Mathematics & Statistics Posts @mathpost - Tumblr Blog

“Sometimes I leave the back door open for my deaf and blind dog so he can enjoy what the neighbors are grilling.”

(Source)

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

foodffs

Roasted Potatoes and Kielbasa (One-Pan Recipe)

Really nice recipes. Every hour.

Show me what you cooked!

yijinheedo-deactivated20220316

An eye-opening perspective (Source)

fyphysica

The Subtle Pythagoras Theorem

Pythagoras famously quoted:

Do not say a little in many words but a great deal in a few

And his theorem is a draconian illustration of these words.

* This happens to be one of my favorite proofs of the theorem, but feel free to explore the legion others that are in existence, like this one :

Good Day!

#gif #math

bigblueboo

bezier gauze

#graph #math #lattice

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

大学生毕业论文设计：平面图的Dunbar猜想

•学号：PB06001074 •姓名：王晶 •年级：06级 •系别：数学系 •完成日期：2010年6月 •指导教师：徐俊明 •学校：中国科学技术大学

摘要：对一个非空图G（graph），如果G中的每一个顶点都在D 中或者与G的顶点相连，那么 D就被称为非空图的控制集（dominating set），最小的控制数（dominating number）我们就用γ（G）表示。设E为为G的一个边的集合，如果G- E的控制数大于G的控制数，那么最小的集合E中边的数目就称为束缚数b（G）（bondage number）。摘要Kang 和 Yuan 曾证明过对任意联通的平面图 G来说 b(G)≤8。 Carlson 和 Develin 提供过一个简单，原始的证明：当G为平面图时 b(G)≤ min{8, △(G)+2}。在本文中，我们将尝试证明Dunbar的著名猜想 b(G) ≤ △+1；由于证明本身困难，我们将先考虑部分情况，就是连通平面图，与此同时，我们将只考虑△≤3的特殊情况。

Abstract: Given a nonempty graph G, a set D of its vertices is a dominating set if every vertex of G is in D or adjacent to a vertex in D. The dominating number γ(G) of a graph G is defined t be the minumum size of a dominating set of G. If E is a edge set of G, the bondage number b(G) of a nonempty graph is defined to be the cardinality of the smallest set E of edges of G such that the graph G-E has domination number greater than that of G.Kang and Yuan proved b(G)≤8 for every connected planar graph G. Carlson and Develin presented a simple, intuitive proof that b(G)≤ min{8, △(G)+2}for all planar graphs G. In this paper, we conject that b(G) ≤ △+1 when 3≤△≤6. Since it is not very easy, we will consider △≤3 first especially for a connected planar graph.

关键词：束缚数（bondage number），控制数（domination number），连通的平面图（connected planar graph），度（degree），顶点（vertex）

本文主要内容第一章主要介绍的是本文的背景知识，以及关于束缚数的研究历程和与之相关的部分文献，以及现在的研究现状。第二章回顾了与束缚数有关的研究成果，主要结论的列举，以及本文可能用的的部分主要结论。第三章则为本文涉及的主要证明以及猜想和本文可能的应用

http://www.slideshare.net/greentask/dunbars-conjecture-for-planar-graphs

#dunbar #conjecture #planar #graph #ustc #jing wang #justqdjing #research #math #001 #tetraph #inzeed #china

jpedmaths

In the geometry of mariners, where straight lines are Great Circles, the angle sum of a triangle is more than 180 degrees.

#math #180 #tetraph #inzeed #justqdjing

insane-mathematician

The Gamma Function’s integral definition and one of its properties translated to Gallifreyan mathematics. This took me a few hours.

#woo

hyrodium

The reason why Involute gears turn smoothly. Fig 1) How to draw involute of circle. Fig 2&3) Move and rotate the observing point. Fig 4&5) The curves are tangent. Fig 6) Involute gears turn smoothly.

#math #gear

matan-matika

The Quaternion Group

Just as Complex Numbers are a 2-Dimensional extension of the Real Numbers, Quaternions are a 4-Dimensional extension of Real and Complex Numbers. And just as you can describe how to make the Complex Numbers from the Reals using the group Z/4Z, you can describe how to make Quaternions using something called the Quaternion Group, denoted Q3.

