This case has been going on for a while but obviously hush hush, being that it is the largest breach of customer data in U.S. History. The details of the case have only started emerging in the last couple of months.
Information Week published a good article covering what has been going on recently.
Amazing the amount [...]

I was looking through my toolbox to see what else is useful and I came across this one, httprint - the only caveat is that it’s a little out of date. It still does a good job though.
httprint is a web server fingerprinting tool.
It relies on web server characteristics to accurately identify web servers, despite [...]

Gentoo Pulls the Plug after Getting Pwned
Gentoo pulled quite a few of it’s servers recently following the discovery of a fairly severe flaw in it’s systems.
Just to show that Linux systems aren’t invulnerable and immune to all security issues.
Ubuntu suffered quite heavily recently too, so don’t assume just because you use Linux you’re safe.

[...]

WEP is a protocol for securing wireless LANs. WEP stands for “Wired Equivalent Privacy” which means it should provide the level of protection a wired LAN has. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) [...]

I’m sure everyone remembers the Diebold voting fiasco with their system getting pwned multiple times. Back in May 2006 it was announced from multiple sources that the Diebold system was critically flawed.
Then more recently Hackers in the Philippines were Invited to Crack Internet Voting, which is definitely positive step to increase security in voting applications.
Now [...]

The LORCON packet injection library provides a high level interface to transmit IEEE 802.11 packets onto a wireless medium. Written for Linux systems, this architecture simplifies the development of 802.11 packet injection through an abstraction layer, making the development of auditing and assessment tools driver- independent.
Using LORCON, developers can write tools that inject packets onto [...]

I’ve seen this from quite a few sources so it seems it’s fairly legitimate, it seems all major websites have some flaws in the way they implement cookies meaning they are vulnerable to certain types of attack.
The only current solution seems to be using full time SSL or https connections full-time, if any of you [...]

IPAudit monitors network activity on a network by host, protocol and port. It listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating [...]

More hacker humour - this is a good one!
—
So I’ve been a professor at this ‘little school’ for a while now. I love my job. My classes contain students from all age groups. I have a few 17 year old high schoolers that are here because they are bored during the summer. I have a [...]

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.
The headers and footers can be specified by a configuration [...]

Seen as though we get a lot of searches for PSP firmware updates and information about homebrew, I thought I’d post about this which popped up a few months ago.
In what undoubtedly will be remembered as a historic and life-changing event for PSP enthusiasts everywhere, a group of coders (Noobz and [...]

Flare processes an SWF and extracts all scripts from it. The output is written to a single text file. Only ActionScript is extracted, no text or images. Flare is freeware. Windows, Mac OS X and Linux versions are available.
The main purpose of decompiler is to help you recover your own lost source code. However, there [...]

After the recent fiasco about the Pentagon being Hacked by Chinese Military another few governments have piped up with information about cyber surveillance by China.
The latest is France.
It seems like right now china has it’s fingers in many pies.

France has become the fourth country to speak out against hackers in China [...]

There has been some debate on Darknet about this kit and it’s use, obviously it’s a kit for beginners but it is useful. Advanced chaps like you and me (you guys know who you are) most likely have the requisite tools and knowledge to build/find/etc whatever we need to get the job done.
That’s partially what [...]

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform.
PIRANA’s goal is to test whether or not any vulnerability exists on the content [...]

Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

EtherPEG was a program that sniffed for JPEGs passing by on the AirPort networks at MacHack, and showed them on the huge screen [...]

The details are still a bit shaky, but this news has been making the rounds.
Apparently the the hack attack in June on the Pentagon may have been carried out by the Chinese Military (People’s Liberation Army).

One senior US official said the Pentagon had pinpointed the exact origins of the attack. Another person familiar with the [...]

ServiceCapture runs on your pc and captures all HTTP traffic sent from your browser or IDE. It is designed to help Rich Internet Application(RIA) developers in the debugging, analysis, and testing of their applications.
You can download the free trial below. After it is installed and running, visit the Macromedia Exchange with your web browser (some [...]

Ah it’s that time again! It wasn’t as close as last month, but it was pretty close again.
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the third month of the competition in August and [...]

Similar to the Hacker Challenge in 2006, it is being run by a U.S. company performing security testing and security metric research. The purpose of this challenge is to evaluate the effectiveness of software protections. The results of this effort will be used to improve protection measures.

There will be three distinct, yet related, phases to [...]