Yegor Khomyakov continues hacking
Known for the incident with Github, Russian web developer Yegor Khomyakov ( Chikey ) distinguished himself once again. This time, he decided not to waste time on trifles and immediately hit the top ten well-known services, including Moneybookers, Formspring, SlideShare, YFrog, Bitbucket, Lockerz, Github, KinoPoisk, Badoo, Odesk, Dailymotion, Vimeo, About.me, Posterous, Hulu, Booking.com, Heroku.
Enchanting post with a selection of hacks for the above sites can be found here . We only note that the main problem with transferring money through Moneybookers was that he previously informed the developers and waited until they closed the vulnerability before publishing the information.
Egor says that this is only a tiny part of the vulnerabilities in the most popular services, not to mention the sites of medium and small size. Egor basically does not publish critical vulnerabilities, because "prison is not suitable for a comfortable life," in his opinion.
')
This week Khomyakov plans to publish a vulnerability in Webkit, later on JSONP security tips, frames, circumvention of the domain restriction rule, CSRF, as well as another easy Rails (and PHP) hack, sites are being selected to demonstrate the vulnerability.
If anything, Egor is ready to conduct a security audit and consultation for only $ 500 / site, and just try to refuse - remember that he is now picking up examples to demonstrate vulnerabilities (just kidding).
PS April 3, 01:23. Price increased to $ 1000 / site.
Enchanting post with a selection of hacks for the above sites can be found here . We only note that the main problem with transferring money through Moneybookers was that he previously informed the developers and waited until they closed the vulnerability before publishing the information.
Egor says that this is only a tiny part of the vulnerabilities in the most popular services, not to mention the sites of medium and small size. Egor basically does not publish critical vulnerabilities, because "prison is not suitable for a comfortable life," in his opinion.
')
This week Khomyakov plans to publish a vulnerability in Webkit, later on JSONP security tips, frames, circumvention of the domain restriction rule, CSRF, as well as another easy Rails (and PHP) hack, sites are being selected to demonstrate the vulnerability.
If anything, Egor is ready to conduct a security audit and consultation for only $ 500 / site, and just try to refuse - remember that he is now picking up examples to demonstrate vulnerabilities (just kidding).
PS April 3, 01:23. Price increased to $ 1000 / site.
Source: https://habr.com/ru/post/141277/
All Articles