The main structure is that you have 3 different elements, {i, j, k}, which behave similarly, in that i2=j2=k2= -1. But you also define multiplication between them. This actually has to be non-commutative, to make things work out, so ij=k, but ji= -k, etc. A helpful diagram is if you go forward in the following figure, you keep it positive, but if you go backwards, you use a negative.

There are 2 elements that commute with every element in the Quaternion group, namely {1, -1}. This is called the center of the group, denoted Z(Q3), from the German Zentrum.

This is multiplication by i on the left

And this is multiplication by i on the right

If you notice that with all Q3’s subgroups, even though some cosets are different if you multiply by the left or right, the left and right cosets have the same elements, which makes every subgroup of Q3 a Normal subgroup. (This is not true of all subgroups of all groups, but this one’s special)

Example with subgroup J= {1, j, -1, -j}

This is the left coset iJ

This is the right coset Ji

For completeness’s sake, here is the same thing with k

Just to make the next part easier, I will display Q3 in a new format that puts elements which are just inverses of each other close together.

And then, if you take the quotient group Q3/{1, -1}, or contract the group by putting together groups that are inverses of each other…

You get the Klein 4-Group!

(This form of showing groups is called the Cayley graph)

(Quaternions are actually really great at describing motion in 3 or 4 dimensions, and the reason you need them for 3 is that this kind of system only works in dimensions that are powers of 2)

#algebra #nice

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

discipulae

Need some help with factoring?

Worksheets:

Feel free to download and print the sheets on either side of the banner. On the left, I have filled out the blanks, so you can either print that copy out, or print out the empty sheet and use my notes to fill out the sheet on the right! Also, where it says “No Coefficient,” I’m talking about a leading coefficient of one. However, that didn’t sound as catchy on the sheet :) “With Coefficient” means that the leading coefficient is greater than one or less than zero. The sheets aren’t very detailed because they were meant for my own personal use, so please feel free to ask me anything about them/the subjects!

Links:

Khan Academy: Factoring Quadratics with a Leading Coefficient of One

I recommend poking around other Khan Academy videos/resources as well

Factoring: A Complete Overview

Multiplying Binomials, Quadratic Trinomials: Lesson and Practice

This site has a lot of really great lessons, and having the additional practice is nice, as well!

Factoring Trinomials: Lesson and Practice

Practice Factoring Polynomial Expressions: (Part One) (Part Two)

Polynomial Factoring Calculator with Explanation

Another (More General) Calculator

Let me know if you think I should add anything! I hope this helps!

#math #basic

webcabinet

The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)

Domain: http://www.nytimes.com/ “The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper’s print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as “The Gray Lady”, The New York Times is long regarded within the industry as a national “newspaper of record”. It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper’s publisher and the company’s chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper’s motto, “All the News That’s Fit to Print”, appears in the upper left-hand corner of the front page.“ (Wikipedia) (1) Vulnerability Description: The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs. The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013. Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected. Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now. However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.

Discover and Reporter: Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing) http://www.tetraph.com/wangjing More Details: http://lists.openwall.net/full-disclosure/2014/10/16/2 http://www.tetraph.com/blog/xss-vulnerability/new-york-times-xss http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102 http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-xss http://webtech.lofter.com/post/1cd3e0d3_6f57c56 http://tetraph.blog.163.com/blog/static/2346030512014101270479/ https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-xss http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles http://securityrelated.blogspot.com/2014/10/new-york-times-design.html https://mathfas.wordpress.com/2014/11/01/new-york-times-xss http://computerobsess.blogspot.com/2014/10/new-york-times-design.html http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-xss http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-xss

#new york #times #xss #0day #bug #exploit #computer #research #web site #testing #jing.wang #justqdjing #cyber bug #web

ithut

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks Domain Description: http://www.weather.com/ “The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and analyses, along with documentaries and entertainment programming related to weather. Launched on May 2, 1982, the channel broadcasts weather forecasts and weather-related news and analysis, along with documentaries and entertainment programming related to weather.“

“As of February 2015, The Weather Channel was received by approximately 97.3 million American households that subscribe to a pay television service (83.6% of U.S. households with at least one television set), which gave it the highest national distribution of any U.S. cable channel. However, it was subsequently dropped by Verizon FiOS (losing its approximately 5.5 millions subscribers), giving the title of most distributed network to HLN. Actual viewership of the channel averaged 210,000 during 2013 and has been declining for several years. Content from The Weather Channel is available for purchase from the NBCUniversal Archives.” (Wikipedia) Vulnerability description: The Weather Channel has a cyber security problem. Hacker can exploit it by XSS bugs.

