It was 2008 when the UK government originally proposed disconnecting pirates from the Internet, then a few months later Australia followed suit.
The latest is that it’s really going to be legislated and will come into force by April 2010 under the Digital Economy Bill.
I’ve noticed this trend picking up lately, a few companies are adopting [...]
KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition [...]
Facebook has had a fair share of problems, being a large community of course it’s going to be a ripe target for spammers, scammers and malware distributors.
The latest to hit is a spam e-mail claiming to be from the Facebook team that actually spreads a nasty piece of malware called Bredolab. It’s also been observed [...]
Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question.
We [...]
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent [...]
It’s been almost 2 years since the last update on Nikto, which was version 2.
For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over [...]
Ah it’s that time of the year again when all the back to skoolers have some mad l33t knowledge and wanna h4×0r the planet or something.
Hmmm website hacking, sounds simple eh?
thriller wrote:
hai i would like to know website hacking how?……… sedn to my mail
Ok I’m following up up to the exploding part? Not quite sure [...]
origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
Features
Create PDF [...]
This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’.
It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can do to ensure user [...]
The Naptha vulnerabilities are a type of denial-of-service vulnerabilities researched and documented by Bob Keyes of BindView’s RAZOR Security Team in 2000. The vulnerabilities exist in some implementations of the TCP protocol, specifically in the way some TCP implementations keep track of the state of TCP connections, and allow an attacker to exhaust the resources [...]
This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).
I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like [...]
VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, Netcat, Hydra, Hping2 etc.
This distribution is a work in progress. If you [...]
Now this should be interesting, perhaps they should turn it into a hacking based reality TV show? From the description though it looks more centered around defense than offense and perhaps should be called ‘System Administrator Idol’.
Not quite so catchy though is it.
Well at least they doing something to try and nurture talent in the [...]
This little, but very useful program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network ( or others), for example hosts that allow p2p connections.
Explanation
When we use a Gateway, we send the packets with IP destination of the [...]
AVG used to be THE anti-virus software a few years ago, especially with it being the first major vendor offering a free solution for home users.
If you asked any techie back in 2002 which AV should you use, the answer would invariably be AVG free (or perhaps Panda).
After that AVG just got bloated, slow and [...]
We’ve only mentioned one HIDS before, that was OSSEC HIDS, so I thought I’d do some updates on the others.
Samhain has always been one of my favourites, before that of course I was using Tripwire like everyone else.
The Samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well [...]
Another reason for Windows users to hate the Microsoft Patch Tuesday policy,
The exploit isn’t 100% reliable but it’s still fairly significant in my eyes as it is a critical vulnerability and can be used for code execution.
Vista isn’t the most popular OS still so perhaps Microsoft don’t the threat being that wide as the [...]
