I personally received the following direct message on Twitter from someone I know quite well:
hey! check out this funny blog about you…
http://jannawalitax.blogspot.com/
It’s a link to a fake blogspot URL that redirects to a phishing URL for Twitter, it looks the same as the real login page but the actual URL is:
http://twitterblogs.access-logins.com/login (WARNING THIS IS A [...]

WITOOL is an graphical based SQL Injection Tool written in dotNET.
- For SQL Server, Oracle
- Error Base and Union Base

Interface

Features

Retrieve schema : DB/TableSpace, Table, Column, other object
Retrieve data : retrive paging, dump xml file
Log : View the raw data HTTP log

Environment
OS: Windows 2000/XP/VISTA
Requirement: Microsoft .NET(2.0) Library (Download Here).

You can download WITOOL v0.1 here:
WITOOL_V0.1_081231.zip
Or read more [...]

This is an interesting development in router security, Cisco bugs have been popping up now and then – not that often – but usually when they do they are quite serious.
The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS and [...]

Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy by [...]

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years.
We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been slammed [...]

This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues.

Version 3 of the Testing Guide was released in last month in December 2008, the project was part [...]

The latest Phishing E-mails going round are leveraging on people’s need to digest the latest information, in this case about the Israel-Hamas conflict.
They set up a fake CNN site which prompts you to upgrade your flash player to view the video, of course it’s not Flash but a Trojan targeting your sensitive financial information.
I don’t [...]

You may remember some time back we did a fairly exhaustive post on Password Cracking Wordlists and Tools for Brute Forcing.
Wyd the Password Profiling Tool also does something similar to AWLG but it’s a PERL script rather than being based online.

I’d prefer if AWLG let us download an offline version too personally.
About AWLG
The Associative Word [...]

Back in November there was a considerable drop in Spam when Spam friendly ISP McColo was cut off from the Internet by it’s upstream peer.
Srizbi worm was pretty smart though and was picking up again by the end of November. Later in the year the botnets were somewhat neutralised leading to a huge drop in [...]

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to add [...]

There hasn’t been a viral outbreak of this scale for quite some time, Conficker or Downadup as it’s known was only fairly recently discovered (Oct 2008) and has already infected an estimated 9 million machines!
It’s spreading fast though and it auto-updates itself via downloads from random domains making it almost impossible to stop as whatever [...]

As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“.
This time it’s for a much more relevant piece of software IMHO, and one which I actually like [...]

We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform.
There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following.
Due to the large update of Twitter, the amount of datable available [...]

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.
This application is more towards creating [...]

This is a very complete list, probably the most complete one I’ve seen and it includes pictures – pictures of people who rarely have their pictures taken or allow them out on the Internet.

The list is according to the proper original definition of a Hacker, as taken from the New Hacker’s Dictionary:

A person who enjoys [...]

We’ve been following the case of the ‘NASA Hacker’ Gary McKinnon since it started in April 2006 when we reported the British Hacker Gary McKinnon Fears Guantanamo.
So you can see the case has been going on for quite some time, the most recent news we published about it was UK Hacker Gary McKinnon Loses Appeal [...]

I saw a relevant paper published today by an individual that claims the comparison was ordered by a penetration testing company (a company which remains unnamed).
The vendors were not contacted during or after the evaluation.
Testing Procedure
The author tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications provided by the [...]

Isn’t it amazing in this day and age an entire country can be knocked offline by Denial of Service attacks! You’d have though it wouldn’t happen any more.
I do remember the days when it was fairly easy to take one of the smaller ISPs out in UK, so I guess the infrastructure of some developing [...]

We first wrote about Complemento 0.4b a little while ago when it first hit the public domain just last month (December 2008).
Now there have been 2 major updated versions, the latest being 0.6.
What is Complemento?
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or [...]

Just remember that even though Firefox tends to be more secure than Internet Exploder – it’s not immune from vulnerabilities (although they do tend to get fixed much much faster).
The latest one that’s cropped up in both Firefox and Chrome is a clickjacking vulnerability. This is basically where a link is replaced by an attacker [...]

This is more of a tool for the information security professional amongst us, those working in a team carrying out web application audits, penetration tests and vulnerability assessments.
It’s useful for a team to use a tool like dradis so everyone is on the same page and the progress and segregation of responsibility can easily be [...]