Almost all links under the domain weather.com are vulnerable to XSS attacks. Attackers just need to add script at the end of The Weather Channel’s URLs. Then the scripts will be executed.

10 thousands of Links were tested based a self-written tool. During the tests, 76.3% of links belong to weather.com were vulnerable to XSS attacks.

The reason of this vulnerability is that Weather Channel uses URLs to construct its HTML tags without filtering malicious script codes. The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

Discovered by: Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing) http://www.tetraph.com/wangjing

More Details: http://seclists.org/fulldisclosure/2014/Nov/89 http://lists.openwall.net/full-disclosure/2014/11/27/3 http://whitehatview.tumblr.com/post/104313615841/the-weather-channel-flaw http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-bug http://diebiyi.com/articles/security/the-weather-channel-bug http://whitehatpost.lofter.com/post/1cc773c8_6f2d4a8 https://vulnerabilitypost.wordpress.com/2014/12/04/the-weather-channel-flaw http://tetraph.blog.163.com/blog/static/234603051201411475314523/ http://tetraph.blogspot.com/2014/12/the-weather-channel-xss.html http://ithut.tumblr.com/post/121916595448/weather-channel-xss https://mathfas.wordpress.com/2014/12/04/the-weather-channel-weather-bug http://computerobsess.blogspot.com/2014/12/the-weather-channel-xss.html http://www.tetraph.com/blog/xss-vulnerability/the-weather-channel-bug

#xss #weather channel #0day #bug #computer #website testing #hacker #internet #IT News #Whitehat #Exploit #Web Flaw #Cyber Security #jing.wang

Math and Computer & Web Security - Cryptography

A military commander wants some assurance that the information sent to field commanders does not fall into the hands of opponents. Hence, written communications which can be easily read if intercepted by an an enemy are dangerous. (Asking the messenger to memorize secret messages is not practical, and if one can believe the spy and counter-terrorism thrillers currently on TV, not secure.) Julius Caesar is often credited with one of the earlier attempts at using a cryptological system with a mathematical flavor to disguise messages. It is claimed that he used a system in which each letter of the alphabet in a "plaintext," the original message, is replaced by the next letter of the alphabet, with the last alphabet letter cycling around to be represented by the first letter of the alphabet. Thus, the phrase Caesar Cipher would be replaced by Dbftbs Djqifs. Coming across a message such as this, one is faced with the tremendous range of possible systems that might have been used to disguise the original message. It might confuse the "enemy" for a while. Within the range of what today have come to be called Caesar Ciphers, one could shift the replacement alphabet by r places, rather than 1 place (r =1) in the example above. When r = 5 the phrase Caesar Cipher becomes hfjxfw hnumjw.

More: http://mathstopic.blogspot.com/2015/06/math-and-computer-web-security.html

Lofter: http://mathdaily.lofter.com/post/1cc75b20_738efaf

#math #cryptography #web security #computer security #cyber security

securitypost

inzeed

securitypost:

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: Cit-e-Access

Vendor: Cit-e-Net

Vulnerable Versions: Version 6

Tested Version: Version 6

Advisory Publication: February 12, 2015

Latest Update: June 01, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8753

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Author: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Instruction Details:

(1) Vendor & Product Description:

Vendor:

Cit-e-Net

Product & Version:

Cit-e-Access

Version 6

Vendor URL & Download:

Cit-e-Net can be downloaded from here, https://www.cit-e.net/citeadmin/help/cntrainingmanualhowto.pdf http://demo.cit-e.net/ http://www.cit-e.net/demorequest.cfm http://demo.cit-e.net/Cit-e-Access/ServReq/?TID=1&TPID=17

Product Introduction:

“We are a premier provider of Internet-based solutions encompassing web site development and modular interactive e-government applications which bring local government, residents and community businesses together.

