Archive | August, 2011


30 August 2011 | 16,650 views

Hackers Get Hold Of Wildcard Google SSL Certificate – Could Hijack Gmail Accounts

One of the big discussions points this week is about a wildcard cert for Google that has leaked out from a Dutch company called DigiNotar. The certificate is good for all Google domains – it’s a *.google.com cert. This is bad news and apparently has been in the wild for a while, some people are [...]

Continue Reading


29 August 2011 | 60,036 views

WebSurgery – Web Application Security Testing Suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injection, Cross [...]

Continue Reading


24 August 2011 | 15,571 views

Stealing ATM Pin Numbers Using Thermal Imaging Cameras

Now this is a really neat bit of hardware hacking, it’s been a while since we’ve reported on any kind of ATM Skimming or ATM Hacking stories. You may remember back in November 2010 – European Banks Seeing New Wave Of ATM Skimming or way back in 2008 when Pro ATM Hacker ‘Chao’ Gives Out [...]

Continue Reading


22 August 2011 | 12,614 views

Arachni v0.3 Released – Web Application Security Scanner Framework

It’s been a while since we last mentioned Arachni, it was back in February – Arachni v0.2.2.1 – Web Application Security Scanner Framework. For those who are not aware, Arachni is a fully automated system which tries to enforce the fire and forget principle. As soon as a scan is started it will not bother [...]

Continue Reading


18 August 2011 | 13,106 views

Collar Bomber Gets Owned By Word Metadata & USB Drive

There were other more technical and probably relevant stories to report on today, but for some reason I just found this story very odd and strangely fascinating. Now here a strange case, a man climbs into a young girls bedroom in the middle of the night, threatens her with a baseball bat and then chains [...]

Continue Reading


16 August 2011 | 11,938 views

Mediggo – Tool To Detect Weak Or Insecure Cryptosystems Using Generic Cryptanalysis Techniques

Mediggo is an opensource cryptanalysis library. This library implements generic cryptanalysis techniques to detect weak or insecure cryptosystems or learn and practice with cryptanalysis. This library is open source (LGPL licence) and written in C programming language. Samples and test cases are provided with each techniques: the solution is not always given to make people [...]

Continue Reading


12 August 2011 | 14,078 views

Android Phones (Possibly) Hacked At Defcon On CDMA & 4G (HSPA)

It seems like some major ownage was layed down at Defcon, I was very interested by the thread coderman posted in Full Disclosure earlier: DEF CON 19 – hackers get hacked! Especially when some people did chime in with supporting opinions and agreeing that it does seem like they got hacked. Basically someone setup some [...]

Continue Reading


10 August 2011 | 11,538 views

Agnitio v2.0 Released – Code Security Review Tool

It’s been a while since we’ve mentioned Agnitio, it was earlier this year in March: Agnitio v1.2 – Manual Security Code Review Tool. The author notified me of a new version that was recently released with quite a few additions. For those not familiar with it, Agnitio is a tool to help developers and security [...]

Continue Reading


09 August 2011 | 10,474 views

More Cyberterrorism – Taiwan Political Party Accuses China of Hacking

Well there hasn’t been a whole lot of news the last couple of days apart from the London riots – which don’t have much of a technical spin. The only technical part is that the looters/rioters etc seem to be organizing themselves using BBM (BlackBerry Messenger) and Twitter. The former being rather smart as it’s [...]

Continue Reading


05 August 2011 | 11,273 views

Websecurify – Integrated Web Security Testing Environment

Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web application security penetration [...]

Continue Reading