Well this week there was a Yahoo! Email worm, now also follows a vindictive new worm targetting MSN called BlackAngel.B. The reports come from the anti-virus software company Panda Software.
When activated the worm delivers a fateful terror message and then attempts to disable any protection software such as anti-virus, firewall or Windows system applications like [...]
Aha! Trojans strike again. Really, I still think it all comes down to education, it doesn’t seem to be a targeted attack though.
Just a random infection from your average porn site Trojan.
Electronic files containing personal data of up to 2,200 Oregon taxpayers may have been compromised by an ex-employee’s unauthorized use of a computer, the [...]
Microsoft has taken a bit of a leap with the integration of .net into SQL Server, and a lot of developers(Myself included) are worrying about what security implications this could have. DevX.com have taken an in-depth look into the guts of it, and spilled them onto a page for us all to look at.
CAS [...]
SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page.
For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal Mode).
Moreover this application will get [...]
Following Darknet post regarding SyScan’06, I decided to make a little resume of the most important security events all around the world.
Unfortunately we won’t be able to go, so all the pictures are welcome. (-:
If there’s any missing do let us know.
Recon 2006 - WWW - 16 June to 18 June 2006 - Plaza Hotel [...]
In my opinion, the best way to keep clean of spam is simple:
The first rule is NEVER reply to spam, NEVER click the unsubscribe link and NEVER e-mail to the unsubscribe address.
These are simply underhand tactics to get ‘active’ e-mail addresses.
Some other tips to avoid getting spammed in the first place:
1) Never use your [...]
You can get your hands on the windows vista preview release beta2. This is for those of you who are wondering how the interface of the new windows vista will look like and the new feel of the new operating system. You can find the minimum system requirements here.
You can download vista here. [...]
Oedipus is an open source web application security analysis and testing suite written in Ruby by Penetration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.
Oedipus can be broken [...]
Hmm Taiwan are really way ahead of everyone when it comes to being a spam hub, sadly that’s nothing to be proud of and generally it’s due to a large amount of poorly configured/unsecured servers.
Taiwan needs to start doing some vulnerability assessment! Taiwan and Korea have always had loads of open proxies/exploitable machines in my [...]
I found a useful resource containing a whole list of academic papers on web-application security.
This list represents an attempt to collect academic papers on the subject of Web application security sorted by the year of publication.
Hacking web applications has become a big thing in the last 5 years, just look at the number of holes [...]
Well it is for me, and I guess anyone who consider themself a career hacker, or at least has a serious interest..
As a few good trojans are open source (Back Orifice?), you can just mess around with them for a while until you reach the point they are no longer detected by any of the [...]
Apologies for the lack of updates for the past few days, I had to go abroad for an important assessment
It’s sad how people can pray on things as terrible as disasters to make a quick buck, but well we have to face the facts that they do, and will.
And as it seems, they [...]
I saw some interesting information recently on a mailing list.
We took one sample of one carding/phishing forum that our Global Surveillance Center was monitoring and sampled the set into a graph that lists the top 10 banks and the losses over the last month. As you can see, it’s obvious who the top credit card [...]
RFID, biometrics, hi-tech police officers, yes it’s all going to be happening in Germany for the close approaching World Cup 2006.
Not surprisingly, security is a top priority for the German government, even higher than its desire to see the national team walk off the pitch with the World Cup 2006 trophy.
The list of security precautions [...]
A pretty interesting article that statistically measured the frequency of passwords by taking an aggregate sample of passwords (primarily from the UK).
Here are listed the most commonly occuring from the sample.
10. ‘thomas’ (0.99%)
First off, at number 10, is the most common format of passwords - the name. Thomas is a perennially popular name in the [...]
Ah the big boys can’t get in legimately, so they are starting to use underhand tactics eh?
A lawsuit filed Wednesday accuses the Motion Picture Association of America of hiring a hacker to steal information from a company that the MPAA has accused of helping copyright violators.
The lawsuit (click for PDF), filed in U.S. District Court [...]
I have to agree with their sentiment, I’m all for open hardware standards.
Even if you don’t open it, people will copy it anyway (See the mass of Cisco knock-offs in China for a fraction of the price with almost exactly the same functions and IOS).
So why not open it, let us play with it.
At least [...]
Ah this is almost like Ransomeware again, messing up your machine then extorting money from you.
Make sure you educate your non tech savvy relatives about such threats, spyware, adware, trojans and worm type viruses. Education is THE most powerful defence against malware and computer security incidents.
Some simple patching, a free Antivirus protection like Avast! Using [...]
The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan’06 intends to be a non-product, non-vendor biased security conference. It is the aspiration of SyScan’06 to [...]
So over a month down the line, our SQL2005 upgrade project should now be in the workable prototype stage. But as with all things that “should” be(More security in IE, Great Britain ruling the world and my kitchen being fitted), it’s not, it’s not even close. On top of this our company is [...]
