Archive | November, 2007


30 November 2007 | 7,094 views

fwtest – Firewall Testing Toolkit

The firewall test suite fwtest is a security auditing tool made up of two parts: the test control application fwtest and optionally one or two helper processes named fwagent. The test control application fwtest starts up the python interpreter with the given test script. The test script controls the packet data flow between two virtual [...]

Continue Reading


29 November 2007 | 7,398 views

Security Software Moves to Consoles – Web Filtering for PS3

Ah it seems some companies are having the same idea as me, consoles might well be the next infection vector for zombie style botnets, they have good processing power, the current generation has ample hard-drive space and they are network connected. The difference with consoles is they tend to be turned off when not in [...]

Continue Reading


28 November 2007 | 20,890 views

Chaosreader – Trace TCP/UDP Sessions from tcpdump

A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs. Similar to tcpflow which we mentioned [...]

Continue Reading


27 November 2007 | 4,623 views

UK Consumers Lose Faith in ‘Phished’ Brands

It seems Phishing is have effects in ways that weren’t originally obvious, it comes back to the same topic we generally discuss here when it comes to security and consumers. IGNORANCE. Someone consumers see a Phishing attempt from ‘Brand X‘ as a negative against that brand…even though it has absolutely nothing to do with the [...]

Continue Reading


26 November 2007 | 11,932 views

tcpflow – TCP Flow Recorder for Protocol Analysis and Debugging

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow [...]

Continue Reading


23 November 2007 | 16,000 views

Wi-Fi Jacking Extremely Common (45% of People Do!)

It seems Wi-Fi is actually extremely common, in fact in a recent poll up to 45% do it! I guess most people here have, I admit I do even with my phone when I’m out and about I’ll use any WiFi point that works. We can blame it on the manufacturers for having lax default [...]

Continue Reading


21 November 2007 | 4,519 views

Apple Fixes ‘Misleading’ Leopard Firewall Settings

Apple has admitted that is has at LEAST three serious design weaknesses in it’s new application based firewall being rolled out with Mac OS X ‘Leopard’. It comes (somewhat oddly) only 24 hours after a Mac OS X security update that fixed 41 OS X and Safari security vulnerabilities. Previously independent researchers proved that Apple’s [...]

Continue Reading


20 November 2007 | 6,318 views

sqlninja 0.2.1-r1 – SQL Injection Tool for MS-SQL Released for Download

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process [...]

Continue Reading


19 November 2007 | 14,877 views

The World’s Biggest Botnets – Peer to Peer

So what’s coming next, after Storm you might ask. You might remember Storm Worm Descending on Blogspot recently and other news about Botnets spiraling out of control accounting for almost 25% of online computers. Well apparently next will be p2p or peer to peer Botnets which could literally blow Storm away. You know about the [...]

Continue Reading


16 November 2007 | 67,204 views

Medusa 1.4 – Parallel Password Cracker Released for Download

It’s been a long time coming but here it is, after almost a year (Remember Medusa 1.3?) finally version 1.4 is here! Version 1.4 of Medusa is now available for public download! What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. The Key [...]

Continue Reading