Ah another huge hacking resulting in a large loss of confidential information, companies really need to start getting more pro-active about aggresively testing their corporate networks and web based applications.
Information including CREDIT CARD numbers sadly.

AT&T on Tuesday said hackers broke into one of its computer systems and accessed personal data on thousands of customers who [...]

I’ve been spending a lot of time online lately reading all kinds of stupid text files on how to “Takeover Ops Boi!!!”, “eLeEt WaYs To gEt OpS!!!”, “HOW TO GET OPS ON SERVER SPLITS”, etc. We all know none of these things work, at least not for me. They’re either written by morons, or they [...]

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors. The project was primary inspired by the JythonShell applet. At its very early stage AttackAPI was a single extensible web enabled python console with a few modules.

The 0.5 release of AttackAPI is purely JavaScript based. This is not a shift in the project [...]

Recently one of the sites I am developing for my self was link spammed. Some unpleasant individual decided that it would be fun to post 160 “comments” spread over all the blog posts. All the comments contained was URL’s. Even more stupid they used BB tags, but as I wrote the site it doesn’t use [...]

Ah, here at Darknet we have always been a fan of Sophos and the way they operate, a very efficient company and good to see good technical products still coming out of the UK!
Another good move by them, they have decided to offer a free rootkit detection tool called Sophos Anti-Rootkit..Yah I know, not a [...]

Introduction
This tutorial is an attempt to help you re-route all internet winsock applications in ms windows trough a socks chain, thus making your connections much more anonymous.
Theory
The more different hops you make your data jump, the more difficult it will be to trace it back. take this [...]

QJ.net forums have been abuzz lately with the talk of a possible new exploit centered around a libtiff vulnerability. NOPx86 stating that he’d managed to crash the PSP using this method. As those of you who follow these things know, a crash doesn’t always mean an open door to an exploit.

But after a cumulative 60 [...]

Malware herders are speeding up, the first wave is already here for MS06-40.
It’s basically a variant of some old malware suited to the new vulnerability. Same old story then, same packer, technique, new exploit.
Same as the days of autorooters.
It’s basically the Mocbot trojan that was used in the Zotob worm attack in August 2005.

The first [...]

It seems people are turning some attention towards the security of Open Office finally, I for one say this is a good thing as it means it’s making inroads, it’s becoming popular, it’s getting to be a contender.
If people are seriously considering the security implications of using Open Office it means they are actually really [...]

Splogs are becoming a huge problem, half the stuff you search for nowadays returns a splog, mostly auto syndicated content.
I find a lot of my own entries on there, surrounded by Adsense ads.
New age scrapers I guess.

Technorati returns a lot of results from splogs too, but at least they have made some efforts to clean [...]

Another good tool updated! TCPReplay suite 3.0.beta10 has been released.
For those that don’t know Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify [...]

Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation!
It seems very well written too in terms that anyone familiar with software development or programming can understand.

Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of software security [...]

Ah cyberwar, cyber terrorism, efforts are ramping up, more sites are going down.

The war in Lebanon is now showing its consequences in the digital world and a huge number of websites has been attacked and defaced as a protest against the invasion of Lebanon by Israel.
Today two NASA websites were attacked as well. The intrusion [...]

Wapiti allows you to audit the security of your web applications.
It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads [...]

Scammers are getting more inventive and so it seems more technically advanced. They have actually duplicated the Interpol site to dupe people.

419 advanced fee scammers have created an exact copy of the Interpol website, which is expected to be used to dupe victims into believing they are dealing with the real International Criminal Police Organisation.
A [...]

Duster is the Dead/Uninitialized Stack Eraser, an injectable DLL that causes uninitialized stack and heap memory in its host process to be wiped over with a specific value. It is intended as a crude tool to assist in the run-time discovery of uninitialized memory usage problems by increasing the chances that the host process will [...]

The eEye Binary Diffing Suite (EBDS) is a free and open source set of utilities for performing automated binary differential analysis. This becomes very useful for reverse engineering patches as well as program updates.

The first tool is BDS, the Binary Diffing Starter from Andre Derek Protas. This tool helps reverse engineers with batch-analysis of patches [...]

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks.

It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The [...]

Israeli hackers have decided to ‘help’ and join the war against Palestine.
The hackers group that calls itself “IDF” (which also means Israeli Defence Force) has hacked dozens of sites, erased the site content and replaced it the index with a picture of the Lebanon destruction that is made by Israeli Defence Force as an answer [...]

Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP.
The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week.

This tool is especially welcomed by Darknet as there aren’t [...]