Just to let you all know, if you are using Wordpress you can upgrade today.
The latest stable release of WordPress (Version 2.0.4) is available.
his release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid release across [...]
Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service.
It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site.
eplawless stated the following:
It was me. I did it. C’est [...]
We are happy to announce that the 1.2.6 (christine) release of the Basic Analysis and Security Engine (BASE) is available.
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts [...]
Yes that means all versions including the current version and before, 2.0.4 has not yet been released at the current time.
An exploit has been discovered in the current release of Wordpress, affecting Wordpress 2.0.3 and below (including 1.5.x) that allows these subscribed users to cause some serious damage.
It’s recommended at present if you are using [...]
It turns out yesterday one of the planned speakers at HOPE Number 6 was arrested on Saturday and is being charged by the FBI.
Security Fix obtained a copy of the complaint against “Steven Rambam” the private investigator arrested Saturday at the Hope Number Six hacker conference in New York City. The government document says Rambam [...]
We are happy to announce that Hping 2 works with Windows XP again! Hping support on Windows was never that great.
Darknet is indeed a great fan of Hping! Glad to see it has overcome the Raw sockets problems Windows XP SP2 brought about.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to [...]
This is actually a very important case depending on which way it goes.
It could become a landmark case in regards to liability for machines on your network, or actually any traffic originating from your IP range.
A boutique Washington, D.C.-based law firm is accusing IBM of hacking into its e-mail system and is seeking recourse.
The firm, [...]
I saw a Freeware MAC Address Changing tool today which I thought I’d share with you all, as I used to use SMAC, a nice tool, until the guy started charging for it!
Hopefully this one won’t go the same way.
Technitium MAC Address Changer, which allows you to change Machine Access Control (MAC) Address of your [...]
Symantec has made a research and affirming to there research Windows Vista will be more insecure than Windows XP, because most of the new code is fresh, and the old code isn’t used anymore…
Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner [...]
CAPTCHA, acronym for “completely automated public Turing test to tell computers and humans apart” is used, most of the times at least, as an authentication mechanism. Not to prove your identity, but to do a much simpler job than that; to prove your a human.
With the bad guys always a step ahead (which is cool [...]
For those who haven’t noticed yet, today booster made a milestone in PSP history. Enabling firmware 2.71 emulation in DevHook 0.44.
Alot has been going on lately in the PSP scene and its great. With the release of the 2.5/.6 downgrader and full iso and game emulation in DevHook.
Download here. Credit goes to booster [...]
A working version of the exploit used to escalate priveleges to root in the recent Debian breakin, ah another root kernel exploit.
It’s to do with the way the kernel handles file persmissions (or lack of) on core dumps.
Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker may gain elevated privileges by creating a [...]
Ah, I wonder what happened?
I’ve always been a great fan of Debian, all the way back into the early days of woody and backporting apt packages.
What a name too, gluck to me usually means g’luck or good luck
Early this morning we discovered that someone had managed to compromise gluck.debian.org. We’ve taken the [...]
Using standard script kiddy tools a consultant managed to compromise some of the FBI’s computers containing confidential information.
Quite a hack eh?
A government consultant, using computer programs easily found on the Internet, managed to crack the FBI’s classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.
The [...]
Ticketcharge.com.my, a Malaysian website that sells event tickets online appears to have been hacked. Forgot to take a screenshot of it but this screenshot from google cache taken today can be seen below. This happened over the weekend or perhaps earlier.
Google cache here . This will be gone when google re-cache the [...]
HoneyBOT
HoneyBOT is a Windows based medium interaction honeypot solution.
What is a Honeypot?
A honeypot is a device placed on a computer network specifically designed to capture malicious network traffic. The logging capability of a honeypot is far greater than any other network security tool and captures raw packet level data even including the keystrokes and mistakes [...]
Now this is a scary though, with the digitisation of the old analogue power stations and the accidental cross-over of networks (as we’ve seen before) people could soon be hacking nuclear power station control systems..
he nuclear power industry is going digital — replacing mechanical systems with more efficient, networked computer-controls.
If that makes you nervous in [...]
Spyware companies are apparently netting HUGE profits, it doesn’t surprise me though with the amount of people that actually install the crap on their machines..
Let’s say we don’t like companies like Direct Revenue very much though.
Consumers have strong opinions about Direct Revenue’s software. “If I ever meet anyone from your company, I will kill you,” [...]
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins.
In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and [...]
This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity.
Whatever you want to label it really
USB drives are a real security risk..
We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard on the [...]