It seems like Windows 7 is already creating some controversy even though it’s still in BETA. Just like Vista it also has UAC (User Access Control) which a lot of people disable completely because they find it irritating (myself included).
When that happens, the boundary between security and usability has crossed too far and the control [...]

FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.
In addition, the new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior Analysis. This [...]

If your organisation is using any kind of Cisco Wi-Fi kit it may be time to get the latest patches for your kit. Although they state there is no proof that hackers have used this attack in the wild – in my experience if Cisco have discovered this now, someone else probably knew about it [...]

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any [...]

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does [...]

We did mention Conficker when it broke out back in January causing one of the largest scale infections ever seen (an estimated 9 million machines in just a few months).
The latest news is that Microsoft are offering a bounty to catch the author of the malware, we have seen this back in 2003/4 (The Anti-virus [...]

The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.
Now [...]

Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.
The NSA (National Security Agency), working with MITRE, SANS, [...]

The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.
For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived [...]

Hardware hacking is an interesting area and something not too many people get into as the soldering irons, capacitors and chipsets seem daunting. I did have a play around with cable boxes and satellite feeds in my earlier years and was surprised to find how insecure they were.
Most traffic is transmitted unencrypted, the stuff that [...]

For those of you who are not familiar with DShield (where have you been? under a rock?) it’s a Cooperative Network Security Community. Basically what that means is they collect firewall logs and map out the trends.
Like when there was a worm going around that bruteforced SSH2 you could see a spike in port 22 [...]

Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues.
It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one.
This time it’s a zero-day just hit and [...]

WMAT is Web Mail Auth Tool that provide some essential functions for testing web mail logins, written in python with support of pyCurl.
How it works?
It is very simple, You give WMAT file with usernames, file with passwords, URL of web mail app and chose pattern for attack. Patterns are XML files that define post/get fields, [...]

Well the day has come when money-minded botnet owners have turned their services towards online gaming. For a small fee (USD20) you can get someone to set you up with the software to ‘boot’ people from the Xbox Live network.
It’s always been a problem in gaming, if something can get hold of your IP address [...]

This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which [...]

Koobface is computer worm that targets the users of the social networking websites Facebook and Myspace. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.
A new variation of Koobface has popped up aggressively on Facebook and is attempting to steal login credentials for other social networking [...]

Finally an update to Medusa! Version 1.5 of Medusa is now available for public download. Medusa 1.4 was released quite some time back in November 2007 and before that Medusa 1.3 showed up November 2006.
You would have thought version 1.5 would have been released in November 2008! Looks like they missed by a few months.

What [...]

Click-jacking has hit the news a few times recently with most browsers being susceptible to this kind of redirection attack.
This time it’s Twitter that’s being hit, as with anything gaining popularity it’s going to become the focus of more attacks and attempts to compromise its security.
It seems like click-jacking may well be here to stay [...]

fzem is a MUA (mail user agent) fuzzer that fuzzes MAIL/MIME email headers as well as how clients handle SMTP, POP and IMAP responses.
Purpose
fzem’s purpose is to fuzz MUAs as they process email content and handle server reponses.

How does it work?
fzem has the three main mail protocols implemented as well as mail/mime headers. Using these [...]

What is Native Client?
Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. We’ve released this project at an early, research stage to get feedback from the security and broader open-source communities. [...]

What is VideoJak?
VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264.
VideoJak works by first capturing the RTP port used in a [...]

It seems to the feds are really cracking down on cybercrime recently, with a special kind of attention paid to botnets and their handlers. The sentences are getting stiffer too, this time with 4 years in prison for running a botnet and data theft.
I hope they keep it up, botnets are the scourge of the [...]

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, [...]

The BBC has made an odd move recently by buying/seeding a botnet of 22,000 computers under the guise of investigative journalism.
They claim it’s not illegal as they caused no harm and only sent spam to e-mail accounts used by themselves. Technically I think it’s still breaking the law under the Computer Misuse Act but most [...]

dnsmap is a subdomain bruteforcer for stealth enumeration, you could say something similar to Reverse Raider or DNSenum.
Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain [...]

