1. BackTrack
The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).
BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention [...]

Well seen as though I tell the others to do some kind of introduction, probably I should do one for myself too.
Then
I started out with a Spectrum ZX-81 back in the olden days, typing whole games out of the Spectrum magazines I picked up from charity shops.

Yah it had no tape drive, no disk drive, [...]

This could be the end of reverse engineering in France sadly, I hope it doesn’t have repucussions in other parts of the world.
I think it’s the end of using reverse engineering tools to find flaws in France. Maybe the next step will be to forbid the possession of debuggers and disassemblers.

It’s a valid course of [...]

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.
The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a [...]

The new “features” this time are primarily performance improvements possible due to the use of better algorithms (bringing more inherent parallelism of trying multiple candidate passwords down to processor instruction level), better optimized code, and new hardware capabilities (such as AltiVec available on PowerPC G4 and G5 processors).
In particular, John the Ripper 1.7 is a [...]

Types of activities that will become illegal under the proposed laws include making or supplying “hacking tools”- computer programmes or code that can help crack passwords or bypass security systems – and will be punishable by up to two years in prison.
Isn’t this legitimate action for any security enthusiast, hobbiest or professional involved in penetration [...]

1. Introduction
This article describes and partly implements a method to delete or re-locate, potentially sensitive and / or incriminating information from your UNIX flavoured machine, after the sad event of your death.
An older version of this article has been published before, yet it has since disappeared from the Internet and the Google cache; hence this [...]

4. Brief How-to …. Creating Multiple clients to Single site tunnels.
Example of using PKI to create a client-to-site VPN:
For a road warrior or roaming/multiple user scenario, static keys based VPNs don’t scale well. You will need to implement a PKI if you have Hub and Spoke architecture of VPN.
From the OpenVPN.net website:
Static Key advantages

Simple [...]

Windows Rootkits are a big rarity in this modern web hacking tehnology…
I won’t speak exactly about rootkits, because it’s impropriate to call them that way… why? Well rootkits are programs that aid you in getting access to root level users…
So in the case we are using Windows rootkits we should call them admkits (admin kits [...]

3. Brief How-to ….. OpenVPN and Site-to-Site Tunnels.
OpenVPN can be implemented either Site-to-site or client-server model. I will take example configurations of both models.
If you want to implement site-to-site configuration, the best way is to use static-keys instead of PKI. Using static keys, you can have your VPN tunnel up and running in a jiffy.
First, [...]

2. Why OpenVPN
Here, in this article, I will lay down the emphasis on one important Open-Source SSL VPN software written by James Yonan and contributed by several others, which proposes security without the inherent complexity of IPsec AND using a trusted design of client component and VPN server.
Usually VPNs require end points which are trusted. [...]

Requirement: To connect to a VPN server in a different country.
Situation: A country which has proxies at every gateway.
Issues: VPN based on IPSec is fussy when it comes across networks which are NAT’ted/ proxied. The Security Parameters Indexes don’t match and clients do not get connected.
Objective: To connect VPN server in a corporate network using [...]

Amazing, now ripping YOUR OWN CD’s to use on YOUR iPod is not fair use according to the new DMCA rulings currently being created.
As part of the on-going DMCA rule-making proceedings, the RIAA and other copyright industry associations submitted a filing that included this gem as part of their argument that space-shifting and format-shifting do [...]

Last year, we noted how some security products could cause conflicts that would cause computers to lock up — but there’s another (less troublesome) trend that’s happening as well: security products declaring competing products as malware and removing them.

Just a little over a week ago, the latest version of Microsoft’s anti-spyware offering declared Symantec’s anti-virus [...]

The RIAA’s latest tactic, is to reveal to Santangelo and her new lawyer that they’ve been investigating her children, and have been able to collect a lot of non-public information. The RIAA will probably claim that the info is related to the case, but it certainly borders on using scare tactics, and trying to intimidate [...]

So you better make sure you do.
As we discussed in the article on Social Engineering in Penetration Testing, it’s not that the employees don’t care as such, it’s that they don’t know. They haven’t been educated, they are ignorant, their awareness of best practise is low.
An experiment carried out within London’s square mile has revealed [...]

It seems like script kiddies have been taking full advantage of the bug we talked about in the Symantec software. Do companies never learn?
Script kiddies have been taking advantage of intrusion prevention features of Symantec’s Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at [...]

the following exploits (if we can call it this way) was published on securityfocus bugtraq mailinglist… it is entirely reproduced in the following lines:

Norton Internet monitoring tools issues
Versions Affected : *
Fix : No
What im writing about is how to stop the internet of some user that is
using the norton tools and IRC / any other [...]

Interesting to see which RSS aggregators and readers Digg users are using.
As you can see after being ‘digged’ on Monday February 27th, the RSS subscriber base spiked from about 21 up to 182 at the highest point, after a day it receded back to around 150, and now it’s about 130.

The biggest Agent in the [...]

This is a tutorial web book. All 152 pages of the large paperback book with 96 diagrams are on 38 web pages here.
Even if you know nothing about electronics, you have come to the right place.
If you are wondering how microprocessors work, you have come to the right place. A microprocessor is a small processor.

If [...]