More Google News this week after Google Launches Online Security & Malware Blog, now they have acquired a web security startup called GreenBorder.

Google Inc. said on Tuesday it has bought Internet security startup GreenBorder Technologies Inc., which creates secure connections to protect e-mail and Web users from malicious or unwanted computer code.
Terms of the deal, [...]

SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL [...]

From now on we will be having a commenter of the month competition here at Darknet to encourage quality comments and discussion.
We hope to get more interactive here and we will be giving out prizes sponsored by GFI such as PSP’s iPods and other cool stuff bundled with goodies from GFI such as mugs, key-chains [...]

Technitium MAC Address Changer v4.5 has been released.
Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. Every NIC [...]

Redseal is launching a free offer next week for security consultants, pen testers and auditors.
Redseal develops a product called Security Risk Manager (SRM), it does the following - (non sales overview)

Imports firewall and router configuration files
Audits and checks them for errors, mis configurations, redundant rules, checks against best practices etc
Draws a network topography [...]

Foundstone Blast v2.0 is a small, quick TCP service stress test tool. Blast does a good amount of work very quickly and can help spot potential weaknesses in your network servers.
Features:
/trial switch adds the ability to see how the buffer looks before sending it
/v switch adds verbose option - off by default
/nr switch turns off [...]

Another to add to your list and your RSS feedreader, Google Online Security Blog.

Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we’ve been looking for a way to foster discussion on the topic and keep users informed. Thus, we’ve [...]

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject packets for:

ARP
DNS
ETHERNET
ICMP
IGMP
IP
OSPF
RIP
TCP

UDP

Using the IP [...]

Another flaw in Cisco’s IOS, this time a problem with FTP, the mechanism used to update the firmware on Cisco devices (routers & switches mostly).
You really don’t want someone playing around with your configuration files on your router do you?

IOS FTP, which comes disabled by default in IOS, is used to upload IOS software images [...]

A while ago some updates of pwdump and fgdump were released, namely pwdump6 1.5.0 as well as fgdump 1.5.0.
Version 1.5.0 of both programs takes advantage of some changes which makes them less likely to be detected by antivirus, at least as of today. This will be particularly helpful to those of you dealing with [...]

ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of pseudo random packets of the target protocol. The packets be given tendencies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the [...]

A reader e-mailed me a while ago about a fairly comprehensive SQL Injection ‘Cheat Sheet’ they had created and posted up.
I compared it to the other ones I had bookmarked, and it was different enough to be worth posting.

Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are [...]

Basically Ubuntu Ultimate Edition is Ubuntu Edgy Eft with a whole lot of software pre-added.
Sadly the author had to removed Java, Flash and Acrobat reader due to licensing agreements. But don’t worry as there is a custom repository in the release which includes all of these and much more.

SMP Support (dual core CPUS) / works [...]

The VoIP Security Alliance (VOIPSA) is pleased to announce the public release of its VoIP security tool list. Check it out at:
http://www.voipsa.org/Resources/tools.php
This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools.

This list was developed to address the current void of VoIP security testing resources and sites, [...]

Apologies for the recent down-time at Darknet, the longest we’ve had so far I think.
The disk-array crashed completely, hardware fault, so rebuilding and recovering the data from the bad disk, then restoring everything was a fairly long process.
The site was back up quite early but the database inaccessible due to the taxing of the processor [...]

Agnitum Outpost Security Suite Pro is a step up from their Agnitum Outpost Firewall PRO
with a more wholistic look at security.
The suite also includes pre-emptive threat protection, anti-spam protection and safe-surfing.
The Software is fairly sizeable at around 36MB, you can download it here, for a 30 day free trial.

As I’ve mentioned before I think [...]

Recently GFI launched a free, online portable storage device scanner called EndPointScan.
http://www.endpointscan.com
EndPointScan, is an industry-first, free online service that allows anyone to check what devices are or have been connected to computers on their network and by whom.

Using this diagnostic tool, one can identify those areas where the use of portable storage devices could pose [...]

This site is dedicated as a repository for “hacking” programs for Windows and Linux. Please note that hacking means nothing but tweaking or cleverly resolving a problem. Use the programs as you wish, but this site or its provider are not responsible in terms of how you use these programs, (i.e. for educational purposes only).

http://www.leetupload.com/
The [...]

What is Scapy?
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery [...]

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
This is everywhere today. Every major news site has this ‘magic’ number in it. Digg.com had stories with more than 24.000 diggs (that’s actually the first time I see that many).
In case you’ve been in a cave for the [...]