Conficker has gotten quite a lot of news recently with it growing so fast and Microsoft offering a bounty for the authors.
It seems like the Conficker authors are really serious about retaining control of their botnet and expanding it further without hindrance from the companies trying to stop them.
It’s quite likely they are netting some [...]

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature enhancements [...]

In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions.
I guess it’s hard to control a 3rd party call center though and who [...]

sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…
It is designed to maximize the amount of data gathered [...]

You right remember in March last year we posted about Charlie Miller at the PWN2OWN contest owning the MacBook Air in under 2 minutes.
Guess what? He’s done it again! This time though he’s even faster clocking in at under 10 seconds. No one else stood a chance. He walked off with the prize again, $5000 [...]

In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1.
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that [...]

It’s seems like a new hacker is in the sights of the US Government, this time it’s Ehud Tenenbaum AKA ‘The Analyzer’.
He seems to have been quite sloppy about covering his tracks and remaining under the radar, he acts as if no-one can get him. Perhaps he knows something we don’t?
Anyway he’s firmly under investigation [...]

Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the [...]

Finally Microsoft is doing something proactive and perhaps even slightly ahead of the game, a real game-change for the security community.
They have released a new AND open-source tool to make debugging easier, it gives developers a lot of help during the release cycle to build more secure software. Mostly because it takes the legwork and [...]

winAUTOPWN is a TooL to Autohack your targets with least possible interaction. The aim of creating winAUTOPWN is not to compete with already existing commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit Framework (freeware), etc. which offer autohacks, but to create a free, quick, standalone application which is easy to use and doesn’t require [...]

So the big Conficker scare of April 1st has passed without any real events, no major sites taken down, no major online terror campaigns spawned.
Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains.
It seems like this malware might be here to stay and infecting more and [...]

UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, [...]

A bit of an update to the conficker worm that is supposedly scheduled for new updates and instructions today wednesday 1st. April 2009 and that nobody except for the bad guys knows what those instructions would be. Fyodor has rolled out a new nmap beta release to the nmap scripting engine that enables it [...]

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server.

In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does not [...]

Microsoft is in the news again, but this time for holding back on something security related.
It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.
A lot of Windows networks use ISA (as it used to be called) – in the future it’ll [...]

The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. Most tools are designed to pass a copy of the traffic onto a specified wired interface which is then plugged into a machine to allow a user to monitor the [...]

So it seems something big was brewing with Conficker, they just didn’t want to do what everyone expected and unleash it on April 1st when all eyes were on them.
Smart move really, they kept quiet and waited a week or so after before dropping some fairly serious and complex payloads (encrypted rootkits).
It seems like they [...]

Watcher is a run time passive-analysis tool for HTTP-based Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

Passive detection of security, privacy, [...]

We’ve written about Twitter quite a few times now, with it’s click-jacking vulnerability, twitter phishing attacks and various other issues.
It’s no surprise it’s being targeted though as it’s now the 3rd biggest social network after Facebook and Myspace.
Within a relatively short time period it’s overtaken almost everyone else. This weekend it suffered a fairly serious [...]

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can [...]

A spate of bugs have popped up recently in quite a few of the major anti-virus brands, some are old bugs which have just been made public and some are apparently new bugs – just discovered. Nothing too serious it seems (no remote takeover vulnerabilities) mostly just crashes and annoyances.
Included are Symantec’s Norton Anti-virus, Kaspersky [...]

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug [...]

Once again something is wrong with part of the Microsoft suite of software and once again they are denying it’s anything to do with them.
This time a researcher has developed a rootkit style infection tool aimed at the .Net framework.
Most modern computers come with .Net of some description installed so this could be quite a [...]

EFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as [...]

You might remember back in November last year Spam ISP McColo was Cut Off From the Internet and there was a fairly drastic drop in spam e-mail traffic.
Well it looks like the spammers have got their acts back together as spam levels are back up to 91% of their previous volume.
Having McColo shut down was [...]

OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.

Features

Online Dictionary Attack
Presence Stealing
Contact List Stealing
Single User Flood Mode (Internal)
Domain Flood Mode [...]

It seems like there is some serious hacking going on, attacks on power stations and industrial control systems.
You’d think most of these systems would be offline, or at least behind a solid DMZ. But as we’ve seen before they often get exposed by people plugging into the LAN then accessing the net through dial-up or [...]

