Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting).
In the current compilation state it allows to log into a Linux system as ’root’ user without typing the correct password or to elevate privileges from current user to [...]
For people of my age and generation and I’d guess for most readers of Darknet, Michael Jackson would have had a great influence on our lives.
The biggest news last week was most certainly his death, as usual the bad guys were extremely quick to capitalize on this and were sending out spam within hours of [...]
You may remember back in February the BETA of BackTrack 4 was released for download, the team have made many changes and have now released BackTrack 4 Pre Release.
For those that don’t know BackTrack is the top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly [...]
I had a spam tweet appear in my stream a while back and like Guy Kawasaki I also had absolutely no idea where it came from.
Perhaps some kinda XSS flaw in Twitter when I visited a site that spawned the message (in a hidden iframe perhaps).
It wouldn’t be the first time Twitter was having security [...]
This tool has been hitting the news, including some mentions in the SANS ISC Diary.
It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack.
Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at [...]
I find it a little surprising in this day and age that such a low percentage of IT managers believe data loss is a low impact issue.
Don’t they read the news? Don’t they understand how losing customer trust can really effect your bottom-line?
I would have thought 30% of respondents thinking data loss was high impact [...]
You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software.
Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front.
I’m hoping to try out the AcuSensor on a PHP install [...]
With the latest version of the Apple iPhone OS being released last night or this morning (depending where in the World you are) I guess most of the iPhone users amongst you would have already installed the software.
Everyone I know using an iPhone has already done it without a hitch, it’s been long awaited and [...]
fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service.
Quick Info
FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data.
It supports some [...]
This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware.
The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place.
An obfuscated JavaScript meant [...]
Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time. [...]
If the FBI e-mail network can get owned by a virus, what hope does the average joe have when it comes to keeping their e-mail secure?
It must be pretty serious too if it actually forced them to shut down the Internet facing e-mail network, it seems like it was down for at least a week [...]
This is an old tool, but still useful. I saw someone asking for a tool to grab FTP files from the wire without using something like Wireshark, which brought me to this tool – FTPXerox.
FTPXerox grabs files that are transferred across the network using the FTP protocol. It was written to demonstrate the fact that [...]
It’s inevitable as Apple products become more and more popular they will get targeted by the bad guys. Count on more viruses, malware, exploits and rootkits for Apple Operating Systems.
They are a bit behind in the curve as they don’t have a formal security program and it’s unknown if they use secure development practices (they [...]
WEPBuster basically seems to be a toolkit that attempts to automate the tasks done by the various parts of the aircrack-ng suite.
The end goal of course is to crack the WEP key of a given Wireless network.
Features
The main part of this is the autonomous nature of the toolkit, it can crack all access points within [...]
It seems like another fairly critical flaw has been discovered in Microsoft Windows. It’s serious as it allows remote code execution, which basically means if you get hit with it your machine is owned.
It seems DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk. Windows Vista, Server 2008 and [...]
