Archive | April, 2006


30 April 2006 | 8,771 views

Gary McKinnon Busted Because he Forgot the Time Difference

It turns out Gary McKinnon got sloppy, that’s why he got busted. He forgot the computers he was comprimising were in a completely different time zone, and as he was using remote control software, the person in the office saw their mouse moving around. We have reported about this guy before, when he was fearing [...]

Continue Reading


28 April 2006 | 7,891 views

Trojan Writers Coding for Money – Freezes PC for Ransom

A new term has been coined, yes indeed.. Ransomeware That’s what they are calling this new threat, infects your PC then freezes it until you send some people some money. A new kind of malware circulating on the Internet freezes a computer and then asks for a ransom paid through the Western Union Holdings money [...]

Continue Reading


28 April 2006 | 20,696 views

Paros Proxy 3.2.11 Released – MITM HTTP and HTTPS Proxy

Paros 3.2.11 has been released. This version is a maintenance release with a useful feature requested by various users. All users are recommended to upgrade to this version. One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite). Paros labels itself as MITM Proxy + Spider + Scanner plus anything [...]

Continue Reading


27 April 2006 | 12,652 views

Oracle Releases a Default Password Scanner

Oracle is getting serious with security? Again..? Oracle Corp. has published a collection of software patches that address security vulnerabilities in a range of the company’s products, including its database and application server software. As part of this update, it also released a tool designed to ferret out commonly used default passwords that theoretically could [...]

Continue Reading


26 April 2006 | 12,241 views

MS and the new IE vulnerability – Object Tag

Can you see the irony? Just after 2 weeks that M$ released the Internet Explorer security makeover, Michal Zalewski came up with a highly critical exploit, as called by Secunia… based on a mishandling of the OBJECT tag…. Security alerts aggregator Secunia flagged the issue as “highly critical” and stressed that it can be exploited [...]

Continue Reading


26 April 2006 | 35,008 views

Alternatives to FrSIRT – Where to Download Exploits?

Since FrSIRT closed it’s public archives and starting charging for access (blaming it on French laws…), people have been wondering where they can their dose of Exploits..For legitimate purposes obviously. Security Forest The most comprehensive collection in my opinion comes from SecurityForest. They also have a BETA exploitation framework in development, something like a Metasploit, [...]

Continue Reading


25 April 2006 | 38,930 views

Penetration Testing vs Vulnerability Assessment

There seems to be a certain amount of confusion within the security industry about the difference between Penetration Testing and Vulnerability Assessment, they are often classified as the same thing when in fact they are not. I know Penetration Testing sounds a lot more exciting, but most people actually want a VA not a pentest, [...]

Continue Reading


24 April 2006 | 6,527 views

DIY Spyware – Get Into it for just $15

I remember some time ago there was a VB virus creation kit, there’s actually quite a few. Yah I know, it’s extremely lame. But what to do, it seems less and less people can actually think nowdays, let along think of something original, or wow…even DO SOMETHING ORIGINAL? So what’s the big money maker now? [...]

Continue Reading


21 April 2006 | 5,471 views

Kids Learn About Cyber Security – About Time Too!

I have always said no matter what it be, you need to start ‘em young! Same for open source, don’t lock kid into Microsoft operating systems in the schools, give dual boot machines, let them use Ubuntu or Debian or something else. Let them explore free software, let the smart ones see the source, fix [...]

Continue Reading


20 April 2006 | 22,582 views

Symantec Dumps L0phtcrack Password Cracker

Man this blows. It seems it happened quite a while ago, I only just found out about it recently though when I was checking to see if L0phtcrack had been updated past version 5. Symantec has quietly pulled the plug on sales of L0phtCrack, the venerable password auditing and recovery application. The decision to discontinue [...]

Continue Reading