This is a pretty old issue, but this is an interesting new implementation of an old idea. Using your browser history and by matching your browsing habits the site attempts to guess your gender with a weighting system according to the gender demographics for a list of fairly popular sites.
It’s not super accurate unless you [...]
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM [...]
After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites.
Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can leak [...]
We did mention nUbuntu long ago in our famous 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) article.
After that it stopped development for quite some time, thankfully some new blood has picked it up and development has started again!
With over a year of inactivity, the latest alpha of nUbuntu 8.04 has finally surfaced.
With [...]
There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild.
To top that, they have already been ported into Metasploit!
I hope all the major ISPs are in a patching frenzy right now and not thinking to themselves that there [...]
MoocherHunterâ„¢ is a mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers and hackers. It’s included as part of the OSWA Assistant LiveCD we mentioned quite recently.’
I wanted to mention this tool separately as I think it’s very cool!
MoocherHunterâ„¢ identifies the location of an 802.11-based wireless moocher or hacker by the traffic [...]
In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development.
He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for the [...]
This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server.
TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since [...]
Another disgruntled IT worked causing mayhem, remember the guy that destroyed all the medical records?
He got a pretty hefty sentence, now we have another who has locked everyone out of the new ’state of the art’ computer network in San Fransisco – he’s on a $5 million dollar bail so I’d say he’s in big [...]
Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet [...]
It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.
A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain [...]
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This is a tool that might be useful for both penetration testers performing white box tests and system admins trying [...]
I stopped using ISP based e-mail accounts years ago, they always had lousy spam control and after joining a few mailing lists they used to get flooded with junk.
I always found web based mail systems to have much more effective spam filtering systems, plus I don’t have to waste my time and bandwidth downloading spam [...]
FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.
Maybe there have been times when [...]
Now this is an interesting privacy related case to think about over the weekend, Google has to reveal viewing details for Youtube to Viacom.
Anyone who has EVER watched a Youtube video, that’s pretty extreme. Luckily most people are using dynamic IP addresses, so it shouldn’t be too much of a concern.
Unless of course they decide [...]
The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.
The program currently performs the following operations:
Get the host’s addresse (A record).
Get the namservers (threaded).
Get the MX [...]
Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the thirteenth month of the competition in June and are now in the fourteenth, starting a few days ago on July 1st – Sponsored by GFI.
We’ve successfully [...]
Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP.
It’s aiming to be a more automated method for testing Web Application Security.
Features
User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS by the user. [...]
Some new statistics just came out regarding Browser Security, this is more in terms of which users are most likely to apply patches and be using the most secure version.
I would have thought Firefox would have been pretty high since the newer series prompt automatically new patches. My only guess is a lot of people [...]
Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]
