Archive | January, 2007


19 January 2007 | 511,626 views

Wep0ff – Wireless WEP Key Cracker Tool

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients. It uses combination of fragmentation and evil twin attacks to generate traffic which can be used for KoreK-style WEP-key recovery. This tool can be used to mount fake access point attack against WEP-based wireless [...]

Continue Reading


18 January 2007 | 6,212 views

PHP Security Specialist (Stefan Esser) Resigns

This is sad news as PHP hasn’t particularly had a good security record in the past. He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having [...]

Continue Reading


17 January 2007 | 6,570 views

Data Recovery – A Decent Article

Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business. So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links [...]

Continue Reading


17 January 2007 | 4,554 views

WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6

Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to [...]

Continue Reading


16 January 2007 | 8,739 views

Pentagon Hacker Gary McKinnon Appeals against US Extradition

It seems like it’s getting really serious in the Gary McKinnon case, he’s facing what looks like his last appeal against the US anti-terror law case against him for hacking some NASA systems by guessing the weak passwords. Not like he’s really a terrorist, or did any damage…he did something very stupid though, bruised the [...]

Continue Reading


15 January 2007 | 17,305 views

SPIKE Proxy – Application Level Security Assessment

SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include: Automated [...]

Continue Reading


13 January 2007 | 7,620 views

Rock Phish Group Accounts for 50% of Online Scams?

It seems common in most things, and it’s the same in infosec and especially malware, phishing and spam. The majority of malware, phishing attacks and spam mails are coming from the same few sources, I’d say it’s a case of 80/20. 20% of the people are sending 80% of the messages, one of the big [...]

Continue Reading


12 January 2007 | 27,513 views

Nmapview – Graphical Interface (GUI) for Nmap on Windows

Finally a replacement for the way outdated and rather crappy NmapFE! Unfortunately sometimes we do have to actually use Windows, and Nmap cleverly overcame the problems with raw sockets on Windows SP2 by using ATM frames instead, so it’s cool. Now we just need a decent GUI so it fits into the whole scheme of [...]

Continue Reading


11 January 2007 | 5,249 views

Microsoft Word 0-day Exploits – QUESTION.DOC

There’s been quite a few Microsoft related exploits recently, but not in Windows, people have moved their focus towards the application layer and the top of the OSI stack. This time it was a 0-day Vulnerability in Microsoft Word. The original news comes from SANS Internet Storm Center Diary (ISC). Microsoft has reported Word 2003, [...]

Continue Reading


10 January 2007 | 8,898 views

AttackAPI 2.0 Alpha – JavaScript Hacking Suite

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies. AttackAPI 2.0 branch is a lot better then the 1.x. [...]

Continue Reading