Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/17/2008
10:01 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

The Five Coolest Hacks Of 2008

Not even your psyche was safe from hacking this year -- hackers found holes in the highway toll system, building security -- and, yes, your head

Hacks are a dime a dozen. But the hacks that stand out are the innovative and imaginative ones that infiltrate and haunt our daily lives -- the ones that make you think twice before you zip through the electronic toll fast-lane on the highway, scan your fingerprint on your office building's entry system, or post your status on Facebook for fear that an attacker is lurking and able to abuse your privacy on these systems.

Sure, your iPhone might get cracked someday, and your Website could get temporarily knocked offline by a denial-of-service (DoS) attack. But what if an attacker used your own iPhone to hack you, or used a special kind of DoS attack to shut down your hardware permanently? That's the kind of ingenuity we're talkin' about.

We've selected five of the coolest hacks we covered here at Dark Reading in 2008 -- unusual and sometimes off-the-wall vulnerabilities that were exposed and exploited this past year by researchers who, driven by their curiosity and imagination, had some fun (possibly at your expense), but all for the ultimate purpose of making daily life more secure. So read on -- and don't stop looking over your shoulder.

Contents:

1. Highway to Hell: the electronic toll system hack
2. Psyche-cracking
3. iPhone as a hacking tool
4. Permanent denial-of-service
5. "Gecko" and the building system hack

Next: Highway to Hell: hacking the electronic toll system

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16307
PUBLISHED: 2019-09-14
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKe...
CVE-2019-16294
PUBLISHED: 2019-09-14
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16309
PUBLISHED: 2019-09-14
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.