

Nmap 6.01 addresses bugs that were found in Nmap 6.

Download:
http://nmap.org/download.html
6:33 AM | 0 comments | Read More

Wireshark 1.8.0

Written By Mr.Crime Time on Jun 24, 2012 | 9:23 AM

Wireshark 1.8.0


Wireshark is the world’s most popular network protocol analyzer. It is used to, troubleshooting, analysis, development and education.


New Updated Feature:

  • Wireshark supports capturing from multiple interfaces at once.
  • You can now add, edit, and save packet and capture file annotations.
  • Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.)
  • Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier.
  • OID resolution is now supported on 64-bit Windows.
  • The “Save As” menu item has been split into “Save As”, which lets you save a file using a different filename and “Export Specified Packets”, which lets you have more control over which packets are saved.
  • TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are.
  • TCP window updates are no longer colorized as “Bad TCP”.
  • TShark’s command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets.
  • GeoIP IPv6 databases are now supported.

Download: http://www.wireshark.org/download.html


9:23 AM | 0 comments | Read More

Clubhack Magazine June 2012

Written By Mr.Crime Time on Jun 23, 2012 | 12:28 PM

Clubhack Magazine June 2012


ClubHACK has released the June 2012 version of their magazine. It is the first Indian “Hacking” Magazine. This 29th issue educates us about Game server DOS attacks,Scapy – a packet crafting tool, preventing Cross Site Scripting, etc.

Content:
  • Tech Gyan: Playing Bad Games: Anatomy of a Game-Server DDoS Attack
  • Legal Gyan: SECTION 66D – Punishment for cheating by personation by using computer resource
  • Tool Gyan: Scapy Primer
  • Matriux Vibhag: MITM with Ettercap
  • Mom’s Guide: Hypertext Transfer Protocol
  • Code Gyan: Preventing Cross Site Scripting… Is it a myth!
  • Special Feature: Impact of Cybercrime on Businesses
12:28 PM | 0 comments | Read More

Metasploitable Version 2!

Written By Mr.Crime Time on Jun 19, 2012 | 10:00 AM

Metasploitable Version 2


"Metasploitable is intentionally vulnerable Linux virtual machine. This VM can safety training, testing, security tools and practices common to perform penetration testing techniques."

The default login and password is msfadmin:msfadmin.

Download: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
10:00 AM | 0 comments | Read More
Related Posts Plugin for WordPress, Blogger...