Archive | January, 2010


28 January 2010 | 9,860 views

Groundspeed 1.1 – Web Application Security Add-on For Firefox

Groundspeed is an open-source Firefox extension for web application security testers presented at the OWASP AppSec DC 2009. It allows you to manipulate the web application’s user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration test. What can I do with Groundspeed? Groundspeed allows you to modify the [...]

Continue Reading


27 January 2010 | 12,061 views

Playstation 3 (PS3) Finally Hacked & Exploit Released

Ah finally some proof of the mythical Playstation 3 exploit released publicly. Sadly as always the lack of sales on the PS3 can be partially attributed to the lack of a homebrew scene (aka ability to pirate games). There have been rumours and some speculation about the PS3 finally being exploited with news breaking earlier [...]

Continue Reading


26 January 2010 | 9,427 views

Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool

Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer. Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the modules it uses are extensible but also highly integrated into the core. bf3 can be used via command line to set all necessary flags for each fuzzing operation. After initialization, bf3 creates test [...]

Continue Reading


25 January 2010 | 7,657 views

Websense Offers Facebook Users Free ‘Firewall’ Service

There have been quite a few security concerns with Facebook, especially with the amount of personal information it collects on it’s users. Of course there is Koobface and it’s many variants which have been propagating all kinds of spam through Facebook wall posts and messages. I’m glad someone is offering a solution for free, yes [...]

Continue Reading


22 January 2010 | 9,949 views

Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility. Burp Suite [...]

Continue Reading


21 January 2010 | 7,936 views

Microsoft Releases Out-Of-Band Patch For IE 0-Day Vulnerability

Ah Microsoft is treating this one seriously after France and Germany advised users to avoid IE. The current strain being exploited only targets IE6 users, but one security company has developed an exploit for IE8 which also bypasses DEP (Data Execution Prevention). It was rumoured this was the exploit used last week to compromise Google [...]

Continue Reading


20 January 2010 | 13,088 views

BackTrack Final 4 Released – Linux Security Distribution

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and [...]

Continue Reading


19 January 2010 | 6,383 views

IETF Completes Vulnerability Fix For SSL Renegotiation Bug

You should remember the SSL Renegotiation bug from last year that was used to successfully attack twitter. Finally IETF have come out with a fix for the issue, it’s natural it has taken some time as it’s a flaw in the actual protocol itself not in any specific implementation (which is usually the case). The [...]

Continue Reading


18 January 2010 | 8,731 views

Microsoft SQL Server Fingerprint Tool – BETA4

This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server. The “Microsoft SQL Server Fingerprint [...]

Continue Reading


15 January 2010 | 13,679 views

Former Dark Market Admin Faces 10 Year Jail Sentence

You may remember a while back in 2008 it was uncovered (at least publically) that DarkMarket was actually an FBI Sting Operation. Insiders had apparently known since 2006 that one of the admins was actually an undercover FBI agent. Countless cases have gone to court with the evidence and contacts gathered in the DarkMarket forums. [...]

Continue Reading