Archive | September, 2008

International Space Station Infected by Virus!

Outsmart Malicious Hackers


Now you think they’d know better than having Autorun enabled in the International Space Station? But no, they obviously didn’t and they got owned by some fairly innocuous thumb drive auto-spreader.

It wouldn’t really be news if anyone else got infected, but come on this is supposed to the pinnacle of security or something?

NASA confirmed this week that a computer on the International Space Station is infected with a virus. (See “Houston, we have a virus” at The Register.)

The malicious software is called W32.TGammima.AG, and technically it’s a worm. The interesting point, other than how NASA could let this happen, is the way the worm spreads–on USB flash drives.

Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft. Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC. How convenient, both for end users and for bad guys.

It once again comes down to convenience, security is the opposite of convenience – the more secure something is, the less usable it is and vice versa.

But that’s why there are experts in this field that can come to a decent balance between the two, both usability and security. Obviously these experts weren’t employed in this case..

Abrams blogged about this back in December, and I wrote about it in March. In that posting, I described how to disable autorun for Windows XP and Windows 2000 and I just revised it to include Vista.

In his December blog, Abrams writes, “Fundamentally, there are two types of readers here. The first type will disable autorun and be more secure. The second type will eventually be victims.”

Don’t be a victim, disable autorun (also known as autoplay) for all devices. It may be a bit inconvenient going forward, but to me, the added safety is well worthwhile.

I agree, don’t be a victim, run Linux! Ooops my bad, I mean disable autorun/autoplay and choose yourself what you want to run.

Source: Cnet (Thanks Morgan)


Posted in: Malware

Tags: , , , , , ,

Posted in: Malware | Add a Comment
Recent in Malware:
- Androguard – Reverse Engineering & Malware Analysis For Android
- Android Devices Phoning Home To China
- Linux kernel.org Hacker Arrested After Traffic Stop

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,579 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,708 views
- US considers banning DRM rootkits – Sony BMG - 45,008 views


PorkBind v1.3 – Nameserver (DNS) Security Scanner

Keep on Guard!


This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.

Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.

Changes for v1.3

  • Wrote in-a-bind shell script that scans random domain names from DMOZ
  • Implemented recursive query testing
  • Changed porkbind.conf to use CVE numbers in addition to CERT alerts
  • Modified text displayed on stdout to make it more parsable
  • Licensed with GNU Lesser General Public License
  • Fixed timeout/concurrency/memory corruption bugs
  • Fixed improper comparison of alpha/beta version numbering bug
  • Added typecasts to silence compiler warnings

The tool now scans for 14 flaws and reports CVE numbers & CERT.

You can download PorkBind v1.3 here:

porkbind-1.3.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,523 views
- AJAX: Is your application secure enough? - 120,380 views
- eEye Launches 0-Day Exploit Tracker - 85,872 views


CSRF Vulnerability in Twitter Allows Forced Following

Outsmart Malicious Hackers


I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform, there also seems to be an auto follow vulnerability that spammers would love.

Do you remember Myspace and samy with 900,000 friends? Now we have johng77536 on Twitter!

Last week, TechCrunch’s Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called “johng77536? to game the popular micro-blogging service to add thousands of followers (subscribers) in a short period of time.

The “johng77536? account has since been disabled but a security researcher tracking Twitter security flaws and weaknesses has discovered a new vulnerability that lets users easily game the “follow” system.

Whoever used this account was pretty stupid though hooking 7000 followers in a day, that raised some alarms for sure and now the account has been deleted.

I would guess however hundreds of other spammers are using the same technique in a much slower fashion to avoid detection. So watch out if you use Twitter you aren’t following some odd accounts that you didn’t manually subscribe to.

Raff showed me a proof-of-concept exploit that took advantage of a CSRF (cross site request forgery) bug to trick me into following his Twitter account by simply clicking on a rigged Web site. A spammer or phisher could abuse this vulnerability to gain thousands of “followers” and attempt social engineering attacks.

Twitter’s security team has promised a fix within 24 hours.

Raff’s discovery isn’t the first. He has assisted Twitter with fixing another bug that could be abused to send spam mails with malicious links. Several Twitter cross-site scripting bugs have also been found and fixed.

Twitter is actually a fairly simple service so I’m surprised they have so many issues.

I guess it’s the nature of any site that has POST/GET requests and especially those that use AJAX and aren’t aware of the security implications.

Tokens are important people, use them!

Source: Zdnet


Posted in: General Hacking

Tags: , , , , , , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,749 views
- Hack Tools/Exploits - 634,530 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,718 views


reDuh – TCP Redirection over HTTP

Outsmart Malicious Hackers


What Does reDuh Do?

reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests.

Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially

What is it for?

a) Bob.Hacker has the ability to upload / create a JSP page on the remote server

b) Bob.Hacker wishes to make an RDP connection to the server term-serv.victim.com (visible to the web-server behind the firewall)

c) The firewall permits HTTP traffic to the webserver but denies everything else

d) Bob.Hacker uploads reDuh.jsp to http://example.xom/uploads/reDuh.jsp

e) Bob.Hacker runs reDuhClient on his machine and points it to the page: $ java reDuhClient ubuntoo.victim.com 80 /uploads/reDuh.jsp


f) Bob.Hacker administers reDuhClient by connecting to its management port (1010 by default)

g) Once connected, Bob.Hacker types: [createTunnel]1234:term-serv.victim.com:3389

h) Now Bob.Hacker launches his RDP client, and aims it at localhost:1234

reDuhClient and reDuh.jsp will happily shunt TCP until they are killed..

The system can handle multiple connections, so while RDP is running, we can use the management connection (on port 1010) again, and request [createTunnel]5555:sshd.victim.com:22

Bob.Hacker can now ssh to localhost on port 5555 to access the sshd on sshd.victim.com (while still running his RDP session)

You can download reDuh here:

Download reDuhClient (the local proxy)
Download reDuhu Server Pages (JSP/PHP/ASP)

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- HexorBase – Administer & Audit Multiple Database Servers
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,001,204 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,512,977 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,341 views


Google Releases New Browser Chrome – Vulnerabilities on First Day

Keep on Guard!


So as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser.

It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up during the first couple of days of release.

One cool thing though is that each tab runs it’s own threaded process, so if one tab bombs out it won’t take down your whole browser.

The browser is a move for Google into the online/offline integration they started with Google Desktop, there are more and more online apps (Google Office) that people still want to use offline with a Google made browser this will be possible.

You also have to consider the privacy implications though, if you are also using Gmail…Google will basically know everything you do, even worse if you also use Google Desktop they will know what you have on your computer, what e-mail you send and receive and what you surf on the web.

The German Government has come out and told its citzens NOT to use Google Chrome.

There have been a few flaws released since Chrome came out such as a carpet bombing flaw:

Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.

Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.

The PoC is here: http://raffon.net/research/google/chrome/carpet.html

Another is a crash in chrome.dlll.

An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a ‘special’ character, the chrome crashes with a Google Chrome message window “Whoa! Google Chrome has crashed. Restart now?”. It fails in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.

The PoC is here: http://evilfingers.com/advisory/google_chrome_poc.php

And a few people have also been complaining that it allows auto-download of executable without a user prompt.

We will be keeping an eye on Google Chrome.


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,523 views
- AJAX: Is your application secure enough? - 120,380 views
- eEye Launches 0-Day Exploit Tracker - 85,872 views


onesixtyone 0.3.2 – An Efficient SNMP Scanner

Outsmart Malicious Hackers


The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. This means that ‘no response’ from the probed IP address can mean either of the following:

  • machine unreachable
  • SNMP server not running
  • invalid community string
  • the response datagram has not yet arrived

The approach taken by most SNMP scanners is to send the request, wait for n seconds and assume that the community string is invalid. If only 1 of every hundred scanned IP addresses responds to the SNMP request, the scanner will spend 99*n seconds waiting for replies that will never come.

This makes traditional SNMP scanners very inefficient.

onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them, in a fashion similar to Nmap ping sweeps. By default onesixtyone waits for 10 milliseconds between sending packets, which is adequate for 100Mbs switched networks. The user can adjust this value via the -w command line option. If set to 0, the scanner will send packets as fast as the kernel would accept them, which may lead to packet drop.

Running onesixtyone on a class B network (switched 100Mbs with 1Gbs backbone) with -w 10 gives us a performance of 3 seconds per class C, with no dropped packets. All 65536 IP addresses were scanned in less than 13 minutes.

You can download onesixtyone here:

onesixtyone-0.3.2.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- HexorBase – Administer & Audit Multiple Database Servers
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,001,204 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,512,977 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,341 views


Twitter Targeted by Malware Distributors

Keep on Guard!


This one is of interest to me as I do actually use Twitter as a microblogging service and to keep up with what various friends are up to.

It’s quite an interesting wep app especially paired with something like Twitterfox in your browser and Twibble in your mobile phone.

It must have made it big now though because it’s starting to get targeted by spammers and scammers trying to pimp dodgy sites and spread malware.

Twitter’s time has finally come. The microblogging service, once the playground of the Web 2.0 digerati, is now mainstream enough to be targeted by online criminals.

Kaspersky Lab has uncovered a fake Twitter profile created solely for the purpose of infecting people’s computers.

