Archive | January, 2008


31 January 2008 | 43,150 views

Bruter 1.0 Released – Parallel Windows Password Brute Forcing Tool

Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication. Bruter is a tool for the Win32 platform only. PROTOCOL SUPPORT It currently supports the [...]

Continue Reading


30 January 2008 | 21,375 views

Multilingual Worm Spreads Over MSN Messenger

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on. The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more [...]

Continue Reading


29 January 2008 | 45,637 views

Metasploit Framework v3.1 Released for Download

Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster. Good to see an update so soon after Metasploit Framework v3.0 was released. I keep closely up to date with Metasploit as it’s pretty much the best free tool [...]

Continue Reading


28 January 2008 | 5,165 views

Data Leakage Bug in Mozilla Firefox Confirmed

It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla. It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?). It’s rated as low risk, but it can give away the existence [...]

Continue Reading


25 January 2008 | 18,818 views

argus – Auditing Network Activity – Performance & Status Monitoring

Another tool for the security side, good for forensics, monitoring and auditing. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, [...]

Continue Reading


24 January 2008 | 4,065 views

Hacked Embassy Websites Delivering Malware

It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high. Plus a lot probably use off the shelf CMS software, which when not updated is a playground [...]

Continue Reading


23 January 2008 | 17,828 views

mod_anti_tamper – Anti Tamper Module for Apache 2.x

What Is Mod AntiTamper (AT) AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering. Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated. Is important [...]

Continue Reading


22 January 2008 | 89,512 views

BackTrack Live Hacking CD BETA 3 Released

The guys at BackTrack e-mailed me to let me know their Version 3 BETA has been released recently, and perhaps our readers would like to know about it. For those that don’t know BackTrack evolved from the merging of two wide spread security related distributions – Whax and Auditor Security Collection. By joining forces and [...]

Continue Reading


21 January 2008 | 8,317 views

Perl.com Sends Visitors to P*rn Site!

Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a p*rn site! This is just what happened to Perl.com a few days ago. Visitors to Perl.com, the [...]

Continue Reading


18 January 2008 | 13,190 views

sqlmap 0.5 – Automated SQL Injection Tool

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities. Features Full [...]

Continue Reading