Archive | January, 2010


13 January 2010 | 4,955 views

GFI EventsManager – Event Monitoring, Archiving & Management

You may remember a while back we reviewed the latest update of GFI LANguard 9, another powerful product developed by GFI is EventsManager. Managing, archiving and monitoring logs and SNMP traps for a whole network can be a bit of a logistical nightmare, that’s where products like this come in. Commonly they are known under [...]

Continue Reading


12 January 2010 | 5,543 views

Microsoft Preps Windows Security Fix for Patch Tuesday

Many users are expecting a patch for the Microsoft IIS Semicolon Bug, but from the recently published bulletin by Microsoft it seems that is highly unlikely during this patch cycle. Microsoft Security Bulletin Advance Notification for January 2010 It seems they will only be pushing out a fairly low priority fix which is rated critical [...]

Continue Reading


11 January 2010 | 6,367 views

WAFP – Web Application Finger Printing Tool

How it works? WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version and even the build number of a Web Application. In detail? A [...]

Continue Reading


08 January 2010 | 5,008 views

Active Exploitation Of Unpatched PDF Vulnerability

Fairly wide-spread attacks based on the latest vulnerability in Adobe PDF Reader have been spotted by Symantec, they appear to be variants on old attacks but still can be very effective. It’s not the first time this has happened, back in February 2009 Hackers targeted a 0-day exploit in PDF Reader. With one variant of [...]

Continue Reading


07 January 2010 | 4,928 views

YASAT – Yet Another Stupid Audit Tool

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut). It do many tests for checking security configuration issue or others good practice. It checks many software configurations like: Apache PHP kernel MySQL OpenVPN Packages [...]

Continue Reading


06 January 2010 | 9,540 views

2010 Bug Wreaks Havoc In Germany

This was pretty unexpected for most people, the Y2K bug was so over-hyped then nothing really happened. Then suddenly 2010 comes and everything goes haywire! The first big news that struck was Spam Assassin which included all versions of cPanel, it started rejected almost all e-mails due to a bug in the spam detection rules [...]

Continue Reading


05 January 2010 | 16,475 views

fimap – Remote & Local File Inclusion (RFI/LFI) Scanner

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable. Features Check a Single URL, List of URLs, [...]

Continue Reading


04 January 2010 | 5,045 views

Researcher Uncovers XSS Flaws In Twitter and Google Calendar

More flaws discovered in Twitter and Google Calender during the holiday season. Once again XSS flaws have been discovered in popular web apps, but at least they were reported and not used nefariously this time. Fixes have been issued promptly by both Google and Twitter so there is not much cause for concern this time [...]

Continue Reading