Cit-e-Net provides a suite of on-line interactive services to counties, municipalities, and other government agencies, that they in turn can offer to their constituents. The municipal government achieves a greater degree of efficiency and timeliness in conducting the daily operations of government, while residents receive improved and easier access to city hall through the on-line access to government services.

Our web-based applications can help your municipality to acheive its e-government goals. Type & click website content-management empowers the municipality to manage the website quickly and easily. Web page styles & formats are customizable by the municipality, and because the foundation is a database application, user security can be set for individual personnel and module applications. Our application modules can either be integrated into your existing municipal web site or implemented as a complete web site solution. It’s your choice! Please contact us at [email protected] to view a demonstration of our municipal web site solution if you are an elected official or member of municipal management and your municipality is looking for a cost efficient method for enhancing & improving municipal services.

Interactive Applications

Online Service Requests

Online Tax Payments by ACH electronic-check or credit card.

Online Utility Payments by ACH electronic-check or credit card.

Online General-Payments by ACH electronic-check or credit card.

Submit Volunteer Resume’s Online for the municipality to match your skills with available openings.”

(2) Vulnerability Details:

Cit-e-Access web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several similar products 0Day vulnerabilities have been found by some other bug hunter researchers before. Cit-i-Access has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities and cyber intelligence.

(2.1) The first programming code flaw occurs at “/eventscalendar/index.cfm?” page with “&DID” parameter in HTTP GET.

(2.2) The second programming code flaw occurs at “/search/index.cfm?” page with “&keyword” parameter in HTTP POST.

(2.3) The third programming code flaw occurs at “/news/index.cfm” page with “&jump2” “&DID” parameter in HTTP GET.

(2.4) The fourth programming code flaw occurs at “eventscalendar?” page with “&TPID” parameter in HTTP GET.

(2.5) The fifth programming code flaw occurs at “/meetings/index.cfm?” page with “&DID” parameter in HTTP GET.

(3) Solutions:

Leave message to vendor. No response. http://www.cit-e.net/contact.cfm

References: http://seclists.org/fulldisclosure/2015/Feb/48 http://marc.info/?l=full-disclosure&m=142380271819297&w=4 https://packetstormsecurity.com/files/130392/Cit-e-Net-6 https://hackertopic.wordpress.com/2015/06/06/cve-2014-8753 https://www.facebook.com/permalink.php?story_fbid=746137642163648 http://mathswift.blogspot.com/2015/06/cve-2014-8753.html http://inzeed.tumblr.com/post/120907933886/securitypost-cve-2014-8753 https://plus.google.com/u/0/100242269120759811496/posts/M5W1kShGpKr https://twitter.com/essayjeans/status/607391837213458432 http://ittechnology.lofter.com/post/1cfbf60d_735a4d0 http://www.weibo.com/5099722551/Clqtl3zWs?from=page_1005055099722551 http://blog.163.com/greensun_2006/blog/static/11122112201557115414537/ http://japanbroad.blogspot.jp/2015/06/cve-2014-8753-cit-e-net https://www.facebook.com/permalink.php?story_fbid=43609503322 http://whitehatpost.lofter.com/post/1cc773c8_73568f4 https://dailymem.wordpress.com/2015/06/06/cve-2014-8753 http://itinfotech.tumblr.com/post/120907872116/securitypost-cve-2014-8753 https://progressive-comp.com/?l=full-disclosure&m=142380271819297&w=1 http://www.tetraph.com/blog/xss-vulnerability/cve-2014-8753

#cve #8753 #xss #cit-e-net #0day #exploit #computer science #whitehat #hacking prevention #web application #cyber security #internet #code flaw

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

itinfotech

xingti

itinfotech:

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities

Vulnerability Description: About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of about.com are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some about.com main pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to XSS and Iframe Injection attacks. In fact, for about.com’s structure, the main domain is something just like a cover. So, very few links belong to them.

Simultaneously, the About.com main page’s search field is vulnerable to XSS attacks, too. This means all domains related to about.com are vulnerable to XSS attacks.

