LastPass does actually know URLs. After logging into LastPass.com, you can navigate to https://lastpass.com/getaccts.php (only accessible post authentication with a valid session cookie.) This will return an XML…
Taviso has been on a rampage.
Yep. Here's the code from nginx: https://github.com/nginx/nginx/blob/master/src/http/ngx_http...
You can go back further by modifying the startTime parameter in the download link. https://maps.google.com/locationhistory/b/0/kml?startTime=14...
This works also, and doesn't require a hosted file: https://xss-game.appspot.com/level6/frame#data:text/plain,al...
SSH tunneling, of course! But seriously, the github wiki says that it uses SSL also.
Here's the direct streams: http://livestream-f.akamaihd.net/142499_129958_13c898be_1_20... Or lower quality: http://livestream-f.akamaihd.net/142499_129958_13c898be_1_55...…
They are claiming, over their twitter account, that the email was faked: https://twitter.com/purevpn/status/386700121053736963
Update URL can be found here: http://www.huluwa.org/download/platfrom/android/update.json
Appears that it cascaded across all of their nameservers. Seems like it could be an attack (remote or local DoS condition bug, since all users can create their own zones), or maybe just a random bug - hopefully they'll…
From the #linode IRC channel, caker (CEO) states it was a segfault in bind. 13:53:14 caker@ : They operate completely independently, other than loading from the same zones. This looks to be a segfault in bind itself
LastPass does actually know URLs. After logging into LastPass.com, you can navigate to https://lastpass.com/getaccts.php (only accessible post authentication with a valid session cookie.) This will return an XML…
Taviso has been on a rampage.
Yep. Here's the code from nginx: https://github.com/nginx/nginx/blob/master/src/http/ngx_http...
You can go back further by modifying the startTime parameter in the download link. https://maps.google.com/locationhistory/b/0/kml?startTime=14...
This works also, and doesn't require a hosted file: https://xss-game.appspot.com/level6/frame#data:text/plain,al...
SSH tunneling, of course! But seriously, the github wiki says that it uses SSL also.
Here's the direct streams: http://livestream-f.akamaihd.net/142499_129958_13c898be_1_20... Or lower quality: http://livestream-f.akamaihd.net/142499_129958_13c898be_1_55...…
They are claiming, over their twitter account, that the email was faked: https://twitter.com/purevpn/status/386700121053736963
Update URL can be found here: http://www.huluwa.org/download/platfrom/android/update.json
Appears that it cascaded across all of their nameservers. Seems like it could be an attack (remote or local DoS condition bug, since all users can create their own zones), or maybe just a random bug - hopefully they'll…
From the #linode IRC channel, caker (CEO) states it was a segfault in bind. 13:53:14 caker@ : They operate completely independently, other than loading from the same zones. This looks to be a segfault in bind itself