The profile, with an alias that means “pretty rabbit” in Portuguese, has posted a link that purports to be a pornographic video, but is instead Trojan software masquerading as MP3 files that steals data from the machine, according to the Kaspersky’s Viruslist.com blog.

It’s a pretty standard hook and normal malware, nothing new to see here – just a new way of distributing it via Twitter.

I have seen more and more spam profiles on Twitter, they tend to mass add and follow everyone they can find then I think they send out fake @messages with tinyurls that point to spam sites.

“If you click on the link, you get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash, which is supposedly required to watch the video. You end up with a file labeled Adobe Flash (it’s a fake) on your machine; a technique that is currently very popular,” the blog says.

The attack is dangerous because it does not require programming skills and could spread easily if it ends up high in Google search engine rankings. That is possible because Google indexes unprotected Twitter profiles.

This isn’t the only security problem to hit Twitter. Last week, researcher Avi Raff launched a Web site devoted to security issues with Twitter called Twitpwn.

It seems there are various other vulnerabilities one with auto-follow, which could be very dangerous. It reminds me of the Auto-digg vulnerability a while back where if you had a Digg account and were logged in when you visited the site it’d auto Digg the chosen page.

I’ll be keeping an eye out on TwitPwn and see what they get up to.

Source: Cnet (Thanks Navin)


Posted in: Malware, Spammers & Scammers, Web Hacking

Tags: , , , , , , , , ,

Posted in: Malware, Spammers & Scammers, Web Hacking | Add a Comment
Recent in Malware:
- Androguard – Reverse Engineering & Malware Analysis For Android
- Android Devices Phoning Home To China
- Linux kernel.org Hacker Arrested After Traffic Stop

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,579 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,708 views
- US considers banning DRM rootkits – Sony BMG - 45,008 views


XTest – VoIP Infrastructure Security Testing Tool

Outsmart Malicious Hackers


What is XTest?

XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C and freely available to anyone, under the GPLv3 license.
Why XTest?

XTest was developed with the specific aim of improving the security of environments that use 802.1x to protect IP Phone endpoints and their supporting VoIP Infrastructure. With the increasing prevalence of 802.1x Supplicant support in wired hard Phones, 802.1x will be increasingly used to ensure that remote IP Phones placed in areas with low physical security will have their directly connected ethernet switch ports secured against unauthorized access.

Furthermore, the tool can demonstrate the danger of relying solely on 802.1x, because the current wired 802.1x implementation only requires authentication when the port initially comes up/up. Subsequent packets are not authenticated, allowing an attacker to share a connection on a hub with the valid 802.1x supplicant, allowing unauthorized switchport access.

Features

  • 802.1x Supplicant: XTest can test the username and password against an 802.1x Authenticator (Ethernet Switch), and supports re-authentication. This is a simple and easy method of comparing the password against a valid 802.1x Supplicant running on an IP Phone or a PC.
  • Offline pcap dictionary attacK: If you capture a valid 802.1x authentication sequence into a pcap file, XTest will run a dictionary attack against the pcap using a supplied wordlist. XTest will elicit the password from the pcap if the dictionary file containst the valid password.
  • Shared Hub unauthorized access: Using a shared hub, XTest can use the successful authentication of a valid 802.1x supplicant to gain unauthorized access to the network.

Tested Platforms

802.1x Supplicants:

  • Cisco Unified IP Phone 7971G-GE
  • Cisco Unified IP Phone 7961G-GE
  • Cisco Unified IP Phone 7941G-GE
  • Cisco Unified IP Phone 7942G
  • Cisco Unified IP Phone 7945G

802.1x Authenticator:

  • Cisco Catalyst 3560 (WS-C3560G-24PS)

Radius Server:

  • CiscoSecure ACS 4.1

You can download XTest here:

xtest-1.0.tar

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- HexorBase – Administer & Audit Multiple Database Servers
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,001,204 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,512,977 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,341 views


Productive Botnets

Keep on Guard!


We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote:

A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the term botnet typically refers to such a system designed and used for illegal purposes. Such systems are composed of compromised machines that are assimilated without their owner’s knowlege.

Among the DDoS usage of botnets there are also know usages like:

Keylogging

Keylogging is perhaps the most threatening botnet feature to an individual’s privacy. Many bots listen for keyboard activity and report the keystrokes upstream to the bot herder. Some bots have builtin triggers to look for web visits to particular websites where passwords or bank account information is entered. This gives the herder unprecendented ability to gain access to personal information and accounts belonging to thousands of people.

Warez

Botnets can be used to steal, store, or propogate warez. Warez constitutes any illegally obtained and/or pirated software. Bots can search hard drives for software and licenses installed on a victims machine, and the herder can easily transfer it off for duplication and distribution. Furthermore, drones are used to archive copies of warez found from other sources. As a whole, a botnet has a great deal of storage capacity.