What is ScreenStamp!
ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen shots.

ScreenStamp! [...]

A while back it was all over the blogs and Twitter that Amazon had somehow demoted Gay and Lesbian themed books to keep them from showing up in searches.
There was outrage from all the civil rights folks especially in the LBGT camp (rightfully so if it was true).
After that the rumour started the manipulation was [...]

Recently I posted about Charles Web Debugging Proxy and quite a few people mentioned they had been using Fiddler.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a [...]

We did mention Torpig in passing back in January 2008 when talking about the Mebroot rootkit which digs down deep into the Master Boot Record.
It seems like Torpig has been pretty active since then and the latest break is that some security researchers have managed to infiltrate the botnet and collect some data on what [...]

Just to put a downer on all the script kiddies, this utility WILL NOT hack/crack Facebook passwords or accounts.
You need to feed it biscuits (cookies) before you can do anything.
You can get the target’s cookie by sniffing, XSS, social engineering, ARP Poison-Sniffing, Scroogle search or however you like.

Once you have the cookies you can use [...]

The number of Crackberry Blackberry users is increasing exponentially – especially since they released the much sexier Bold and the latest touch-screen Storm.
The latest revelation is that used BlackBerries are being traded, not by the value of the phone but by the value of the data contained on the phone!
It just shows most companies still [...]

Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites.

Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use.
At present [...]

After our recent story about the trading of BlackBerries for data theft the issue has emerged again this time more towards the secure disposal of data stored on PC hard disks.
If a company or organisation has a decent data/information security policy in place (Like ISO27001 for example) they should have a secure destruction/disposal policy as [...]

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management [...]

This latest mass infection is through a vector I really don’t understand, see as though you can legitimately download Windows 7 from Microsoft.
I guess people just prefer BitTorrent downloads to HTTP downloads, and whoever had this smart idea capitalized on that.
Microsoft should perhaps do something about that and put out a legitimate BitTorrent copy. I [...]

You may remember we wrote about Samurai being released back in November 2008, it’s been quite a while since the last update.

The authors have updated and fixed a number of issues with the environment as well as improved performance of the java based tools. They have also included a virtual machine of the environment. [...]

It’s been a few months since the last Retard Update, and it’s definitely been slower since I posted the disclaimer and link on the Contact Page.
There have been some weird ones, one worders, one liners and stuff in foreign languages.
Anyway let’s get started with a classic ‘script-kiddy I can’t operate my computer‘ type mail.
lloyd wrote:
hey [...]

I thought this would have been stamped out by now, but sadly it’s still going on. With the advent of cheap web hosting and easy to use CMS systems like Wordpress more and more people are managing their own websites (gone are the days of Geocities).
More people with websites means more FTP details to be [...]

BugSpy is an interesting web site I came across recently, put together using a Python Framework (django) it aggregates bugs from as many open source projects as it can find. Preferably critical bugs.

You can search by tag (e.g java, email or php ) or by product name (e.g Ubuntu, Typo3 or Samba).
http://bugspy.net/
[...]

The latest news is a few million Chinese Internet users had trouble accessing any websites yesterday due to a DDoS attack on the DNS system from one of the countries registrars.
It just shows that China has an inherently weak infrastructure if such a large portion of people can be disrupted with an attack to a [...]

It’s been a while since the last update of Technitium back in June 2008, the latest release is v5 R2 with support for Windows 7 RC.
Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a [...]

It looks like Obama is taking a serious stance on Cyber Security and Cyber Crime with his introduction of a new position which will be known as the ‘Cyber Czar’.
As a senior White House official this is quite a serious position with the responsibility of protecting both the US government networks and looking out for [...]

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, [...]

It seems like another fairly critical flaw has been discovered in Microsoft Windows. It’s serious as it allows remote code execution, which basically means if you get hit with it your machine is owned.
It seems DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk. Windows Vista, Server 2008 and [...]

WEPBuster basically seems to be a toolkit that attempts to automate the tasks done by the various parts of the aircrack-ng suite.

The end goal of course is to crack the WEP key of a given Wireless network.
Features
The main part of this is the autonomous nature of the toolkit, it can crack all access points within [...]

