UPDATE: The vulnerability isn't actually patched. The Session ID just doesn't get printed to the log files any more. On the 3rd March 2016, Mojang (The developers of Minecraft) released a new version of the Minecraft Launcher. Not much is known about what has changed between the old launcher version and the new launcher … Continue reading Yet Another Minecraft Vulnerability!
A few weeks ago there was a link released to the public that could crash Google Chrome. It looks like this: http://a/%%30%30 Note that this URL does not crash other browsers like IE, Edge or Firefox due to the way those browsers handle the URL. The Basics You cannot type certain characters into a URL, because … Continue reading The link that could crash Google Chrome!
On the 11th of June 2014, this was released onto TweetDeck: https://twitter.com/derGeruhn/status/476764918763749376 It is a script tag containing JQuery, which when executed in the browser, would automatically retweet itself without the users knowledge. Usually, Tweetdeck would have a filter on for this to convert every < and > into < and > However, on the … Continue reading XSS and Twitter: The Self Retweeting Tweet
A few months ago, an exploit of Minecraft 1.8 was released to the public. This exploit involved forcing the Minecraft Client to download a malicious file from a 3rd-Party website or server. Once the severity of the exploit was seen by Mojang (The creators and owners of Minecraft), the exploit was quickly fixed in the … Continue reading The Security Risk of Minecraft 1.8
WordPress was comprimised by the Nuetrino Exploit Kit. This exploit kit installs backdoors on WordPress sites running older versions of the content management system (4.2 and older). It then redirects the victim through a series of iFrames to a landing page hosting a Flash exploit. The exploit targets users running Internet Explorer and the victims … Continue reading WordPress was comprimised!