Now Vista is actually out we haven’t heard much about it, before it’s commercial release however there was a lot of flaws released and discussion about the (in)security of the OS. The architecture does seem a lot better..
But still it’s from Microsoft, how long until we get a remote root exploit giving the highest level [...]

I love the Burp Suite, I really do. It’s pretty much my favourite local proxy program and my favourite suite of tools for security testing web applications (especially the session investigation and manipulation parts).
Another great thing is it’s cross platform, so you don’t have to learn different tools for Windows and Linux.

Basically Burp suite is [...]

This is a bit of hacking in the original sense of the word, taking a $60 router and giving it the capabilities of something costing in the hundreds or thousands (enterprise level).

Of all the great DIY projects at this year’s Maker Faire, the one project that really caught my eye involved converting a regular old [...]

Web Hack Control Center is a GUI based web server vulnerability scanner or assessment tool. This application gives you the means to identify which security vulnerabilities exist on your web servers by scanning them for the most popular server exploits. WHCC contains a database of thousands of exploits for a variety of web servers. This [...]

The famous Phenoelit Default Password List has been updated, it’s been quite some time since an update.

http://www.phenoelit.de/dpl/dpl.html
This is a must have resource on your pen-drive and backed up offline somewhere for those important times when you need to know the login for a router/switch

Technitium MAC Address Changer v4 (TMACv4 C4) has been officially released.
Technitium MAC Address Changer allows you to change Machine Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. [...]

Now this is a massive growth, 8000% percent..woah!
Thankfully losses are still ‘modest’ whatever that means, I guess although the attacks grow in
number, awareness an education also increases (in places like UK anyway) so the risk is fairly well mitigated.

UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to [...]

SIP Proxy is an Open Source VoIP security test tool which has been developed by the students Philipp Haupt and Matthias Halimann during their diploma thesis and second student research project at the University of Applied Sciences Rapperswil.
With SIP Proxy you will have the opportunity to eavesdrop and manipulate SIP traffic. Furthermore, predefined security test [...]

Ah the logic bomb, a source of humour for many due to it’s frequent showing up in ‘hacking’ movies, and it’s complete mis-use.
ZOMG THE LOGIC BOMB IT’S GONNA PWN US ALL!

A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer “logic bomb” on company networks and betting [...]

Ah the old mythical tale of hacking your school to change your grades to straight A’s, well I know people do it, I’ve seen it in the past…but now someone has actually gotten caught for it.
And what’s more..he’s the senior class president!

Cooper City High School’s senior class president was arrested Tuesday and charged in [...]

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.
It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients.

This code tested [...]

This is sad news as PHP hasn’t particularly had a good security record in the past.
He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having a [...]

Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business.
So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links to [...]

Recently a bug in certain versions of PHP came to the attention of the Wordpress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to [...]

It seems like it’s getting really serious in the Gary McKinnon case, he’s facing what looks like his last appeal against the US anti-terror law case against him for hacking some NASA systems by guessing the weak passwords.
Not like he’s really a terrorist, or did any damage…he did something very stupid though, bruised the ego [...]

SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

Automated SQL [...]

It seems common in most things, and it’s the same in infosec and especially malware, phishing and spam.
The majority of malware, phishing attacks and spam mails are coming from the same few sources, I’d say it’s a case of 80/20.
20% of the people are sending 80% of the messages, one of the big groups is [...]

Finally a replacement for the way outdated and rather crappy NmapFE!
Unfortunately sometimes we do have to actually use Windows, and Nmap cleverly overcame the problems with raw sockets on Windows SP2 by using ATM frames instead, so it’s cool.
Now we just need a decent GUI so it fits into the whole scheme of things, and [...]

There’s been quite a few Microsoft related exploits recently, but not in Windows, people have moved their focus towards the application layer and the top of the OSI stack.
This time it was a 0-day Vulnerability in Microsoft Word.

The original news comes from SANS Internet Storm Center Diary (ISC).
Microsoft has reported Word 2003, Word 2002, Word [...]

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.

AttackAPI 2.0 branch is a lot better then the 1.x. Now [...]