Microsoft has a product called Microsoft Baseline Security Analyzer, when you combine it with the WSUS CAB file, it will output an XML file of all patches installed and (more importantly) not installed on your machine.
With some small scripting (VBS, Powershell, etc), you parse the XML and find the needed patches in a patch repository.
Then you can remotely push all of that out via PS-Remoting or PSExec, and your offline/air-gapped network can stay patched.
On the first day I found XSS flaw on their website on day one and reported it. A month later they change the rules and exclude that sub domain and tell me thy aren't taking submissions for that domain.
Example
2,000,000 million smart phones x $100 monthly payment = $200,000,000
$200,000,000 x 24 month contract = $4,800,000,000
I know AT&T has sold more than 2 million smart phones, so the overall number is a lot larger.
AT&T is saying it is the user's fault for buying a smart phone and is throttling customer's download speed.
AT&T how about you take some of the billions you make in profit and put it towards upgrading your archaic infrastructure?
Facts pulled from ATT.com 2011 4th Quarter Earnings Data
-For the quarter ended December 31, 2011, AT&T's consolidated revenues totaled $32.5 billion
-9.4 million smartphone sales
-Best-ever quarter for Android and Apple smartphones, including 7.6 million iPhone activations
-571,000 branded computing device (tablets, aircards, etc.) sales
Customer Service Notification
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained and we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOEâ's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
# U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
# We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, pl
Lots of sites have cross site scripting vulnerabilities, and news sites are one of them.
CNN, Fox News, MSNBC and other local new sites, have the ability to inject HTML into the pages. So the domain still reads the sites original URL, but contains altered text.
Dont believe me? http://xssed.com/
is a database oh sites that currently have such security hole. Take a look at common sites you use, and maybe demand these sites fix them.
These are the same people that say things such as: NIC Cards (network interface card card)
ATM Machine (automated teller machine machine) and my favorite PIN Number (personal identification number number).
Calling the whole computer a CPU/hard drive/box thingy/tower will always continue on, so we will just have to deal with it.
Just what we need the ability to pull up your favorite porno streaming site and have some kid jacking it in the bathroom. Its bad enough you can only use 1 bathroom per your section of the plane.
Slashdot Mirror
Here is the proof
http://i.imgur.com/TWOedY7.png
Microsoft has a product called Microsoft Baseline Security Analyzer, when you combine it with the WSUS CAB file, it will output an XML file of all patches installed and (more importantly) not installed on your machine.
With some small scripting (VBS, Powershell, etc), you parse the XML and find the needed patches in a patch repository.
Then you can remotely push all of that out via PS-Remoting or PSExec, and your offline/air-gapped network can stay patched.
On the first day I found XSS flaw on their website on day one and reported it. A month later they change the rules and exclude that sub domain and tell me thy aren't taking submissions for that domain.
The SEA hacked Outbrain, which is a content provider. CNN, WP, NY Times, all use this companies software to recommend stories to readers.
http://thehackernews.com/2013/08/Outbrain-hacked-Syrian-Electronic-Army.html
http://techblog.outbrain.com/2013/08/update-outbrain-security-breach/
Example
2,000,000 million smart phones x $100 monthly payment = $200,000,000
$200,000,000 x 24 month contract = $4,800,000,000
I know AT&T has sold more than 2 million smart phones, so the overall number is a lot larger.
AT&T is saying it is the user's fault for buying a smart phone and is throttling customer's download speed.
AT&T how about you take some of the billions you make in profit and put it towards upgrading your archaic infrastructure?
Facts pulled from ATT.com 2011 4th Quarter Earnings Data
-For the quarter ended December 31, 2011, AT&T's consolidated revenues totaled $32.5 billion
-9.4 million smartphone sales
-Best-ever quarter for Android and Apple smartphones, including 7.6 million iPhone activations
-571,000 branded computing device (tablets, aircards, etc.) sales
SLAMPP will give you what you are looking for on a boot cd. http://slampp.abangadek.com/info/
Well someone has to post about it. For me it was AOL 2.5 on my 14.4 modem on windows 3.1. Screaming fast!
This is why I created http://unshrink.me/ To combat all these URL shorteners.
Subject:Important Customer Notification
Customer Service Notification
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained and we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible. We apologize for the inconvenience caused by the attack and as a result, we have:
1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOEâ's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
# U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
# We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, pl
Verizon and the EU rejoice!
Everyone that clicked on any of those drop downs just gave money via ad clicks. Congrats on finding a new ad revenue slashdot!
If Kevin Mitnick didn't write this book, then I am not reading it.
You didn't calculate for the total fakes out there. I remember seeing something saying 1/3, but I can't find it anywhere
I just hope that the first person that gets scanned, doesnt have pink eye! Then all of DHS will be out for 3 weeks.
Havent they caught on by now, if you shut them down they will just find someone else?
Damn you beat me to it. As i was going to say the same thing. Attach your CAT5/6 to the end and pull like hell.
Let's hope they dont detect the killswitch and rewire themselves to remove it...
By googling i came across a couple of interesting results http://rss.framechannel.com/productId=POPA110/frameId=MAC_ADDRESS_OF_YOUR_POPCORN http://rss.framechannel.com/productid=VUNOW720/frameid=6112772894ade1e5a6d15e7.87112235 http://rss.framechannel.com/productid=BOXEE/frameid=6112772894ade1e5a6d15e7.8711223
Wow that's bad. Anyone notice the misspelling?
Seems like they are trying to compete with IE http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx But on http://sla.ckers.org/ circumvention has already been found. XSS will always be around, because of dumb coders trying to re-invent the wheel, yet again.
Lots of sites have cross site scripting vulnerabilities, and news sites are one of them. CNN, Fox News, MSNBC and other local new sites, have the ability to inject HTML into the pages. So the domain still reads the sites original URL, but contains altered text. Dont believe me? http://xssed.com/ is a database oh sites that currently have such security hole. Take a look at common sites you use, and maybe demand these sites fix them.
Great now I am going to get stuck in traffic everywhere, because of dumb "No nukes" protestors!
These are the same people that say things such as: NIC Cards (network interface card card) ATM Machine (automated teller machine machine) and my favorite PIN Number (personal identification number number). Calling the whole computer a CPU/hard drive/box thingy/tower will always continue on, so we will just have to deal with it.
Just what we need the ability to pull up your favorite porno streaming site and have some kid jacking it in the bathroom. Its bad enough you can only use 1 bathroom per your section of the plane.
there is a really good post on it here http://www.xssed.com/news/92/XSS_Iframe_injections_and_XMLHTTP_post_request_errors_on_McAfee_sites/ and http://www.xssed.com/archive/domain=mcafee.com shows sites in the past XSSable http://xssed.com/ keeps track of a lot of XSSed sites