Full disclousure deep technical analisys below. Beware !!!

Jul 12, 2010

Skype Privacy secret revealed??

Stated so by just one man!!
Code here: http://cryptolib.com/ciphers/skype/
Download before it will be removed ;-)

Jul 11, 2010

Corporate OWA owners..pay attention to your click!!

A CSRF vuln in MS OWA till 2007 SP2 expose corporate/provider mail to be pwned.. Detail here:
http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails

Update: my further investigation revealed that vulnerable OWA platform (i can confirm till 2007 SP2 included) doesn't check the HTTP referrer of owa cmd query so exposing webmail to CSRF attack (Cross Site Request Forge).
Many action in OWA context can be exploited like setting a all-inbox forward rule, sending a forged mail, access&steal contact list, delete mail, etc..

Imagine all this combined togheter.. and you got the first amazing OWA worm (POC under development)!!

Remember..
OWA 2007 patched in SP3
OWA 2003 no more supported, no party!! :-(

Have fun

Theory about Aurora's backstage

A one way confirmation theory about who's behind the "Aurora Operation":
http://www.scribd.com/full/33788819?access_key=key-1lcdjsqzz3z5v5apqrfu

Do you agree?? Naaaaaaa...