Archive | June, 2006


30 June 2006 | 10,278 views

ARP Scanning and Fingerprinting Tool – arp-scan

NTA-Monitor has released the arp-scan detection and fingerprinting tool under the open source (LGPL license) concept. It has been tested under various Linux based operating systems and seems to work fine. This will only compile on Linux systems. You will need a C compiler, the “make” utility and the appropriate system header files to compile [...]

Continue Reading


29 June 2006 | 7,662 views

Shadowserver Battles the Botnets

Botnets are indeed a growing problem, we’ve seen serious cases of DDoS extortion, the most recent example would be the attacks against the ‘million dollar homepage’ and the problems it caused the owner. Botnets have been used for quite some time as spam networks and mostly for script kiddies to have DoS wars on IRC [...]

Continue Reading


28 June 2006 | 5,172 views

Web Services Attack Frequency Increasing

As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others. As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers [...]

Continue Reading


27 June 2006 | 16,205 views

sqlninja 0.1.0alpha – MS-SQL Injection Tool

sqlninja is a little toy that has been coded during a couple of pen-tests done lately and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end. It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell [...]

Continue Reading


27 June 2006 | 4,007 views

SANS Gateway Asia 2006

Forgot to post this earlier. I received this email from SANS Institute sometime in April. They seem to be having two of their training sessions in singapore in August. Those who live in Asia or anywhere near the region and are interested can look it up. SANS Institute has one of the best trainers and [...]

Continue Reading


26 June 2006 | 5,067 views

US Veterans Information Leaked on The Web

Another HUGE information leak from the US government, seems they can’t help themselves. Or perhaps people are just ramping up the efforts against them.. The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website. The Navy said Friday [...]

Continue Reading


25 June 2006 | 17,161 views

UFO ‘Hacker’ Gary McKinnon Reveals What He Found

An interesting interview had been posted on Wired with Gary McKinnon about what he actually found whilst penetrating the US government networks. After allegedly hacking into NASA websites — where he says he found images of what looked like extraterrestrial spaceships — the 40-year-old Briton faces extradition to the United States from his North London [...]

Continue Reading


24 June 2006 | 5,788 views

LiveJournal Advert Installs Malware

Seems like someone sneaked past the LiverJournal advertisers policy by only trying to infect Australian and European users. A certain advertiser (kpremium.com) – being sneaky and underhanded. It’s not LJ’s fault, LJ already disabled the advert from rotation. The ad itself is for a program that lets you download stuff – you know the sort [...]

Continue Reading


23 June 2006 | 13,206 views

Researchers hack Wi-Fi driver to breach laptop

Ah another way to exploit wifi, what a surprise! Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system’s wireless device driver. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with [...]

Continue Reading


22 June 2006 | 14,253 views

Cross Site Scripting (XSS)

Cross Site Scripting, or know as XSS, is the most common basic web hacking technique… and harmless, as many would say… but on this matter I don’t really agree, that’s why I wrote this article. About XSS as I knew it is a very abstract definition for JavaScript injection, or at least this is what [...]

Continue Reading