For the Iframe Injection vulnerability. They can be used to do DDOS (Distributed Denial-of-Service Attack) to other websites, too. Here is one example of DDOS based on Iframe Injection attacks of others. http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html

In the last, some “Open Redirect” vulnerabilities related to about.com are introduced. There may be large number of other Open Redirect Vulnerabilities not detected. Since About.com are trusted by some the other websites. Those vulnerabilities can be used to do “Covert Redirect” to these websites.

Vulnerability Disclosure: Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.

Vulnerability Discover: Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@Justqdjing) http://www.tetraph.com/wangjing

(1) Some Basic Background

(1.1) Domain Description: http://www.about.com/ http://www.alexa.com/siteinfo/about.com

“For March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month.” (The New York Times)

“About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its “topic sites,” of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation, and, for March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month. As of August 2012, About.com is the property of IAC, owner of Ask.com and numerous other online brands, and its revenue is generated by advertising.“ (Wikipedia)

“As of May 2013, About.com was receiving about 84 million unique monthly visitors.” (TechCrunch. AOL Inc.)

“According to About’s online media kit, nearly 1,000 “Experts” (freelance writers) contribute to the site by writing on various topics, including healthcare and travel.“ (About.com)

(1.2) Topics Related to About.com

"The Revolutionary About.com Directory and Community Metasite. Hundreds of real live passionate Guides covering Arts, Entertainment, Business, Industry, Science, Technology, Culture, Health, Fitness, Games,Travel, News, Careers, Jobs, Sports, Recreation, Parenting, Kids, Teens, Moms, Education, Computers, Hobbies and Local Information.” (azlist.about.com)

About.com - Sites A to Z

Number of Topics

A: 66

B: 61

C: 118

D: 49

E: 33

F: 57

G: 39

H: 48

I: 32

J: 15

K: 13

L: 36

M: 70

N: 26

O: 23

P: 91

Q: 4

R: 32

S: 104

T: 47

U: 12

V: 9

W: 43

X: 1

Y: 4

Z: 1

SUM: 1039

Reference: azlist.about.com/

In fact, those are not all topics of about.com. Some of the topics are not listed here such as, http://specialchildren.about.com

So, there are more than 1000 topics related to about.com.

(1.3) Result of Exploiting XSS Attacks XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results:

"Identity theft

Accessing sensitive or restricted information

Gaining free access to otherwise paid for content

Spying on user’s web browsing habits

Altering browser functionality

Public defamation of an individual or corporation

Web application defacement

Denial of Service attacks (DOS)

“ (Acunetix)

… …

More: http://seclists.org/fulldisclosure/2015/Feb/9

Related Articles: http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1547 http://marc.info/?l=full-disclosure&m=142289980219878&w=4 https://packetstormsecurity.com/files/130211/About.com-Cross-Site-Scripting.html http://computerobsess.blogspot.com/2015/06/about-group-aboutcom-all-topics-at.html https://www.facebook.com/computersecurities/posts/384674738385985 http://www.weibo.com/1644370627/Clk7CaKvL?from=page_1005051644370627 http://guyuzui.lofter.com/post/1ccdcda4_6f03224 https://twitter.com/yangziyou/status/607145647037284352 http://webtechhut.blogspot.com/2015/06/about-group-aboutcom-all-topics-at.html https://computertechhut.wordpress.com/2015/02/02/about-group-about-com- https://www.facebook.com/permalink.php?story_fbid=1043670099006327 http://inzeed.tumblr.com/post/118845379331/securitypost-about-group-99-88-xss https://dailymem.wordpress.com/2015/02/11/about-group http://mathdaily.lofter.com/post/1cc75b20_7340000 http://xingti.tumblr.com/post/120847740060/itinfotech-about-group-xss-xfs http://diebiyi.com/articles/security/xss-vulnerability/about-group-xss-xrf-open-redirect/ http://www.tetraph.com/blog/xss-vulnerability/about-group-xss-xrf-open-redirect/

