It seems like ATM hacking is still the way to go for those into a bit of hardware hacking. One of the most notorious and well known ATM hackers was recently arrest in Turkey and a list of his tips discovered online where he also sold the ATM skimming equipment.
Well his tips can’t be THAT [...]
Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:
osd.example.org. 900 IN [...]
So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers!
But we had discussed this in part before, some people will give out their passwords if you just ask, some if you offer [...]
BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database.
It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS:
MS-SQL Server
ORACLE
MySQL (experimental)
Attack Templates for:
MS Access
MySQL
ORACLE
PostgreSQL
MS-SQL Server
Also you can write your own attack template for any other database as well [...]
There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.
Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing [...]
ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.
Features:
reads SIP messages to get information of the RTP port numbers
reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
RTCP traffic [...]
This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not?
For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s and [...]
A tool which allows one to hijack HTTP connections to steal cookies – even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.
Features:
Does Wireless injection when the NIC is in monitor mode
Supports Ethernet
Support for WEP (when the NIC is in monitor mode)
Known issues:
Sometimes the victim is not redirected correctly (particularly seen when [...]
Purpose
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent [...]
psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data.
psad [...]
Now you think they’d know better than having Autorun enabled in the International Space Station? But no, they obviously didn’t and they got owned by some fairly innocuous thumb drive auto-spreader.
It wouldn’t really be news if anyone else got infected, but come on this is supposed to the pinnacle of security or something?
NASA confirmed this [...]
This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.
Changes for v1.3
Wrote in-a-bind shell script that [...]
I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform, there also seems to be an auto follow vulnerability that spammers would love.
Do you remember Myspace and samy with 900,000 friends? Now we have johng77536 on Twitter!
Last week, TechCrunch’s Jason Kincaid wrote about an [...]
What Does reDuh Do?
reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests.
Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially
What is it for?
a) Bob.Hacker has the ability to upload / create [...]
So as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser.
It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up during the [...]
The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. [...]
This one is of interest to me as I do actually use Twitter as a microblogging service and to keep up with what various friends are up to.
It’s quite an interesting wep app especially paired with something like Twitterfox in your browser and Twibble in your mobile phone.
It must have made it big now though [...]
What is XTest?
XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C [...]
We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote:
A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the [...]
So the latest news with the Gary McKinnon case that was he was trying to fight against Extradition, he started off with Appeals against US Extradition, then he Won The Right to Lords Appeal Extradition Hearing and then he lost the Lords case then went for the European Court.
Sadly it seems he lost his appeal [...]
