Categoría:Hacking. El "texto de la muerte" para los usuarios de Apple. Más que el "texto de la muerte" para los usuarios de Apple esta entrada debería llamarse "el bug en CoreText que permite que una cadena de caracteres en árabe haga fallar a las aplicaciones de iOS 6 y Mac OS X 10.8". Efectivamente, un error en el API de CoreText, el framework de renderizado de fuentes de Apple, provoca que la siguiente cadena de caracteres árabigos سمَـَّوُوُحخ ̷̴̐خ ̷̴̐خ ̷̴̐خ امارتيخ ̷̴̐خ (traducida Smoouhkh ̷̴̐ ̷̴̐ x x x ̷̴̐ Amartykh ̷̴̐ x) haga fallar cualquier aplicación de iOS y Mac OS que lo utilice.
Se ha confirmado la vulnerabilidad en Mac OS 10.8 (Mountain Lion) y iOS 6, de hecho, cualquier con ese SO no podrá leer este post puesto que el navegador se le habrá cerrado XD. Las versiones de iOS inferiores a 6 y 7 beta, Mac OS inferiores a 10.8 y 10.9 beta parecen no verse afectadas por este problema. . - Enviando un sms a un iPhone: ojo porque además una vez recibido no podrás abrir más 'Mensajes'. Fuentes: Hacking Java Applications using JavaSnoop. Introduction: We are all aware of tools like Burp, Paros, WebInspect, etc… for intercepting web-based traffic and also for automating the security testing process. However, the same is not true for thick client applications. We do not have automated tools available for automating the security testing of thick client applications.
In my previous article on “Application Security Testing of Thick Client Applications”, I mentioned a few tools that can be used for penetration testing of a thick client application. We had discussed a tool called Echo Mirage that can be used to intercept and edit the traffic for .EXE based applications. In this article, we will discuss a tool that can be used to assess the security of JAVA based applications. We are all aware of how difficult it is to intercept thick client applications due to the complexity and nature of these applications. Approach 1: Intercepting and hacking the traffic Approach 2: Altering the client and hacking Introduction to JavaSnoop Step 2: OWASP Zed Attack Proxy Project. Involvement in the development of ZAP is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help: Feature Requests Please raise new feature requests as enhancement requests here: If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.
Feedback Please use the zaproxy-users Google Group for feedback: What do like? Log issues Have you had a problem using ZAP? If so and its not already been logged then please report it Localization Are you fluent in another language? You can use Crowdin to do that! Development If you fancy having a go at adding functionality to ZAP then please get in touch via the zaproxy-develop Google Group. Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!
How To Password Protect Your USB Stick: 3 Easy Ways. USB thumb drives are small, portable, and can be read on any device with a USB port. These features make them the perfect vehicles to transport data between computers. Due to their portability, however, they are also easily lost. Thus sensitive files callired on a USB stick should always be protected. Unfortunately, you cannot simply password protect your entire USB stick, like you have password protected your Facebook account. Tools that will seriously protect your your data, all work with encryption. Unless you want to invest in a secure flash drive with hardware encryption, you can use freeware applications to achieve a similar level of protection. 1. As mentioned above, you can’t safely password protect your entire USB stick without using encryption. Many programs, including Word and Excel, allow you to save files with a password. 2.
Many tools can encrypt and password protect your data. 3. Download the usbsafeguard.exe and copy it to your USB flash drive. Additional Material. XSSed | Cross Site Scripting (XSS) attacks information and archive. XSSer: automatic tool for pentesting XSS attacks against different applications. BeEF - The Browser Exploitation Framework Project.