#about group #xss #xfs #iframe injection #open redirect #urf #0day exploit #website testing #hack attack #computer science #IT news #cyber intell #internet #jing.wang

ithut

qianqiuxue

CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities

Domain: cnn.com

“The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time Warner. The 24-hour cable news channel was founded in 1980 by American media proprietor Ted Turner. Upon its launch, CNN was the first television channel to provide 24-hour news coverage, and was the first all-news television channel in the United States. While the news channel has numerous affiliates, CNN primarily broadcasts from the Time Warner Center in New York City, and studios in Washington, D.C. and Los Angeles, its headquarters at the CNN Center in Atlanta is only used for weekend programming. CNN is sometimes referred to as CNN/U.S. to distinguish the American channel from its international sister network, CNN International. As of August 2010, CNN is available in over 100 million U.S. households. Broadcast coverage of the U.S. channel extends to over 890,000 American hotel rooms, as well as carriage on cable and satellite providers throughout Canada. Globally, CNN programming airs through CNN International, which can be seen by viewers in over 212 countries and territories. As of February 2015, CNN is available to approximately 96,289,000 cable, satellite and, telco television households (82.7% of households with at least one television set) in the United States.” (Wikipedia)

Discovered and Reported by: Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing) http://www.tetraph.com/wangjing/

Vulnerability Description: CNN has a cyber security bug problem. It cab be exploited by XSS (Cross Site Scripting) and Open Redirect (Unvalidated Redirects and Forwards) attacks.

Based on news published, CNN users were hacked based on both Open Redirect and XSS vulnerabilities. According to E Hacker News on June 06, 2013, (@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN. After the attack, CNN takes measures to detect Open Redirect vulnerabilities. The measure is quite good during the tests. Almost no links are vulnerable to Open Redirect attack on CNN’s website, now. It takes long time to find a new Open Redirect vulnerability that is un-patched on its website.

CNN.com was hacked by Open Redirect in 2013. While the XSS attacks happened in 2007.

<1> There are some tweets complaining about hacked with links from CNN.

At the same time, the cybercriminals have also leveraged a similar vulnerability in a Yahoo domain to trick users into thinking that the links point to a trusted website.

Yahoo Open Redirects Vulnerabilities: http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html

<2> CNN.com XSS hacked http://seclists.org/fulldisclosure/2007/Aug/216

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. CNN has patched some of them. BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. © Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. It also publishes suggestions, advisories, solutions details related to XSS and URL Redirection vulnerabilities and cyber intelligence recommendations.

Detail: http://seclists.org/fulldisclosure/2014/Dec/128

Related Articles: https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01507.html https://packetstormsecurity.com/files/129754/cnn-xssredirect.txt http://cxsecurity.com/issue/WLB-2014120196 https://progressive-comp.com/?l=full-disclosure&m=141988778706126&w=1 https://itinfotechnology.wordpress.com/2015/01/01/cnn-travel-cn http://russiapost.blogspot.com/2015/06/cnn-travelcnncom-xss https://www.facebook.com/permalink.php?story_fbid=745810602196352 http://www.weibo.com/5337321538/Clij19Krr?from=page_1005055337321538 https://plus.google.com/u/0/112682696109623633489/posts/TyipiFnULRj http://webcabinet.tumblr.com/post/116075198227/ithut-cnn-cnn http://mathdaily.lofter.com/post/1cc75b20_4f0a751 https://twitter.com/tetraphibious/status/607085555776561152 http://qianqiuxue.tumblr.com/post/120838173915/ithut-cnn-xss-url-redirection-bug http://itprompt.blogspot.com/2015/06/cnn-travelcnncom-xss https://www.facebook.com/permalink.php?story_fbid=891722397533572 http://tetraph.com/security/xss-vulnerability/cnn-xss-url-redirect-bug/ http://ittechnology.lofter.com/post/1cfbf60d_7338770 https://hackertopic.wordpress.com/2015/01/04/cnn-travel-cnn http://www.inzeed.com/kaleidoscope/xss-vulnerability/cnn-xss-url-redirect-bug/

#cnn #travel #open redirect #urf #xss #whitehat bug #website testing #computer sciecne #hack prevention #web security #cyber ingelligence #jing.wang

Trending Blogs

Last Seen Blogs

Mathematics & Statistics Posts