Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Holes found in Pocket Firefox add-on

by The Gurus
August 20, 2015
in Top 10 Stories
Share on FacebookShare on Twitter

Information security man Clint Ruoho has detailed server-side vulnerabilities in the popular Pocket add-on bundled with Firefox that may have allowed user reading lists to be populated with malicious links.
The since-patched holes were disclosed July 25 and fixed August 17 after a series of botched patches, and gave attackers access to the process running as root on Amazon servers.
Ruho says the bookmarking app functioned as an internal network proxy and subsequent poor design choices meant he could glean information on users including IP address data and the URLs customers saved for later reading. Adding redirects meant he gained access to the etc/passwd file.
“Applications similar to Pocket require some logic to handle HTTP redirects on links [and] I added a link to my queue that resulted in a somewhat malicious redirect,” Ruho says.
“After refreshing the Pocket app on my Android phone, the (reading) list included file:///etc/passwd. Clicking on the item revealed the full contents of /etc/passwd.”
He says chained vulnerabilities could allow an attacker to grab the etc/passwd file, SSH keys, internal IP addresses, and launch secure shell into Pocket’s private IP address backend.
Security bod Ty Miller of Sydney-based Threat Intelligence says while the hack affected Pocket’s servers, an attacker could have targeted user by manipulating reading links.
View full story

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Armed police sent to Mumsnet founder's home after hoax call

Next Post

Unpatched 0-day threatens Apple Mac users

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information