Archive | March, 2010


30 March 2010 | 11,155 views

PenTBox – Penetration Testing Security Suite

PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems. Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works. It is free, licensed under GNU/GPLv3. PenTBox Contains Cryptography tools Base64 Encoder & Decoder Multi-Digest (MD5, SHA1, SHA256, SHA384, [...]

Continue Reading


29 March 2010 | 9,323 views

Browser Fingerprints – How Unique Is Your Browser – Panopticlick

Now this is another interesting attack vector using little bits of data not many people consider. I have heard about this kind of technique before and considered how it’d be done myself. Finally someone has put together a public version of a tool that can tell you how unique your browser footprint is. As for [...]

Continue Reading


26 March 2010 | 8,240 views

Flint – Web-based Firewall Rule Scanner

Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can: CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic. ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules SANITY CHECK CHANGES to see if new rules create problems. Flint is absolutely free. [...]

Continue Reading


24 March 2010 | 7,400 views

Website Auto-complete Leaks Data Even Over Encrypted Link

I’m always fascinated by side-channel attacks where the attack is focused on the underlying architecture of the cryptosystem and the data echos it creates rather than the algorithm or implementation itself. Similar somewhat to the recent breaking of OpenSSL using power fluctuations. This time some researcher type fellas focused on the digital noise autocomplete webforms [...]

Continue Reading


22 March 2010 | 8,623 views

skipfish – Automated Web Application Security Reconnaissance Tool

The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation. To advance this goal, Google has released projects such as ratproxy, a passive security assessment tool. The latest is they have announced a new tool called skipfish – [...]

Continue Reading


18 March 2010 | 5,017 views

Vodafone Spain Distributing Mariposa Malware

Just a week after supplying an infected Android phone to a worker at Panda Security, Vodafone Spain has once again managed to pass out a malware infected HTC Magic phone to a researcher at S21Sec. The write-up on the Panda Research Blog, including technical analysis of the infector can be found here: Vodafone distributes Mariposa [...]

Continue Reading


16 March 2010 | 7,040 views

OWASP CodeCrawler – Static Code Review Tool

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few minor [...]

Continue Reading


15 March 2010 | 6,926 views

Google ’99.9%’ Certain To Shut Down Google.cn

There’s been a lot of controversy with China recently, a lot of which we have documented here. With the Aurora attacks targeting Google too and the attack code originating from China Google stopped censoring it’s Google.cn search engine and is now almost certainly pulling out of China. The latest report from the financial times is [...]

Continue Reading


12 March 2010 | 10,746 views

Vicnum – Lightweight Vulnerable Web Application

Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework involved, [...]

Continue Reading


11 March 2010 | 6,575 views

Zeus-related Botnet Servers Taken Offline

We wrote about Zeus a while back, a nasty trojan which can evade detection by Anti-virus software and is ranked as the number 1 trojan infector by numbers. About a week ok a massive sting operation took down large parts of the Mariposa botnet in Spain and the USA and the latest news is large [...]

Continue Reading