Archive | February, 2009


11 February 2009 | 6,726 views

Webtunnel 0.0.2 – HTTP Encapsulation and Tunnel Tool

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does [...]

Continue Reading


10 February 2009 | 5,323 views

Kaspersky Lab Alleged Customer Database Hack From SQL Injection Flaw

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any [...]

Continue Reading


06 February 2009 | 4,528 views

Cisco Enterprise Wireless (Wi-Fi) Equipment DoS Vulnerability Discovered

If your organisation is using any kind of Cisco Wi-Fi kit it may be time to get the latest patches for your kit. Although they state there is no proof that hackers have used this attack in the wild – in my experience if Cisco have discovered this now, someone else probably knew about it [...]

Continue Reading


05 February 2009 | 7,442 views

FlowMatrix – Free Network Behavior Analysis System

FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events. In addition, the new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior Analysis. [...]

Continue Reading


04 February 2009 | 6,555 views

Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control

It seems like Windows 7 is already creating some controversy even though it’s still in BETA. Just like Vista it also has UAC (User Access Control) which a lot of people disable completely because they find it irritating (myself included). When that happens, the boundary between security and usability has crossed too far and the [...]

Continue Reading


03 February 2009 | 6,779 views

dradis v2.0 Released – Open Source Security Reporting Tool

This is more of a tool for the information security professional amongst us, those working in a team carrying out web application audits, penetration tests and vulnerability assessments. It’s useful for a team to use a tool like dradis so everyone is on the same page and the progress and segregation of responsibility can easily [...]

Continue Reading


02 February 2009 | 7,026 views

Chrome and Firefox Face Clickjacking Exploit

Just remember that even though Firefox tends to be more secure than Internet Exploder – it’s not immune from vulnerabilities (although they do tend to get fixed much much faster). The latest one that’s cropped up in both Firefox and Chrome is a clickjacking vulnerability. This is basically where a link is replaced by an [...]

Continue Reading