Title: Facebook Inbox Message Disclosure Vulnerability Published: June 24th 2010 Credit: Ryan MacDonald Severity: Information/Privacy Disclosure Vulnerable: Facebook Messaging System BigPipe Performance Pipelining Summary: A vulnerability exists in facebooks messaging system that allows an attacker to view the addressed users, subject and inbox preview text (120 characters) of message contents for recently sent/received messages (last 6) on a users account. Technical Details: BigPipe Pipeling java script code embedded into the source code of ALL PAGES under the “messages” section on facebook, preloads message data that can be arbitrarily read through malicious client side java script or other client side objects. The offending java script specifically is the More >
Yup, nothing to see here except numbers…
2,018: Downloads of the newest project, Linux Malware Detect, month to date. 2,294: Signatures for Linux Malware Detect. 6,207: Downloads for all projects for the month to date. 14,176: Google results with link backs to rfxn.com or related domains (i.e: r-fx.org, rfxn.org etc..). 30,061: Active APF installations relative to unique IP’s fetching the reserved.networks file daily. 70,826: Project downloads for the last 12 months, May 2009 – April 2010. 133,931: Total visitor session to rfxn.com, month to date. 258,154: The number of web sites protected by APF (passed unique install IP’s to domainsbyip.com). 1,231,604: Total hits to rfxn.com, month to date.More >
In LMD 1.3.3 there was allot of changes, 29 to be exact, that made LMD much more robust and especially the monitoring component, much more usable. If that release was about making good things better, then this release is about bringing loose ends together. I spent a couple of days running LMD through its paces along with having many people help me test it and during that process, we brought allot of little things to the surface that needed fixing or revising.
In total, there has been 31 changes, fixes or new additions to LMD since that 1.3.3 release on the More >
In my last post, I reflected on the last 7-8 years of projects here at rfxn.com, in doing so I also dug up some statistics on project downloads. I not only did this for my own curiosity but to prioritize the mile long to do list I have for the projects, based on downloads. One of the revealing things was just exactly what people are downloading, in particular that projects like LES , PRM & SIM are still very popular download destinations on the site.
Although a new incarnation of APF & BFD are on the agenda, I thought I would More >
Today I woke up and was in a weird mood, I started to take stock of some thing while at the same time cleaning out the rfxn.com projects and downloads repo (thats a whole other story in itself). In doing so, I realized just how long I have been doing this, it sometimes gets past me just how much time has gone by since my first projects went up.
In November of 2002 I put out the first public version of System Integrity Monitor over at the then rackshack community forums, at a time when Cobalt Raq’s and bargain basement More >
This morning I have put out LMD v1.3.3, this is on the back of two other successive releases in recent days that improved LMD in many areas, along with correcting some bugs that were graciously reported by those helping to break-in the project. I have also listened to feedback and revised a number of features along with completely redoing how the inotify monitoring operates, to provide a much more robust model for real-time file monitoring.
I am also happy to say that people are embracing the use of the -c|–checkout option to send me malware that is not currently detected, which More >