It turns out Gary McKinnon got sloppy, that’s why he got busted. He forgot the computers he was comprimising were in a completely different time zone, and as he was using remote control software, the person in the office saw their mouse moving around. We have reported about this guy before, when he was fearing [...]

A new term has been coined, yes indeed..
Ransomeware
That’s what they are calling this new threat, infects your PC then freezes it until you send some people some money.

A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money transfer service.
A sample [...]

Paros 3.2.11 has been released. This version is a maintenance release with a useful feature requested by various users. All users are recommended to upgrade to this version.
One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite).

Paros labels itself as MITM Proxy + Spider + Scanner plus anything [...]

Oracle is getting serious with security? Again..?
Oracle Corp. has published a collection of software patches that address security vulnerabilities in a range of the company’s products, including its database and application server software. As part of this update, it also released a tool designed to ferret out commonly used default passwords that theoretically could [...]

Can you see the irony?
Just after 2 weeks that M$ released the Internet Explorer security makeover, Michal Zalewski came up with a highly critical exploit, as called by Secunia… based on a mishandling of the OBJECT tag….

Security alerts aggregator Secunia flagged the issue as “highly critical” and stressed that it can be exploited to corrupt [...]

Since FrSIRT closed it’s public archives and starting charging for access (blaming it on French laws…), people have been wondering where they can their dose of Exploits..For legitimate purposes obviously.
Security Forest
The most comprehensive collection in my opinion comes from SecurityForest. They also have a BETA exploitation framework in development, something like a Metasploit, but with [...]

There seems to be a certain amount of confusion within the security industry about the difference between Penetration Testing and Vulnerability Assessment, they are often classified as the same thing when in fact they are not.
I know Penetration Testing sounds a lot more exciting, but most people actually want a VA not a pentest, many [...]

I remember some time ago there was a VB virus creation kit, there’s actually quite a few. Yah I know, it’s extremely lame.
But what to do, it seems less and less people can actually think nowdays, let along think of something original, or wow…even DO SOMETHING ORIGINAL? So what’s the big money maker now? Spyware…
So [...]

I have always said no matter what it be, you need to start ‘em young!
Same for open source, don’t lock kid into Microsoft operating systems in the schools, give dual boot machines, let them use Ubuntu or Debian or something else. Let them explore free software, let the smart ones see the source, fix the [...]

Man this blows.
It seems it happened quite a while ago, I only just found out about it recently though when I was checking to see if L0phtcrack had been updated past version 5.

Symantec has quietly pulled the plug on sales of L0phtCrack, the venerable password auditing and recovery application.
The decision to discontinue support for L0phtCrack, [...]

It’s common sense for most people on the hacking side of computer security as we know how easy it is to break a password when it’s only a few characters long or it uses a dictionary word (even if it is postfixed with a couple of digits, a hybrid dictionary attack breaks it pretty fast).
Even [...]

I’ve tried out a few of these visual recognition password technique things, and to tell you the truth they didn’t work for me, not at all.
I clicked the requisite 3-4 spots on the image, and remembered them, but when I tried to login it wouldn’t accept it.

A password that uses images instead of numbers could [...]

1. Nmap
I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what [...]

I came across this while browsing, has some pretty solid stuff, goes deeper than most basic Linux security guides.
It has some good sections like this on protection against fork bombs:

Fork bombs are programs that keep creating child processes until system resources are all used, they actually aren’t remote exploits because they require a local user [...]

bsqlbf is a tool for Blind SQL Injection attacks, a pretty nifty one too!
The author says there are similar tools about, but he’s tried to combine all the techniques into one compact but complete tool.

# CHANGELOG:
# -get now support resume (with -start option)
# -get to fetch files (thank you ilo AGAIN)
# + -time option added [...]

I don’t know what he was thinking really, tampering with US military or governmental systems without some SERIOUS protection.
A British man accused of being behind the largest ever hack of US government computer networks could end up at Guantanamo Bay, his lawyer has claimed.
Gary McKinnon, from London, denies causing $700,000 (£400,000) damage to military and [...]

Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously.
Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.
The Redmond, Wash., software giant sent out the [...]

With one easy click! We talked about Downloading Youtube.com Videos before, but now it’s even easier.
Found a new site that does this seamlessy, all you have to do is drag the bookmarklet to your toolbar, then when you see a video you want on Google or Youtube, just hit the button on your bookmark toolbar [...]

One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite).
I’ll definately talk more about the Burp Suite later as it’s excellent for testing anything web-based.

Paros labels itself as MITM Proxy + Spider + Scanner plus anything else you want it to be, it is a pretty neat piece of software.
It’s [...]

A competitor for our buddy Google Desktop perhaps?
ORACLE, the world’s third- biggest software maker, has begun selling software that allows users to search only personal data on their work computers such as email, word documents and calendar appointments.
Chief executive Larry Ellison says the California company’s new search program “is one of the biggest products in [...]