It seems finally someone has found a flaw in the way Tor works, a way to beat it and find out who is using the system.
Perhaps an end to the most anonymous system on the Internet?
I got this info fresh from SANS.

One of our readers sent in a very worrying analysis of what appeared to [...]

In this part we will discuss the basic framework of a computer virus… The basics of a virus consists of two elementary procedures (others will tell you three). These are:

a search routine
a infection routine
[anti-detection routines]

The search routine
This routine will have to be a more delicate one [but not hard to analyze at all], because as [...]

The Metasploit Framework is an advanced open-source exploit development platform. The 2.7 release includes three user interfaces, 157 exploits and 76 payloads.The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.
Windows users are encouraged to update as soon [...]

Oracle in its very own style recently published a mega patch, it could be called the mother of all patches.
Actually 101 bugs…the scary part is 45 can be exploited remotely.

Oracle published the mother of all security patches containing 101 fixes for flaws in its database, application server, E-Business Suite and PeopleSoft and JD Edwards applications.
Almost [...]

Here is a newly released VA methodology, the author believes it to be more focused, and thus cost effective VA process. It may map to internal work, but it is probably more suited to external sites.
It’s gone through a couple of revisions so it’s a bit more polished now.
You can find the notes on the [...]

A dream come true, would I say… recently found this article on securityfocus, it’s awesome… all that you need (beside Firefox) is pointed out in the article, so go on, what are you waiting for…
http://www.securityfocus.com/infocus/1879
SHARETHIS.addEntry({ title: “Web 2.0 Hacking with Firefox and it’s plugins”, url: “http://www.darknet.org.uk/2006/11/web-20-hacking-with-firefox-and-its-plugins/” });

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.
The standalone components of the library can be found at the [...]

Hackers are developing new software that will help hide browser attack code from some types of security software.
The software, called VoMM (eVade o’ Matic Module), uses a variety of techniques to mix up known exploit code so as to make it unrecognizable to some types of antivirus software.
Using these techniques, VoMM “can create an endless [...]

w3bfukk0r is a forced browsing tool, it basically scans webservers (HTTP/HTTPS) for a directory by using HTTP HEAD command and brute force mechanism based on a word list. Features:

HTTP/HTTPS(SSL) support
Banner grabbing
User-Agent faking
Proxy support (HTTP/S)
Reports found and non-existend directories

Example output:

w3bfukk0r http://nion.modprobe.de
Starting w3bfukk0r 0.2
Scanning http://nion.modprobe.de/ with 76 words from words.txt

Found http://nion.modprobe.de/tmp/ (HTTP 200)
Found http://nion.modprobe.de/blog/ (HTTP 200)
Found http://nion.modprobe.de/img/ [...]

Data security giant McAfee has bought a young Tel Aviv startup, Onigma, for somewhere between $15 million to $25 million cash, surmise hi-tech circles.
McAfee will be integrating the Onigma technology in its enterprise security solution, and will be recruiting dozens more Israeli developers for the startup, which will become a local R&D center.

Onigma was founded [...]

This a very old article based on my tiny document “WinDOS tools” which was for a short while on Blackcode, before it was shutdown… It was an article to impres my friends, but found some usefull stuff two when writing it… so let’s take a look at some “hidden” Windows XP programs…
MAC Address (getmac)
It seems [...]

With this simple tutorial I will explain how to install Nessus client (nessus) and Nessus Daemon (nessusd) and properly register it, so you don’t end up with the limitations of a non-registered version of the vulnerability scanner.
Installing:
I personally use apt-, however, you may choose any other package manager.
apt-get install nessus nessusd -y
This will install the [...]

Now for once, this is a really neat use of technology, someone using their brains and a suitable tech to solve a problem that is very apparent.
PERL may be frowned upon by some as being old or outdated, but seriously for parsing data, pattern matching and trawling, it’s still excellent and you can get a [...]

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
Flexible user [...]

This is the first part (of many others to come) consisting of basic a introduction to different viruses, some terminology and other aspects required before starting to understand or write viruses…
Definition
A virus is (taken from Windows XP’s Help And Support Center):

A program that attempts to spread from computer to computer and either cause damage [...]

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Taof aids the researcher during the data retrieval process by providing a transparent proxy functionality that forwards and logs requests from a [...]

The battle is heating up between the spammers e360 and the anti-spam warlords Spamhaus, some say the Internet may meltdown if Spamhaus stops its service..
Some estimates say 80% of spam is stopped by Spamhaus and e-mail could suddenly shoot to a server melting rate if their service is pulled.

The legal battle between antispam organisation Spamhaus [...]

This is pretty funny, but frankly typical of McDonalds..act before they think, it’s cheap, it’ll get more customers, whack it out!
They gave out a bunch of flash drive mp3 players as a promotion, it turns out every single one was loaded with a fairly nasty piece of spyware!

McDonalds Japan has launched a recall after discovering [...]

Wyd is a neat tool I found recently for Password Profiling.
In current IT security environments, files and services are often password protected. In certain situation it is required to get access to files and/or data even when they are protected and the password is unknown.

wyd.pl was born out of those two of situations:

A penetration test [...]

Hackers are switching targets now, companies are getting too hard to break into due to the availability of decently configured perimeter kit like firewalls and IDS.
Plus the information they do get if they manage to break in is often worthless commercially and really not worth the effort.
So instead, they target the end user, home bankers, [...]