Friday, 11 January 2013

Java 0-day In The Wild - Disable Java Plugin NOW

Security researchers have discovered yet another critical Java 0-day exploit being used by majority of the browser exploit packs such as Blackhole and Cool. Users are urged to DISABLE the Java plugin RIGHT NOW.

French researcher Kaffeine discovered that the java 0-day has been spotted to be making big hits daily, in a blog post. This particular exploit has proven to be very serious threat for the users. The folks at AlienVault Lab have also reproduced the exploit and it seems to work over all the java versions across all platforms which is a very serious threat.

As for now, the users are highly urged to disable their JAVA plugins right now so that they do not get hit by these 0-days.

So what are you waiting for?

Important links:


How To Disable Java Plugin

Kaffeine's blog post

Alien Vault Labs Post


Read more...

Thursday, 10 January 2013

Create Backup Of List Of Apps Installed In Ubuntu

When my laptop's HDD was near to death, I had created backup of the list of all applications and packages I'd installed in my Ubuntu so that I would be able to install them easily in my new system in new HDD. I had forgotten about it but today suddenly remembered and am sharing this simple technique. Fire up the terminal and type the following:

samar@Techgaun:~$ sudo dpkg --get-selections > installed_apps




Now the list of packages will be saved in the installed_apps file and you can use it for future reference. I hope this is useful ;)


Read more...

Thursday, 27 December 2012

The Scale Of Universe [A Must Watch]

Well this is so absofuckingly awesome that I decided it is worth making post about this particular site. Without further delay, I present you this awesome link

Scale of Universe


I hope you loved the site like I did :)




Read more...

Monday, 24 December 2012

Wishing You A Merry Christmas

Techgaun wishes you all Merry Christmas and Happy Holidays. May this christmas bring happiness and joy in your life. May this Christmas be the special one and may Santa be more gracious to you and your family.

Time for enjoying the christmas to its fullest so guess what we are doing?

Listening to this great song:



And, few movies on the line :)

List of Christmas Movies



The Christmas List


A Bride For Christmas


Christmas Cupid


Christmas Song


Naughty or Nice


All I Want For Christmas


Now that we love the geeky stuffs, lets see some examples of Christmas trees drawn using TeX. FYI, TikZ is build on top of PGF and allows you to create sophisticated graphics in a rather intuitive and easy manner. And, Tikz and PGF are TeX packages used to create graphics programmatically.

Christmas Tree Using Tikz

Wish you and your family a Merry Christmas!!!



And, special mention to Brisha Pote and Movie111Me @ Youtube


Read more...

Monday, 17 December 2012

Evince Rocks! Foxit Sucks

Been using foxit PDF reader for a while in Windows 7 while I was working on some windows-based project and I was totally pissed off with foxit.

Not being a fan of Adobe's PDF reader, I decided to try foxit PDF reader since some of the online reviews were stating Foxit to be a great PDF reader. Basically, I was looking for a very simple, fast, and lightweight PDF reader that suits me. Foxit has everything a good PDF reader should have. It works pretty well with any PDF documents I need to read. It is supposedly lightweight, fast, secure, and it has millions of users. But, it was neither fast nor lightweight in its default configuration, in my experience.

But its still lacking some feature, that I do not know. I just can not feel the software. I am not satisfied with the level of user experience this software imparts. What do you guys have to say about this??

Then I decided to use the famous PDF reader from linux world, the Evince. And, what can I say?

Evince ROCKS!!!





If you have not tried evince for windows, download it from Gnome's Evince page and try right away on Windows. It should work on Windows XP, Vista, and 7.

Download Evince




Read more...

Wednesday, 12 December 2012

GitHub Snippet Sharing Gist Gets Revamped

GitHub team has today announced the new Gist, their online snippet sharing tool. Gist is a simple way to share snippets and pastes with others offering syntax support for several languages, configuration file formats and document formats.

The great thing about Gist is that all gists are git repositories, so they are automatically versioned, forkable and usable as a git repository. Whether it's a simple snippet or a full app, Gist is a great way to get your point across.

The new Gist is re-written completely from scratch using better libraries and following appropriate style guide.

Read rest of the story at GitHub


Read more...

Tuesday, 11 December 2012

Inj3ct0r Team Hacked ExploitHub, Stole Private Exploits Worth $242333

Inj3ct0r team, which provides the ultimate database of exploits and vulnerabilities and serves as a great resource for vulnerability researchers and security professionals, has hacked ExploitHub.com, the site similar to inj3ct0r and stolen several private exploits worth $242333.

In the post from inj3ct0r team, they have provided the details for motivation of hack and the process of hack. At the time of writing this, ExploitHub.com seems to be down.

The post gives the process to accomplish the hack as below: I am very much surprised when he learned of Magento eCommerce Software and search /install/ 1) We scan server and site 2) We reinstall Magento CMS https://www.exploithub.com/install/ <= We reinstall Magento CMS 3) Upload shell and phpinfo https://www.exploithub.com/phpinfo.php 4) Back all files and database. 5) Upload piece of the database https://www.exploithub.com/export/ 6) Increased privileges


Read more...

Saturday, 8 December 2012

DNS Rebinding Attack Using Rebind

Rebind is a tool that implements the multiple A record DNS rebinding attack. Although this tool was originally written to target home routers, it can be used to target any public (non RFC1918) IP address.

Rebind provides an external attacker access to a target router's internal Web interface. This tool works on routers that implement the weak end system model in their IP stack, have specifically configured firewall rules, and who bind their Web service to the router's WAN interface. Note that remote administration does not need to be enabled for this attack to work. All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by the attacker.



Important Links


Download rebind

Tested Routers (Affected + Not affected)

Rebind FAQ

Defcon Slides



Kind of interesting vector and I guess many are vulnerable out there.


Read more...