[ad] Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task. Pixy is a Java program that […]
Archives for August 2007
Caller ID Spoofing to be Made Illegal in the USA
[ad] The US Congress recently approved a bill that will make it illegal to spoof Caller ID in the USA. A while back the FCC announced the wanted to crack down on Caller ID spoofing as it was still too easy. The amount of the forfeiture penalty (…) shall not exceed $10,000 for each violation, […]
w3af – Web Application Attack and Audit Framework
[ad] A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features: Audit SQL injection detection XSS detection SSI detection Local file […]
Vista Security Claims Debunked – Figures Skewed
[ad] Ah more news about the insecurity of Vista and something we are all pretty aware of…the skewing of figures by Microsoft. Microsoft apparently still hasn’t learned that counting vulnerabilities doesn’t establish some kind of ‘security level’. You can read the report here: Vista 6 Month Vuln Report [PDF] The Microsoft “researcher” claims that Windows […]
Immunity Debugger v1.0 (immdbg) Release – Download it Now!
[ad] After almost a year of intensive development and internal use, Immunity (The guys who bought us CANVAS) has announced the public release of Immunity Debugger v1.0. The main objective for this tool was to combine the best of commandline based and GUI based debuggers. Immunity Debugger is a powerful new way to write exploits, […]