This is a little scary, intensely personal ads which to be frank are getting a little invasive as it is..It’s like the part in minority report where the billboards scan your eyes and talk to you using your name and history of purchases.
It looks like it might be happening sooner than we think.

The first thing [...]

Announcing a new web application source code analysis tool called the Securitycompass Web Application Analysis Tool or SWAAT.
You may know it as a static analysis tool.
Currently in its beta release, this .Net command-line tool searches through source code for potential vulnerabilities in the following languages:

Java and JSP
ASP.Net
PHP

Using xml-based signature files, it searches for common functions [...]

Apart from the fact Janus is almost like Anus this is a very cool project.
Seriously this is really geeky stuff, but super cool.

If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks [...]

Something a little off-topic for once, nerdcore is getting big!
Geek music is hitting the streets.

Gangsta is dead. Grime is a bore. There’s a new beat on the street and it’s called Nerdcore. This geeky hip hop subgenre, also dubbed CS rap (that’s computer science, yo!), is finally booting up with the release of Rhyme Torrents, [...]

A useful tool for anyone working with PHP applications.
DESCRIPTION
————
FIS (File Inclusion Scanner) is a vulnerability scanner for PHP applications. Is scans PHP files mapping PHP/HTTP variables and then performs a security audit,in order to find out which of them are exploitable.
USAGE
——
php fis.php [local file] [remote file] [remote FIS ID file]

[local file]
————–
The local copy of the [...]

A sterling case for two factor authentication if I ever saw one.
The rule is use two of the 3 methods of authentication, if possible use all 3.

What you have (A USB key or Token)
What you are (Biometrics – Fingerprint or Iris scan)
What you know (A password or passphrase)

More than 8 out of every 10 [...]

SIFT has just published a world-first tool for identifying rogue web methods. The Web Method Search tool is a Windows based application that uses a hybrid dictionary attack in an attempt to find unpublished administrative and other web services functions.

As web services are becoming more prevalent, poor security practices from previous generations of application architectures [...]

Ahah! More government cover-ups? This one was a while back too.
Digging on those archives right now yah.
A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?
The US government security really does scare me sometimes, their internal departments have some of [...]

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things.
Summary
The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and is intended [...]

Ah China, always been famous for repressing their population, now there repression is moving onto the Internet and using digital means..
Just like the so called ‘Great Firewall of China’, I’ve been meaning to do an article about that for quite some time, I have something drafted.
Anyway the latest thing China has done has made it [...]

Ah the anti-trust battle continues, good to see someone with technical skills involved, I wonder how the case is coming along, I haven’t heard about it for a while.
Again this is quite an old story.

As an expert witness on digital crime, British computer consultant Neil Barrett has helped prosecutors in the United Kingdom convict murderers [...]

It’s good to see work on open source tools in the countermeasure department aswell as the attack and penetration arena.
It’s a shame since Snort and Nessus have gone semi-commercial.

I hope more people invest their time in good IDS, Firewall and IPS systems, I love things like IPCop and hope to see more products like HLBR.
HLBR [...]

This is an excellent article you might find useful covering the use of the capture command in Cisco PIX firewalls.

A vital tool to use when troubleshooting computer networking problems and monitoring computer networks is a packet sniffer. That being said, one of the best methods to use when troubleshooting connection problems or monitoring suspicious network [...]

This effort started quite a long time ago, I was just checking up to see how they were getting on, but there’s not much news of their progress.
perating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable [...]

Since Symantec stopped development of L0phtcrack many people have been looking for alternatives.
So don’t forget…

Jack the Ripper is still king
Medusa is good
Ophcrack for Rainbow Tables
And now one more, introducting LCP, which we have talked about before in the article Password Cracking with Rainbowcrack and Rainbow Tables.
LCP is freeware!
The main purpose of LCP program is user [...]

Ethical debates are always interesting, and people have gotten in trouble lately for reverse engineering and various other branches of research.
This is a fairly old topic, but as I’m clearing out some old drafts, I still find it an interesting one.
There’s been an ongoing debate in security circles concerning how security researchers should disclose vulnerabilities [...]

Can you believe this the provincial government in British Columbia has managed to auction off a set of data tapes containing people’s social insurance numbers, dates of birth and medical records among other information.

The provincial government has auctioned off computer tapes containing thousands of highly sensitive records, including information about people’s medical conditions, their social [...]

A lot of people come to Darknet looking for Brutus AET2 (brutus-aet2.zip) to download, but unfortunately due to some stupid Homeland security bullshit I actually had to remove the file or risk having no hosting left..
If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands [...]

Sometimes doing good can help bad things propogate, sometimes it’s good to consider the big picture and the repucussions of your charitable actions.
This is a case where such logic rings true.

Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, an anti-virus guru warns.
Eugene Kaspersky, head of [...]

This is a useful article that has basically taken the OWASP Top 10 Vulnerabilities and remapped them to PHP with actual examples.

The Open Web Application Security Project released a helpful document that lists what they think are the top ten security vulnerabilities in web applications.
These vulnerabilities can, of course, exist in PHP applications. Here are [...]