NTA-Monitor has released the arp-scan detection and fingerprinting tool under the open source (LGPL license) concept.
It has been tested under various Linux based operating systems and seems to work fine.
This will only compile on Linux systems. You will need a C compiler, the “make” utility and the appropriate system header files to compile arp-scan. It [...]

Botnets are indeed a growing problem, we’ve seen serious cases of DDoS extortion, the most recent example would be the attacks against the ‘million dollar homepage’ and the problems it caused the owner.
Botnets have been used for quite some time as spam networks and mostly for script kiddies to have DoS wars on IRC networks, [...]

As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others.

As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers said.
Users [...]

sqlninja is a little toy that has been coded during a couple of pen-tests done lately and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end.
It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell even [...]

Forgot to post this earlier. I received this email from SANS Institute sometime in April. They seem to be having two of their training sessions in singapore in August. Those who live in Asia or anywhere near the region and are interested can look it up. SANS Institute has one of [...]

Another HUGE information leak from the US government, seems they can’t help themselves.
Or perhaps people are just ramping up the efforts against them..

The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website.
The Navy said Friday the information was [...]

An interesting interview had been posted on Wired with Gary McKinnon about what he actually found whilst penetrating the US government networks.

After allegedly hacking into NASA websites — where he says he found images of what looked like extraterrestrial spaceships — the 40-year-old Briton faces extradition to the United States from his North London home. [...]

Seems like someone sneaked past the LiverJournal advertisers policy by only trying to infect Australian and European users.
A certain advertiser (kpremium.com) - being sneaky and underhanded. It’s not LJ’s fault, LJ already disabled the advert from rotation.

The ad itself is for a program that lets you download stuff - you know the sort of thing. [...]

Ah another way to exploit wifi, what a surprise!

Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system’s wireless device driver.
The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security [...]

Cross Site Scripting, or know as XSS, is the most common basic web hacking tehnique… and harmless, as many would say… but on this mather I don’t realy agree, that’s why I wrote this article.
About
XSS as I knew it is a very abstract definition for javascript injection, or at least this is what I have [...]

Botnets and organises cybercrime is getting more prevalent, it seems it’s increasing exponentially despire crackdowns by the US governments and other organisations.
The criminals are getting more advanced, phishing scams are getting more realistic, technically trojans are getting more effective and the groups are getting really organised.

Cybercrooks are organizing better and moving to more sophisticated tactics [...]

FireMaster version 2.1 has been released with its new features and new speed.
Firemaster is the Firefox master password recovery tool. If you have forgotten the master password, then using FireMaster you can find out the master password and get back your lost signon information. It uses various methods such as dictionary, hybrid and brute force [...]

So just a few days about there was a new MSN Worm - BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention.
And of course plenty of nasty Trojans.

A new Internet worm capable of stealing bank details and other personal data [...]

Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
It’s a very useful for any network based penetration testing or vulnerability assessment. There isn’t many tools working on Layer 2 and this is [...]

What? New vulnerabilities in Internet Explorer?
You can hack Internet Exploder Explorer? Never!

3Com Corp’s TippingPoint division has discovered and disclosed two critical new vulnerabilities in Microsoft’s Internet Explorer through 3Com’s Zero Day Initiative (ZDI).
The vulnerabilities could have allowed an attacker to gain control of a PC if the user was logged in with administrative rights. [...]

It seems even though vendors are pushing their snakeoil harder than ever, the actual figures show that the money lost due to cybercrime has decreased every year for the last four years!

Perhaps people are finally getting more secure, it’s not suprising with the advent of cheaper and easier to use intrusion detection and intrusion prevention [...]

OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.

SinFP uses the aforementioned limitations as a [...]

No, it wasn’t Microsoft.com, still, a very cool hack.
Microsoft France suffered an attack by a Turkish group, going by the handle of TiTHacK. You can check TiTHacK ‘profile’ over at Zone-H. By the looks of things, he has been really busy today.

At the time of this writing, the site still hasn’t been fixed. However, [...]

There’s a good interview with Kevin Mitnick on Social Engineering.
Well afterall, that is where his skill lies, not in technical hacking.

Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement.
In his days on [...]

Well I would say this was true for office workers everywhere, not particularly just Brits.
But well the British are an inquisitive nation, so this doesn’t suprise me at all.

Nearly a quarter (22 per cent) of UK employees admit to having illegally accessed sensitive data such as salary details from their firms employer’s IT systems. More [...]