Paros 3.2.12 is released. This version is a maintenance release which fix a potental 100% cpu consumption issue. All users are recommended to upgrade to this version.
The changes are:
- Use newest external library for HTTP handling.
- Enable/disable spider to POST forms in options panel to avoid generating unwanted traffic (default to enable). This [...]
This a very interesting read, the tale of an RFID hacker.
I was always sceptical about RFID I have to say, when everything is tagged, criminals can just drive by your house and scan everything, see what TV you have, which DVD player, how many high value electrical goods, and choose which houses they want to [...]
Denim Group Ltd. announced today the public release of Sprajax, an open source web application security scanner developed to assess the security of AJAX-enabled web applications.
Sprajax is the first web security scanner developed specifically to scan AJAX web applications for security vulnerabilities. Denim Group, an IT consultancy specializing in web application security, recognized that there [...]
The FCC wants to clamp down on Caller ID spoofing it seems.
If you’ve ever used one of the half-dozen websites that allow you to control the phone number that appears on someone’s Caller ID display when you phone them, the U.S. government would like to know who you are.
Last week the FCC opened an investigation [...]
It’s gone round and round and round, now cars have Bluetooth, that they can get viruses like Cabir, I’m sorry but if an Anti-virus company like F-Secure can’t infect a car with a virus, I don’t have much hope for the others. The rumours came from a Lexus story in SCMagazine (The story is no [...]
Bogosec is essentially a tool for finding security vulnerabilities in source code.
BogoSec aims to increase awareness regarding code security vulnerabilities, while encouraging developers to produce more secure code over time. By simplifying the code scanning process, BogoSec achieves a goal of allowing developers to scan their code regularly and more effectively.
BogoSec is a source code [...]
Introduction
Anonymity is derived from the greek word ανωνυμία, meaning without a name or name-less. In colloquial use, the term typically refers to a person, and often means that the Ppersonal identity, or personally identifiable information of that person is not known.
The main question is of course, what are you trying to hide? Closely following that [...]
I know this is old, but a lot of people still don’t know about it.
It can test for up to date Mozilla, Opera and Internet Explorer flaws, exploits and vulnerabilities.
Browser vulnerabilities are a serious issue now.
You can see which vulnerabilities they test for here and the statistics of the tests results here.
Total tests finished: 739828
Tests that [...]
Aye…it’s not the first time.
The question came up, is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins?
Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of ‘misleading’ customers by not clearly spelling [...]
OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Solaris and Windows.
This is the first version offering native support for Windows (XP/2000/2003). It includes as well a new set of log analysis [...]
This is the biggest load of shite I’ve read this year I think.
Rootkits are becoming more prevalent and difficult to detect, and security vendor McAfee says the blame falls squarely on the open source community.
In its “Rootkits” report being published today, McAfee says the number of rootkits it has collected as malware samples has jumped [...]
Hacking cars, what next? I have fears for the IPv6 generation (if it every happens), when every toaster and light bulb has an IP address, yeah…I’m gonna hack your house then and make your lights blink.
High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While [...]
There’s an interesting audio file about the next 50 years of computer security, it’s from a talk Alan Coxa a fellow at Red Hat Linux gave recently at the European OSCON.
It talks about the implementations of modularity, trusted computing hardware (we are already seing this in part, hardware anti-virus implementations and DRM to be built [...]
OH MY GOD, NOT ANOTHER SENDMAIL FLAW?
What’s that? Yah number 1001010102121.
Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don’t see major bugs in software that’s as popular as Sendmail very often (at least, in the Unix world anyways), and that’s probably a good thing. According to sendmail.com, Sendmail still handles [...]
SecureDVD is a DVD with the 10 Best Security related Live CD’s.
Yes that’s right, they authored this DVD based on the recommendations made by Darknet!
Now you can have all your favorite CDs ‘compiled’ into a single DVD. I love this idea.
SecureDVD is available to download, but due to it’s size, only in BitTorrent. You can [...]
It is a little over the top, this guy used over the counter kiddy tool and ‘hacked’ into systems because of blank passwords.
Not rocket science, and apparently the machines he had access to were air-gapped, or segregated from the networks containing sensitive information, so the charges are greatly trumped up and are NOT relative to [...]
If your familiar with asp.net, you’ll know the feeling of wasting hours searching through countless settings to get an app working, and then the many more hours it takes to tweak IIS to get your site running smoothly. But this is nothing compaired to getting authentication and domain controllers properly integrated. On Microsofts [...]
What a surprise, McAfee spreading FUD to sell more copies of their bloated AV software?
Apart from the fact I think the whole AV model is flawed i.e. it can only protect against things the AV companies 1) know about 2) have written a definition for and 3) have delivered the definition to you - That’s [...]
OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.
SinFP is a new approach to OS [...]
Ah, first we had the ransomeware, yesterday the trojan targetting WoW users, now we have the World Cup trojan..
It really must be Trojan season.
A Trojan horse that poses as a World Cup wallchart has begun circulating on the net. The Haxdoor-IN Trojan horse is been spamvertised in messages, written in German, that purport a program [...]
