Archive | November, 2010


30 November 2010 | 9,505 views

Windows Vista & Windows 7 Kernel Bug Can Bypass UAC

Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against […]

Continue Reading


25 November 2010 | 13,185 views

BlackSheep – Detect Users Of FireSheep On The Network

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep. There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that […]

Continue Reading


24 November 2010 | 17,451 views

SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud

It’s not the first time someone has pulled this off, back in November 2009 we wrote about Using Cloud Computing To Crack Passwords – Amazon’s EC2. Add that with a story way back from 2007 – Graphics Cards – The Next Big Thing for Password Cracking? – and you’ve got yourself an interesting combo with […]

Continue Reading


22 November 2010 | 17,924 views

CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer

The Cryptohaze Multiforcer is a high performance multihash brute forcer with support for per-position character sets, and very good performance scaling when dealing with large hash lists. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes […]

Continue Reading


19 November 2010 | 15,271 views

European Banks Seeing New Wave Of ATM Skimming

ATM hacking and skimming were often in the news a few years back, but since the banks ramped up the security on ATM machines – including anti-skimming devices – ATM fraud activities seemed to drop off. Remember the Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips and a bunch of people getting busted not […]

Continue Reading


18 November 2010 | 46,860 views

Crunch – Password Cracking Wordlist Generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Some other options are: The Associative Word List Generator (AWLG) – Wordlists for Password Cracking CeWL – Custom Word List Generator Tool for Password Cracking RSMangler – Keyword […]

Continue Reading


17 November 2010 | 14,737 views

TDL AKA Alureon Rootkit Now Infecting 64-Bit Windows 7 Platform

As we’ve come to expect, the malware guys are always at the leading edge of technological development. Now there are rootkits infecting 64-Bit versions of Windows, which have been thought of as fairly safe by most parties. The rootkit in questions is a fairly well known variant (TDL/Alureon) and has been around for several years, […]

Continue Reading


15 November 2010 | 23,975 views

Katana v2 (y0jimb0) – Portable Multi-Boot Security Suite

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, […]

Continue Reading


12 November 2010 | 8,481 views

PGP Users Locked Out With Latest OS X Update

For the past day or so I’ve been seeing endless people tweeting about how the latest Mac OS X update b0rks your Mac if you are using PGP full disc encryption. It’s a pretty nasty bug, but thankfully it can be recovered from fairly easily. If you are just looking for a quick solution, you […]

Continue Reading


11 November 2010 | 10,879 views

ddosim v0.2 – Application Layer DDOS Simulator

DDOSIM simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, DDOSIM starts the conversation with the listening application (e.g. HTTP server). Can be used only in a laboratory environment to test the capacity of the target server to handle application specific DDOS attacks. […]

Continue Reading