Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Bruter is a tool for the Win32 platform only.
PROTOCOL SUPPORT
It currently supports the following services:
FTP
HTTP (Basic)
HTTP [...]
Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.
The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely [...]
Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster.
Good to see an update so soon after Metasploit Framework v3.0 was released.
I keep closely up to date with Metasploit as it’s pretty much the best free tool out there [...]
It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files [...]
Another tool for the security side, good for forensics, monitoring and auditing.
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, [...]
It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high.
Plus a lot probably use off the shelf CMS software, which when not updated is a playground for [...]
What Is Mod AntiTamper (AT)
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.
Is important to notice that [...]
The guys at BackTrack e-mailed me to let me know their Version 3 BETA has been released recently, and perhaps our readers would like to know about it.
For those that don’t know BackTrack evolved from the merging of two wide spread security related distributions – Whax and Auditor Security Collection. By joining forces and replacing [...]
Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a porn site!
This is just what happened to Perl.com a few days ago.
Visitors to Perl.com, the O’Reilly Media-owned [...]
sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
Features
Full support for [...]
Ah I remember some of the nastiest viruses back in the day attaching themselves in the MBR (Master Boot Record) rendering most anti-virus software useless (as it sits on top of the OS).
Now it seems MBR infection is back in fashion for a new age of rootkits.
Security mavens have uncovered a new class of attacks [...]
As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth.
w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application [...]
So facebook has finally fallen victim, after the recent Orkut worm now we have malware infection from Facebook, an application called Secret Crush. The application was renamed as My Admirer but that seems to be gone now too.
The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret [...]
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments.
In Cisco IP Phone networks, it first dissects either [...]
This is sad news, it seems UK is considering following the lead of the Germans and their recently implemented hacking law 202(c) regarding the making of ‘hacking tools‘ illegal.
It’s almost like making baseball bats illegal because you can hit someone with it, doesn’t matter its made for playing sport and that’s what most people use [...]
Unicornscan has always been a favourite of mine, especially for UDP scanning and scanning large networks (and getting it done fast).
Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. [...]
GFI has recently conducted a survey concering corporate security in the US for small and medium sized enterprizes (SMEs).
Despite the best efforts of many small and medium sized companies, a recent US survey shows that four in 10 companies believe that their networks are not secure. Thirty-two percent of the companies also reported that they [...]
The Revisionist is a tool for extracting and indexing hidden metadata (such as deleted or modified text) from large collections of MS Word files. It can operate whole Web sites or SMB or NFS directories. It is handy for pen-testing, or it can be used just to spot embarrassing secrets.
It’s useful in that it can [...]
Ah so Mr Alan Ralsky one of the biggest spammers of all-time is back in the news after his indictment with 10 others for running a large scale spam operation intended to inflate stocks artificially.
At one time it was thought Mr Ralsky and his friends were responsible for the majority of the spam sent, he’s [...]
Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the seventh month of the competition in December and are now in the eight, starting a few days ago on January 1st – Sponsored [...]
