Archive | October, 2011


27 October 2011 | 11,170 views

Facebook Attachment Uploader Owned By A Space

Oh look – another vulnerability in Facebook! It wasn’t long ago we reported New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking. Well this time the private messaging function has been compromised, you can attach an executable and send it to anyone as long as you put a space after the filename. It’s not [...]

Continue Reading


24 October 2011 | 25,427 views

THC SSL DoS/DDoS Tool Released For Download

THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this [...]

Continue Reading


20 October 2011 | 12,607 views

German Federal Trojan (0zapftis/Bundestrojaner) Eavesdrops On Skype, IE, Firefox, MSN Messenger & More

It’s always good to have some news about government conspiracy theories, or in this case government propagated malware. The last case I remember reporting on was – Tunisia Running Country Wide Facebook, Gmail & Yahoo! Password Capture. Now whilst we wouldn’t quite expect that kind of oppressive behaviour from a country like Germany, they do [...]

Continue Reading


18 October 2011 | 21,807 views

winAUTOPWN v2.8 Released For Download – Windows Auto-Hacking Toolkit

I wanted to post this a while back, but the site (and thus the download) was down again – it seems to be a common occurrence. Someone get this guy some proper hosting! winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP [...]

Continue Reading


17 October 2011 | 11,678 views

The U.S. Department of Defense Hit With $4.9B Lawsuit Over Data Breach

We haven’t published anything about the Defense Department for a while, the last news really was the whole RSA SecurID thing which affected some of the US DoD sub-contractors. The latest news is they’ve been hit with a colossal lawsuit of almost $5 Billion! The lawsuit is regarding a recent breach involving a healthcare system [...]

Continue Reading


14 October 2011 | 14,186 views

CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE aims to guarantee are the following: an [...]

Continue Reading


12 October 2011 | 9,838 views

VeriSign Demands The Power To Take Down Websites/Domains

I was scanning the news today, and nothing much was going on. There were some half-arsed stories about Anonymous and LulzSec – but nothing really worth writing about. And then, and then I spotted this, which quite frankly scares the shit out of me. As much as it may well have a use in law [...]

Continue Reading


11 October 2011 | 9,505 views

File Disclosure Browser – Tool To Explore .DS_Store Files

The File Disclosure Browser takes .DS_Store files found on websites and parses through them to find a list of all potential files in the directory. It can then either just display the URLs for the files or if you give it a proxy it can browse to the files itself. The author wrote it after [...]

Continue Reading


10 October 2011 | 16,956 views

New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking

Oh look, Facebook security (or insecurity) is in the news again – not that this technique is anything revolutionary or ground-breaking. It’s basically a HTTP referer detection system for the Facebook URL scanner (the thing that generates the preview/thumbnail etc for links posted to Facebook). By detecting it, you can feed it something benign – [...]

Continue Reading


06 October 2011 | 9,665 views

CIAT – The Cryptographic Implementations Analysis Toolkit

The Cryptographic Implementations Analysis Toolkit (CIAT) is a compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable). It is particularly helpful in the forensic analysis and reverse engineering of malware using cryptographic code and encrypted payloads. This was [...]

Continue Reading