Archive | July, 2008


17 July 2008 | 5,804 views

Facebook Bug Leaks Birthday Data

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy. A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a [...]

Continue Reading


16 July 2008 | 6,073 views

Lynis – Security & System Auditing Tool for UNIX/Linux

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This is a tool that might be useful for both penetration testers performing white box tests and system admins [...]

Continue Reading


15 July 2008 | 3,444 views

UK’s Most Spammed Man – 44,000 Junk Mails a DAY!

I stopped using ISP based e-mail accounts years ago, they always had lousy spam control and after joining a few mailing lists they used to get flooded with junk. I always found web based mail systems to have much more effective spam filtering systems, plus I don’t have to waste my time and bandwidth downloading [...]

Continue Reading


14 July 2008 | 8,888 views

FWAuto v1.1 – Firewall Auditing & Ruleset Analyzer Tool

FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files. Maybe there have been times [...]

Continue Reading


11 July 2008 | 5,199 views

Google to Reveal Youtube Viewing Details to Viacom

Now this is an interesting privacy related case to think about over the weekend, Google has to reveal viewing details for Youtube to Viacom. Anyone who has EVER watched a Youtube video, that’s pretty extreme. Luckily most people are using dynamic IP addresses, so it shouldn’t be too much of a concern. Unless of course [...]

Continue Reading


10 July 2008 | 12,767 views

DNSenum – Domain Information Gathering Tool

The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain. The program currently performs the following operations: Get the host’s addresse (A record). Get the namservers [...]

Continue Reading


09 July 2008 | 2,591 views

June 2008 Commenter of the Month Competition Winner!

Competition time again! As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the thirteenth month of the competition in June and are now in the fourteenth, starting a few days ago on July 1st – Sponsored by GFI. [...]

Continue Reading


08 July 2008 | 5,456 views

Pantera – Web Application Analysis Engine

Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP. It’s aiming to be a more automated method for testing Web Application Security. Features User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS [...]

Continue Reading


07 July 2008 | 5,162 views

Which Browser Users Are More Secure?

Some new statistics just came out regarding Browser Security, this is more in terms of which users are most likely to apply patches and be using the most secure version. I would have thought Firefox would have been pretty high since the newer series prompt automatically new patches. My only guess is a lot of [...]

Continue Reading


03 July 2008 | 7,323 views

ratproxy – Passive Web Application Security Audit Tool

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]

Continue Reading