It’s inevitable as Apple products become more and more popular they will get targeted by the bad guys. Count on more viruses, malware, exploits and rootkits for Apple Operating Systems.
They are a bit behind in the curve as they don’t have a formal security program and it’s unknown if they use secure development practices (they [...]

This is an old tool, but still useful. I saw someone asking for a tool to grab FTP files from the wire without using something like Wireshark, which brought me to this tool – FTPXerox.

FTPXerox grabs files that are transferred across the network using the FTP protocol. It was written to demonstrate the fact that [...]

If the FBI e-mail network can get owned by a virus, what hope does the average joe have when it comes to keeping their e-mail secure?
It must be pretty serious too if it actually forced them to shut down the Internet facing e-mail network, it seems like it was down for at least a week [...]

Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time. [...]

This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware.
The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place.
An obfuscated JavaScript meant [...]

fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service.
Quick Info

FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data.
It supports some [...]

With the latest version of the Apple iPhone OS being released last night or this morning (depending where in the World you are) I guess most of the iPhone users amongst you would have already installed the software.
Everyone I know using an iPhone has already done it without a hitch, it’s been long awaited and [...]

You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software.

Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front.
I’m hoping to try out the AcuSensor on a PHP install [...]

I find it a little surprising in this day and age that such a low percentage of IT managers believe data loss is a low impact issue.
Don’t they read the news? Don’t they understand how losing customer trust can really effect your bottom-line?
I would have thought 30% of respondents thinking data loss was high impact [...]

This tool has been hitting the news, including some mentions in the SANS ISC Diary.
It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack.

Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at [...]

I had a spam tweet appear in my stream a while back and like Guy Kawasaki I also had absolutely no idea where it came from.
Perhaps some kinda XSS flaw in Twitter when I visited a site that spawned the message (in a hidden iframe perhaps).
It wouldn’t be the first time Twitter was having security [...]

You may remember back in February the BETA of BackTrack 4 was released for download, the team have made many changes and have now released BackTrack 4 Pre Release.

For those that don’t know BackTrack is the top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly [...]

For people of my age and generation and I’d guess for most readers of Darknet, Michael Jackson would have had a great influence on our lives.
The biggest news last week was most certainly his death, as usual the bad guys were extremely quick to capitalize on this and were sending out spam within hours of [...]

Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting).
In the current compilation state it allows to log into a Linux system as ’root’ user without typing the correct password or to elevate privileges from current user to [...]

This story actually gave me a lot of LULZ, how stupid can you be seriously? Man this guy made so many mistakes for someone so paranoid (he had a web cam setup outside his appartment door so he could see who was coming)..
But then he exposed his IP address on IRC, posted his face on [...]

The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter. The Middler is intended to man in the middle, or “middle” for short, every protocol for which we can create code.
In [...]

Ah now this is interesting..and scary in a way. Script Kiddies with guns!
Script kiddies going to war, or is it turning soldiers into script kiddies. Who knows.
Anyway, the US military has decided to make their soldiers walking hackers, with an all-in-one super hacking device that can penetrate satellite signals, VoIP networks and normal information systems.

As [...]

MultiISO LiveDVD is an integrated Live DVD technology which combines some of the very popular Live CD ISOs already available on the internet. It can be used for security reconnaissance, vulnerability identification, penetration testing, system rescue, media center and multimedia, system recovery, etc. It’s a all-in-one multipurpose LiveDVD put together. There’s something in it for [...]

You might recall we’ve discussed the security of Industrial Control Systems before, the latest ‘evolution’ is the so called Smart Grid.
Which in all honestly, doesn’t seem to be very smart at all. In basic terms they are trying to turn the power-grid into a two way communication medium so consumers homes can report back to [...]

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.

Vulnerabilities

SQL Injection
XSS (Cross Site Scripting)
LFI (Local File Inclusion)
RFI (Remote File Inclusion)
Command Execution
Upload Script
Login Brute [...]

We need more companies like this that acknowledge hoarding data isn’t doing anything for the greater good, to really stamp out the core problems you have to share the data you’ve correlated across the World so everyone can put together what they have and do something about it.
It seems like with China pumping out the [...]

This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.
We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. This new [...]