Spam

Botnets often are used as a mechanism of propogating spam. Compromised drones can forward spam emails or phish scams to many 3rd party victims. Furthermore, instant messaging accounts can be utilized to forward malicious links or advertisements to every contact in the victim’s address book. By spreading spam-related materials through a botnet, a herder can mitigate the threat of being caught as it is thousands of individual computers that are taking on the brunt of the dirty work.

and the one I’m gonna focus on (well, something derived from it) -> Click Fraud

Botnets can be used to engage in Click Fraud, where the bot software is used to visit web pages and automatically “click” on advertisement banners. Herders have been using this mechanism to steal large sums of money from online advertising firms that pay a small reward for each page visit. With a botnet of thousands of drones, each clicking only a few times, the returns can be quite large. Since the clicks are each coming from seperate machines scattered accross the globe, it looks like legitimate traffic to the untrained investigator.

My point is that many herders (botnet organizers) use a pretty raw Click Fraud mechanism, mainly just issue the command to the bot to retrieve the page and it’s advertisement and rebuild a query string to the advertisers website with the referer header set… as mentioned in the definition this may seem sometimes legitimate traffic to some, but big advertising companies would notice that something isn’t right, stuff like hundreds of clicks at (almost) the same time and similar scenario’s…

The new approach (better) would be to generate only website traffic at random hours because highly visited websites use pay-per-post campaigns (more info about pay-per-post)… and there are also other advertising systems like simple banner/ad placement on the website/blog and via the traffic stats you get paid…

How could botnets help? Well botnets would act as general users/viewers of the blog/website thus making legitimate traffic… masked by a randomized visit system… a general scenario:

  • the herder issues the command to visit a website
  • each bot receives the command, enters a random delay before executing it (in minutes) (ex: rand(60))
  • the bot finally executes the visit and resets the delay time before revisit adding a day to it also

A very raw implementation could be easily implemented but varying from botnets to botnets, because some botnets are simple IRC based while others not…

So many live hits and no subscribers? Nooooo, I think that netvibes got the solution to this issue…

It’s unethical… to whom?! to advertising companies only…


Posted in: Malware, Spammers & Scammers

Tags: , , , , , , ,

Posted in: Malware, Spammers & Scammers | Add a Comment
Recent in Malware:
- Androguard – Reverse Engineering & Malware Analysis For Android
- Android Devices Phoning Home To China
- Linux kernel.org Hacker Arrested After Traffic Stop

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,579 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,708 views
- US considers banning DRM rootkits – Sony BMG - 45,008 views


UK Hacker Gary McKinnon Loses Appeal Against Extradition

Outsmart Malicious Hackers


So the latest news with the Gary McKinnon case that was he was trying to fight against Extradition, he started off with Appeals against US Extradition, then he Won The Right to Lords Appeal Extradition Hearing and then he lost the Lords case then went for the European Court.

Sadly it seems he lost his appeal in the European Court of Human Rights and he is to face immediate extradition and trial in the US possibly still under charges of terrorism, which is ridiculous.

The British hacker facing extradition to the US for breaking into the computer systems of the Pentagon and NASA has lost his appeal with the European Court of Human Rights.

Gary McKinnon (42) was hoping to be tried in the UK where the alleged offences took place. The Glaswegian now faces immediate extradition for trial.

McKinnon lost an appeal in the House of Lords last month and applied to the European court for temporary relief on August 12. After yesterday’s verdict, that relief will no longer apply.

So the decision is out finally, after temporary relief until August 28th he was safe in the UK but now extradition has been granted he will be heading to the US.

I hope they don’t try and make an example of him because he doesn’t wish to comply with their wishes, apparently he has Asperger’s too (a form of autism).

He has previously declined a deal with the US authorities in which he would receive a shorter sentence in return for a guilty appeal. He now faces up to 60 years in prison although the sentence is likely to be much shorter.

McKinnon’s lawyers are now appealing to the home secretary to allow their client to be tried in the UK as he has recently been diagnosed with Asperger’s Syndrome.

McKinnon denies his activities were a threat to US security and claims he was then motivated by a belief that the computer systems contained information about UFOs that was being concealed from the public.

I really wonder what kind of sentence he will get, he surely won’t get the full 60 years terrorism sentence but still they could be harsh with him.

If I had to make a conservative guess I’d say 3-5 years in the clink, up to a maximum of about 7.

I really hope he doesn’t get that though and get’s 6-12 months in a low security facility.

Source: Tech Radar (Thanks Navin)


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,749 views
- Hack Tools/Exploits - 634,530 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,718 views