This was the idea with which I have won the regional web apps contest… well actually I did a CMS but the security part of it was the most appreciated. Maybe because it was weird, you’ll see…
Classical Login scripts
What exactly do classical login scripts do… they get the password from the database by querying it [...]

I have noticed an increase in Spam activity lately, especially in Spam blog comments there has been a noticeable surge in the frequency and number.
That’s why we’ve implemented stricter measures against spammers on Darknet and our other sites.
It seems there has been a big raise in the number of bot infected systems, so it’s suggested [...]

A new version of SSA (Security System Analyzer) has been released - version 1.5.1.
SSA is a scanner based on OVAL, the command line tool provided by MITRE is not very easy to use so the guys at Security Database decided to write a GUI to make it simple to use and understand and then free [...]

It just goes to show, sometimes the simple things are the most effective. A box of chocolates can defeat all the most hi-tech security systems if you add a little charm.
21 million Euros of diamonds, that’s one hell of a catch.

A thief has evaded one of the world’s most expensive hi-tech security systems, and [...]

Techm4sters e-mailed us recently to let us know about their new security distro called ProTech, we haven’t had time to download it and test it yet but it certainly looks promising.
- What is PROTECH? Protech is a very light live security distribution based on Ubuntu Linux.

- Is this like Nubuntu? It is similar, yes! But [...]

Gomor released a LLTD (Link Layer Topology Discovery Protocol) implementation written in Perl (using Net::Frame framework).
You may use this two modules to write fuzzers, or anything.

You can find the modules here:

Net Frame LLTD

I’ve known for a while you can buy software for spamming and MFA (Made for Adsense) site generation for a few hundred USD which utilises Google’s Blogger platform (blogspot.com sites).
You will have seen all the splogs as they are called (spam blogs) hosted on Blogger, a lot of them scrape Darknet articles and repost them [...]

Ah another way for phishers and people wanting to steal login credentials to con IE7 users.
Yet another reason to use Firefox or Opera?
Not saying these browsers are perfect…but look at the amount of problems Internet Exploder Explorer has had.

The flaw lies in the way IE7 processes a locally stored HTML error message page that is [...]

Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti-Security and Attack & Defense. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e - Secure Software Engineering in cooperation with the French Reverse Engineering Team.

Damn Vulnerable Linux [...]

I’ve heard this ‘rumour’ plenty of times, I always suspected it was true and Adobe have said similar things about their software.
If you are going to pirate, Microsoft wants you to pirate their software as when you go legit you are already locked in to their proprietary system.
All the more grounds for OSS if you [...]

BackTrack is the result of the merging of the two innovative penetration testing live linux distributions Auditor security collection and Whax. By combining the best features from both distributions and putting continous development energy, the most complete and finest security testing live distro was born: BackTrack

BackTrack v.2.0 is finally released, it’s been a long wait [...]

FSUM is a fast and handy command line utility for file integrity verification. It offers a choice of 13 of the most popular hash and checksum functions for file message digest and checksum calculation.
You can easily use FSUM with a batch wrapper to do automated file integrity monitoring, and use something like blat to email [...]

As with the UK, many phones in the US are sold under contract and are given at very discounted rates or even free in some cases if you sign a contract for year withe service provider.
Before that it was illegal to unlock your phone but finally in November 2006 it came out in court [...]

There is another option for DNS Brute Forcing which uses threads, so may be faster than TXDNS 2.0 which we posted about recently.
What does it do?
This program was written to extract valid hosts of a domain that deny zone transfers.
The program supports:

IPv4 => IP Address of [...]

The Chaos Communication Camp is an international, five-day open-air event for hackers and associated life-forms. The Camp features three conference tracks with interesting lectures, workshops and other stuff.

Chaos Communication Camp 2007 will take place at a brand new location at the Airport Museum Finowfurt, directly at Finow airport. So if you like, you can directly [...]

What is PHProxy?
PHProxy is a Web HTTP proxy programmed in PHP to bypass firewalls and other proxy restrictions through a Web interface very similar to the popular CGIProxy. School/country/company blocked your favorite Website? Look no further!
The server that this script runs on simply acts as a medium that retrives resources for you. The only IP [...]

It seems like people that make malware are getting more specific nowadays, the are no longer writing random self-propagating worms or trojans just for the sake of knowledge or notoriety.
Far more common nowadays is malware for specific purposes to capture login or banking details for certain sites or organisations.
This time it’s a custom trojan targetting [...]

Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout [...]

Black hat hackers vs White hat professionals - This is the Black & White Ball

The Black & White Ball will be held at the stylish Ministry of Sound venue in London, the date is to be confirmed (but it will be in September).

In security parlance, the terms Black Hat and White Hat refer to hackers [...]

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.
ISSUE 1.10 (February 2007) - DOWNLOAD

Microsoft Windows Vista: significant security improvement?
Review: GFI Endpoint Security 3
Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
Top 10 [...]