We first wrote about Complemento 0.4b a little while ago when it first hit the public domain just last month (December 2008).
Now there have been 2 major updated versions, the latest being 0.6.
What is Complemento?
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or [...]

Isn’t it amazing in this day and age an entire country can be knocked offline by Denial of Service attacks! You’d have though it wouldn’t happen any more.
I do remember the days when it was fairly easy to take one of the smaller ISPs out in UK, so I guess the infrastructure of some developing [...]

I saw a relevant paper published today by an individual that claims the comparison was ordered by a penetration testing company (a company which remains unnamed).
The vendors were not contacted during or after the evaluation.
Testing Procedure
The author tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications provided by the [...]

We’ve been following the case of the ‘NASA Hacker’ Gary McKinnon since it started in April 2006 when we reported the British Hacker Gary McKinnon Fears Guantanamo.
So you can see the case has been going on for quite some time, the most recent news we published about it was UK Hacker Gary McKinnon Loses Appeal [...]

This is a very complete list, probably the most complete one I’ve seen and it includes pictures – pictures of people who rarely have their pictures taken or allow them out on the Internet.

The list is according to the proper original definition of a Hacker, as taken from the New Hacker’s Dictionary:

A person who enjoys [...]

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.
This application is more towards creating [...]

We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform.
There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following.
Due to the large update of Twitter, the amount of datable available [...]

As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“.
This time it’s for a much more relevant piece of software IMHO, and one which I actually like [...]

There hasn’t been a viral outbreak of this scale for quite some time, Conficker or Downadup as it’s known was only fairly recently discovered (Oct 2008) and has already infected an estimated 9 million machines!
It’s spreading fast though and it auto-updates itself via downloads from random domains making it almost impossible to stop as whatever [...]

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to add [...]

Back in November there was a considerable drop in Spam when Spam friendly ISP McColo was cut off from the Internet by it’s upstream peer.
Srizbi worm was pretty smart though and was picking up again by the end of November. Later in the year the botnets were somewhat neutralised leading to a huge drop in [...]

You may remember some time back we did a fairly exhaustive post on Password Cracking Wordlists and Tools for Brute Forcing.
Wyd the Password Profiling Tool also does something similar to AWLG but it’s a PERL script rather than being based online.

I’d prefer if AWLG let us download an offline version too personally.
About AWLG
The Associative Word [...]

The latest Phishing E-mails going round are leveraging on people’s need to digest the latest information, in this case about the Israel-Hamas conflict.
They set up a fake CNN site which prompts you to upgrade your flash player to view the video, of course it’s not Flash but a Trojan targeting your sensitive financial information.
I don’t [...]

This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues.

Version 3 of the Testing Guide was released in last month in December 2008, the project was part [...]

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years.
We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been slammed [...]

Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy by [...]

This is an interesting development in router security, Cisco bugs have been popping up now and then – not that often – but usually when they do they are quite serious.
The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS and [...]

WITOOL is an graphical based SQL Injection Tool written in dotNET.
- For SQL Server, Oracle
- Error Base and Union Base

Interface

Features

Retrieve schema : DB/TableSpace, Table, Column, other object
Retrieve data : retrive paging, dump xml file
Log : View the raw data HTTP log

Environment
OS: Windows 2000/XP/VISTA
Requirement: Microsoft .NET(2.0) Library (Download Here).

You can download WITOOL v0.1 here:
WITOOL_V0.1_081231.zip
Or read more [...]

I personally received the following direct message on Twitter from someone I know quite well:
hey! check out this funny blog about you…
http://jannawalitax.blogspot.com/
It’s a link to a fake blogspot URL that redirects to a phishing URL for Twitter, it looks the same as the real login page but the actual URL is:
http://twitterblogs.access-logins.com/login (WARNING THIS IS A [...]