Archive | June, 2010


16 June 2010 | 7,507 views

iPhone 4 Pre-Order System Exposes Customer Data

The big talk over the past weekend was about this, the AT&T system for recording pre-sales records for the new Apple iPad exposed account information. I didn’t think it was a big deal until they did something similar again today with the iPhone 4…the second time in one week – that must be some kind […]

Continue Reading


15 June 2010 | 10,549 views

Onapsis Bizploit – ERP Penetration Testing Framework

Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of […]

Continue Reading


14 June 2010 | 17,964 views

Microsoft Installs Firefox Add-on Without Asking During Recent Patch Tuesday

It’s not the first time Microsoft has had some issues with Firefox and add-ons they installed on users machines through Windows Update. Back in October of last year, Mozilla forcefully disabled a .NET add-on as it was causing ‘instability’ rather a security/vulnerability issue. I did notice the issue with my own Firefox and also noticed […]

Continue Reading


10 June 2010 | 9,118 views

Samurai Web Testing Framework v0.8 Released – Pen Testing Security LiveCD

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. It’s been quite a while since the latest fairly major update of SamuraiWTF (around a […]

Continue Reading


09 June 2010 | 9,697 views

Microsoft Patches At Least 34 Bugs Including Pwn2Own Vulnerability

What a massive mother-load of patches Microsoft has unleashed on this month patching more than 34 security vulnerabilities including the fairly high profile vulnerability exploited at the Pwn2Own contest earlier this year in April. Good news as long as all the average Internet users actually use Windows Update and install the latest patches, which somehow […]

Continue Reading


08 June 2010 | 8,103 views

Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool

Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist. Usage

You can view a demo of the tool enumerating Facebook sub-domains on Youtube here: Facebook and Knock v.1.2 Knock works on Linux, Windows and MAC OSX with a python version 2.6.x (or minor). Requirements Python version 2.6.x […]

Continue Reading


04 June 2010 | 5,304 views

FTC Cracks Down On Spyware Seller CyberSpy Software

Well this case has taken a while but the FTC won in the end and reached a settlement two years after halting the company from selling it’s “100 per cent undetectable” commercial keylogging application. It’s interesting to see court cases that venture into the grey area of ethics, I think the main problem stemmed from […]

Continue Reading


03 June 2010 | 8,634 views

sectool – Security Audit Tool & IDS

sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels. Security Levels Naive […]

Continue Reading


01 June 2010 | 13,306 views

iPhone Security Flaw – Using a PIN Won’t Protect Your Data

Now it wasn’t long ago when the first malicious iPhone worm appeared in the wild and well generally since the boom of the device people have looking at the security measures. Huge sales are made to corporates touting the security, privacy and encryption features of the iPhone OS. The latest discovery is that using a […]

Continue Reading