Archive | September, 2008


16 September 2008 | 5,219 views

International Space Station Infected by Virus!

Now you think they’d know better than having Autorun enabled in the International Space Station? But no, they obviously didn’t and they got owned by some fairly innocuous thumb drive auto-spreader. It wouldn’t really be news if anyone else got infected, but come on this is supposed to the pinnacle of security or something? NASA […]

Continue Reading


15 September 2008 | 7,001 views

PorkBind v1.3 – Nameserver (DNS) Security Scanner

This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each. Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread. Changes for v1.3 Wrote in-a-bind shell […]

Continue Reading


11 September 2008 | 4,228 views

CSRF Vulnerability in Twitter Allows Forced Following

I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform, there also seems to be an auto follow vulnerability that spammers would love. Do you remember Myspace and samy with 900,000 friends? Now we have johng77536 on Twitter! Last week, TechCrunch’s Jason Kincaid wrote […]

Continue Reading


10 September 2008 | 11,245 views

reDuh – TCP Redirection over HTTP

What Does reDuh Do? reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests. Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially What is it for? a) Bob.Hacker has the ability […]

Continue Reading


09 September 2008 | 5,369 views

Google Releases New Browser Chrome – Vulnerabilities on First Day

So as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser. It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up during […]

Continue Reading


08 September 2008 | 5,817 views

onesixtyone 0.3.2 – An Efficient SNMP Scanner

The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. […]

Continue Reading


05 September 2008 | 3,504 views

Twitter Targeted by Malware Distributors

This one is of interest to me as I do actually use Twitter as a microblogging service and to keep up with what various friends are up to. It’s quite an interesting wep app especially paired with something like Twitterfox in your browser and Twibble in your mobile phone. It must have made it big […]

Continue Reading


04 September 2008 | 4,730 views

XTest – VoIP Infrastructure Security Testing Tool

What is XTest? XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in […]

Continue Reading


03 September 2008 | 3,708 views

Productive Botnets

We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote: A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, […]

Continue Reading


01 September 2008 | 3,505 views

UK Hacker Gary McKinnon Loses Appeal Against Extradition

So the latest news with the Gary McKinnon case that was he was trying to fight against Extradition, he started off with Appeals against US Extradition, then he Won The Right to Lords Appeal Extradition Hearing and then he lost the Lords case then went for the European Court. Sadly it seems he lost his […]

Continue Reading