Ah a bug in our beloved Firefox, after the latest 3.5 update (which sees some definite improvements).
The last one I recall was the Clickjacking Vulnerability, which also effected Chrome.
It seems like it’s not too serious of an issue and will only cause crashing, there’s no room for remote exploitation or code execution. So it may [...]

GFI LANguard is a product that has been around for a LONG time, I remember using it way back at version 3 or 4 and it was always my choice of platform if I was auditing a Windows based network.
Especially internal Windows LAN setups with a domain, for Linux I always felt there were better [...]

Now this is pretty disgusting behaviour from a national telco provider, but well is it really surprising in Dubai? For me..no it’s not.
I’ve spent a reasonable amount of time in Dubai on various projects, and my first surprise was Flickr being blocked. Especially as Dubai is probably the most liberal place in the Middle East. [...]

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Many of you will know it as Ethereal.

Features

Deep [...]

L0pht has been a staple of the hacking scene since the Internet existed, with the ever fabulous L0phtcrack being their best known offering.
Of course when that was sold off to Symantec then subsequently discontinued, things changed a lot.
Well now the Hacker News Network is back online, one of the side projects of L0pht Heavy Industries [...]

crack.pl is a tool for cracking SHA1 & MD5 hashes, including a new BETA tool which can crack MD5 that have been salted. You can use a dictionary file or bruteforce and it can be used to generate tables itself.
NOTE – Salt function is currently only available for md5, you need to append ‘\’ infront [...]

Ah another first, and once again China is at the forefront! We recently reported about a Chinese company sharing their huge malware database and now a group of Chinese companies has managed to develop the first SMS worm!
It’s a pretty cool concept, abusing the Symbian Express Signing procedure. It reminds me of the heydays of [...]

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.
For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection [...]

If any of you follow the mailings lists or the ’scene’ as it’s known, you’d be familiar with PHC, Phrack, Gobbles, ~el8, Silvio, gayh1tler and the whole Whitehat Holocaust AKA pr0j3kt m4yh3m. (Back when it went public).
The war against whitehats has started up again more vehemently recently with zine known as zero for owned or [...]

FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t [...]

Both Facebook and Twitter were hit with pretty severe DDoS attacks rendering them useless and unavailable to the majority of users.
The thing is it seems like it wasn’t a traditional network based botnet style DDoS attack, but a ‘joejob‘ attack where spam is sent out containing a link and the users clicking on the link [...]

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic [...]

Ah it’s Wordpress again, sometimes I wonder how many holes there are in Wordpress. I guess a dedicated attacker could find some serious ones with the complexity of the code base.
It’s suspected some of the recent high profile breaches have come from Wordpress exploits.
The latest one to become public is a simple but effective flaw, [...]

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.
It is designed to MITM all SSL connections on a LAN and dynamically generates [...]

Ah Twitter in the news again, the bad guys sure do keep up with new trends. After being taken offline for a while by a Joejob DDoS attack Twitter is in the news again – this time it’s being used as the command channel for a Botnet.
The normal method for controlling Botnets is via an [...]

What is Stoned Bootkit?
A bootkit is a boot virus that is able to hook and patch Windows to get load into the Windows kernel, and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption, because the master boot record (where Stoned is stored) is not encrypted. The [...]

This is a serious bug, it effects all Kernel versions released since May 2001! That goes all the way back to the early 2.4 versions.
It’s also exploitable according to the report – This issue is easily exploitable for local privilege escalation. In order to exploit this, an attacker would create a mapping at address zero [...]

IKECrack is an open source IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication. The open source version of this tool is to demonstrate proof-of-concept, and will work with RFC 2409 based aggressive mode PSK authentication.
IKE Agressive Mode BruteForce Summary

Aggressive Mode IKE authentication [...]

We’ve been following the whole TJX saga for quite some time now since way back in September 2007 when the hack became public as the Largest Breach of Customer Data in U.S. History and in August 2008 when the TJX Credit Card Hackers Got Busted.
The legal system has ticked along and now they have to [...]

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD.

Features

Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences
Userland binary(tsctrl) for controlling trafscrambler NKE
SYN decoy – sends out number of SYN pkts before the original SYN pkt
TCP reset attack – sends out RST/FIN pkt with bad [...]

