The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do [...]

Hacking for money again? Well not really in this case, more like script kiddying for money - modifying an ‘off the shelf’ malware/bot package to evade detection and then cashing in on spamware affiliate fees.
I guess they could have made much with a 400,000 bot network - by renting it out for DDoS attacks to [...]

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and [...]

Ah I think it’s time for controversy on a Tuesday, what do you think about this case where a hacker got some info on a company about it’s soon to be plummeting share prices by breaking into their computer. By investing $41,000 in stock potion trading on the shares that were about to drop - [...]

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously [...]

A UK firm Virtuity has created data protection software called BackStopp which comes with ’self-destruct’ technology based on Wi-Fi and RFID tags that starts to run as and when a laptop is moved from its designated space.
So in layman’s terms, if the laptop is moved from its permitted zone (which is set by the user) [...]

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.
I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the [...]

Ok more controversy for you guys, and once again it’s the UK leading a new initiative. This time it’s not against making hacking tools illegal, it’s against people downloading ‘pirated’ content from the Internet (using torrent sites etc.).
I do hope they can differentiate using torrents to download open source software or creative commons music and [...]

It looks like it might be time to update our very well received list of the 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) since we have Russix now and Backtrack new version is on the way out.
Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa [...]

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones.
It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much done [...]

Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.
Better security without bursting your brain
Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).

What good security practice demands:

Strong passwords that are hard [...]

I quite often get people asking me where to get Wordlists, after all brute forcing and password cracking often relies on the quality of your word list.
Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd - password profiling [...]

Ok here’s something controversial for you guys to digest, there has been anecdotal evidence of US Customs seizing laptops before and examining the data…but it now seems to be rather more widespread.
It’s a little worrying to me how a government can just rummage through your data when you are totally innocent and they don’t even [...]

Another protection for those building website and web applications, as it’s the the most common attack vector nowadays I think it’s important to be extra safe on this front.
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes [...]

It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites.
Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2).
Personally I don’t have such a [...]

For some reason I’ve never posted about Kismet, and I don’t like to assume everyone knows everything. So for those who may not have heard of it, here’s Kismet.
Kismet is one of foundation tools Wireless Hacking, it’s very mature and does what it’s supposed to do.
Kismet is an 802.11 layer2 wireless network detector, sniffer, and [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the eigth month of the competition in January and are now in the ninth, starting a few days ago on February 1st - Sponsored [...]

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. Version 1.3 was pending the ExploitMe tools availability to the public.
Changes for version 1.3
Category Information Gathering (Googling and Spidering)

GSI Google Site indexer (GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends [...]

After banning hacking tools it looks like the German police are looking into digital wiretapping and creating ‘whitehat’ trojans for monitoring the bad guys…
Of course they define who the bad guys are, and according to law 202(c) it could be us..
This is very definitely questionable when it comes to ethics, it’s almost as bad as [...]