ObamaCare California Website Flaws (500K users’ information at risk to hijacking)

ObamaCare is again on the spot. California’s site has +500K users, and, as the video shows, they’re at risk of hijacking attack.
Site’s admin has been warned, but so far, this hasn’t been fixed.

Vulnerability found by Kristian Hermansen

The vulnerability is horizontal privilege escalation. The PIN reset function – while updating the PIN for the current user – also attaches all the personal data in the POST request. This allows the attacker to tamper with the request, exchanging his username with the victim’s username and setting a new PIN for the victim.

http://www.youtube.com/watch?v=adwNpYJ_Ksk&feature=youtu.be

EDIT: video was removed from youtube.

The PoC is on the video above. For the moment, it’s not known if this affects any other ObamaCare site’s than California’s.

[Tutorial] Web based SSH terminal for the Raspberry Pi

So, the other day, i wrote about Onion Terminal. Despite this is a great Terminal, it relies on Onion lib, and this has a lot of dependencies to it: libcairo-dev, libxml2, libpng++-dev, …

Then, i discovered GateOne – a full featured HTML5 based web terminal for SSH access.

Despite this tutorial is for the Raspberry Pi, this will work without much changes in any Debian based system, such as Ubuntu and others.

GateOne
GateOne in action

 

Continue reading “[Tutorial] Web based SSH terminal for the Raspberry Pi”

Onion Terminal – A web browser based UNIX terminal

Ever had the need to access the shell of your server, but found yourself locked out by a corporate firewall that is blocking SSH traffic?

Give a try to Onion Terminal.

Sometimes, DNS tunneling is not a (stable) option, and VPN may also be blocked. Usually HTTP traffic goes out like a breeze.

Needs to be compiled from source, then give the proper executable permissions:

chmod +x oterm-i386

Run it:

./oterm-i386
Profit!