Ah we saw this coming didn’t we, back in June we reported on Apple Struggling With Security & Malware and now they have shown they were paying attention.
Even though they tried to do so quietly, they are slipping a ‘malware detector’ into the latest OS X update known as Snow Leopard.
The problem is though, it [...]

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Usage
Graudit supports several options and tries to follow [...]

Apache.org has been hacked quite a number of this times, last week it happened again and the whole infrastructure was down for a few hours while they sorted out what had happened and how to remedy it.
Apparently one the remote SSH keys was compromised allowed attacked to upload code, the scary part is they could [...]

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints.

For example, the lack [...]

Interesting story for our British readers, seems like back in Old Blighty people are a bit lax when it comes to keeping their security software up to date.
Not only that, from the other aspects of the survey it seems UK is generally lacking in cybersecurity awareness and education with people not deleting dodgy files and [...]

HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform.

HP is offering SWFScan because:

Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise.
As a result, they are seeing a [...]

A fairly serious flaw that was announced in October 2008 by Outpost24 (and apparently discovered way back in 2005), has finally been patched by the major players Cisco and Microsoft.
So far Redhat has offered a workaround for the flaw and Juniper has responded that their equipment is not vulnerable.
It could be that Juniper doesn’t [...]

I thought a while ago about posting some stuff on Bluetooth hacking, but never got round to it. Have posted a couple of new articles on Bluetooth but haven’t yet posted any tools. So let’s start with Haraldscan – a Bluetooth discovery scanner.

The scanner will be able to determine Major and Minor device class of [...]

Seems like the Feds have been busy in recent year, all kinds of hackers, phishers an dnow pirates are getting arrested and imprisoned for some serious jailtime.
The latest in this strung of busts is the music piracy ground RNS or Rabid Neurosis, very eminent in the scene in the late 90s/early 2000s.
With P2P and people [...]

4f is a file format fuzzing framework. 4f uses modules which are specifications of the targeted binary or text file format that tell it how to fuzz the target application. If 4f detects a crash, it will log crucial information important for allowing the 4f user to reproduce the problem and also debugging information important [...]

It’s been a long time since we’ve heard about a problem with FreeBSD, partially because the mass of people using it isn’t that large and secondly because BSD tends to be pretty secure as operating systems go.
It’s a pretty serious flaw this time with root escalation, thankfully it’s only a local exploit though and not [...]

Flawfinder is a program that examines source code and reports possible security weaknesses (flaws) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. It’s a static analysis source code auditing tool.

Flawfinder is specifically designed to be easy [...]

This is one nasty piece of malware, seems like it’s working on a low level as per rootkits, there aren’t many technical details but it may well be operating on a Ring 0 level.
The level of detection by AV software is quite scary, especially since the malware is specifically targeting bank login details and it [...]

Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.

Key Features

JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments [...]

As Twitter gains momentum there are more and more attacks on it, it’s users and the most recent is a phishing scam via DM (Direct Message).
It was uncovered recently that it was being used as a Botnet Control Channel, shortly before that it was subjected to a DoS attack.
This isn’t the first time DMs have [...]

FRHACK OS is an updated/modified version of the latest BackTrack 4 ISO with many updated tools and fixes.
This means it’s a fully fledged linux pen-testing/security environment.

Some included tools & Updates

gcc-4.2
sun-java6-jre sun-java6-plugin
spoonwep-wpa-rc3.deb
airsnort-0.2.7e.tar.gz
wepbuster-1.0_beta_0.6
jbrofuzz-jar-15
wfuzz-1.4
tor-0.2.1.19
privoxy-3.0.8-stable-src
ophcrack-3.3.1
vncrack_src-1.21
fuzzgrind_090622

A new version (coming with bug fixes, included rainbow tables, wordlists, extras etc.) will be available for FRHACK 01, [...]

Another reason for Windows users to hate the Microsoft Patch Tuesday policy,
The exploit isn’t 100% reliable but it’s still fairly significant in my eyes as it is a critical vulnerability and can be used for code execution.
Vista isn’t the most popular OS still so perhaps Microsoft don’t the threat being that wide as the [...]

We’ve only mentioned one HIDS before, that was OSSEC HIDS, so I thought I’d do some updates on the others.
Samhain has always been one of my favourites, before that of course I was using Tripwire like everyone else.

The Samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well [...]

AVG used to be THE anti-virus software a few years ago, especially with it being the first major vendor offering a free solution for home users.
If you asked any techie back in 2002 which AV should you use, the answer would invariably be AVG free (or perhaps Panda).
After that AVG just got bloated, slow and [...]

This little, but very useful program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network ( or others), for example hosts that allow p2p connections.
Explanation

When we use a Gateway, we send the packets with IP destination of the [...]

Now this should be interesting, perhaps they should turn it into a hacking based reality TV show? From the description though it looks more centered around defense than offense and perhaps should be called ‘System Administrator Idol’.
Not quite so catchy though is it.
Well at least they doing something to try and nurture talent in the [...]

VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, Netcat, Hydra, Hping2 etc.

This distribution is a work in progress. If you [...]

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).
I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like [...]

The Naptha vulnerabilities are a type of denial-of-service vulnerabilities researched and documented by Bob Keyes of BindView’s RAZOR Security Team in 2000. The vulnerabilities exist in some implementations of the TCP protocol, specifically in the way some TCP implementations keep track of the state of TCP connections, and allow an attacker to exhaust the resources [...]

This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’.
It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can do to ensure user [...]

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

Features

Create PDF [...]

Ah it’s that time of the year again when all the back to skoolers have some mad l33t knowledge and wanna h4×0r the planet or something.
Hmmm website hacking, sounds simple eh?
thriller wrote:
hai i would like to know website hacking how?……… sedn to my mail
Ok I’m following up up to the exploding part? Not quite sure [...]

It’s been almost 2 years since the last update on Nikto, which was version 2.
For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over [...]

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent [...]

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question.

We [...]

Facebook has had a fair share of problems, being a large community of course it’s going to be a ripe target for spammers, scammers and malware distributors.
The latest to hit is a spam e-mail claiming to be from the Facebook team that actually spreads a nasty piece of malware called Bredolab. It’s also been observed [...]

KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition [...]

It was 2008 when the UK government originally proposed disconnecting pirates from the Internet, then a few months later Australia followed suit.
The latest is that it’s really going to be legislated and will come into force by April 2010 under the Digital Economy Bill.
I’ve noticed this trend picking up lately, a few companies are adopting [...]

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and [...]

Now this is interesting a proper mathematical calculation for using cloud computing to crack passwords, now Amazon has opened up their EC2 (Elastic Compute Cloud) the cost of massive parallel processing power has come right down.
And guess what, someone thought of using it to crack passwords. It seems the cut-off would be a 12 character [...]

UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free [...]

There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more.
As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase their [...]

It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.

Binging is a simple tool to query Bing search engine. It will use your Bing API key [...]

Facebook has had it’s fair share of security woes and the latest is the discovery of a new Trojan that uses Facebook to communicate.
Interesting that it’s using the Facebook notes feature to communicate depending on title/subject of the note.
The actual malware itself is spread through doc/pdf exploits and not through any flaws in Facebook itself.

Researchers [...]

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
Requirements

“Turbodiff 1.01 beta release 1″ works with IDA starting from v5.0.
Instructions
For the binaries:
Download the plugin and store it at the directory “..\IDA\plugins”.
If you want to compile it on your own: We have compiled it [...]

The ‘big’ news this week was the first self-replicating worm hit the iPhone, it only seemed to be spreading in Australia though and only worked under a specific set of circumstances.
It only effects iPhone users that have jailbroken their phone and have the SSH software installed with a default password of alpine.
Thankfully it’s not particularly [...]

It’s been quite a while since we’ve written about Cain & Abel, one of the most powerful tools for the Windows platform (back in 2007 here).
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, [...]

When this SSL Renegotiation bug hit the news, most people said it was a theoretical attack and was of no practical use in the real world.
But then people tend to say that about most things don’t they until they get pwned up the face.
It turns out the rather obscure SSL flaw can be used to [...]

The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite [...]

So a pretty serious remote vulnerability has been discovered in Windows 7, as usual Microsoft is downplaying the problem asking you to block the ports on your firewall rather than fixing the issue.
I’d imagine the problem would only really be a big issue inside networks as who exposes SMB ports to the outside world anyway [...]