Archive | 2014


22 November 2014 | 78 views

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

So it’s been a while since we’ve talked about any flaws in WordPress – because usually they are pretty dull and require such an obscure set of circumstances, that they are unlikely to ever occur in the wild. The most recent time was this year actually, but was a DoS attack, which is not THAT […]

Continue Reading


20 November 2014 | 624 views

Sparty – MS Sharepoint and Frontpage Auditing Tool

Sparty is an open source Sharepoint and Frontpage auditing tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web […]

Continue Reading


18 November 2014 | 1,148 views

U.S. State Department Hacked

So the U.S. government has been getting fairly hammered lately with breaches/attacks hitting the White House, USPS (Postal Service) and NOAA. The latest victim of this onslaught has been the State Department, which had to totally shut down their email systems on November 14th after discovering various ‘areas of concern’. I wonder who’s going to […]

Continue Reading


15 November 2014 | 2,305 views

Kali Linux – The Most Advanced Penetration Testing Linux Distribution

So Linux Live CDs based around hacking or penetration testing used to be a super big deal, they died down a bit in the last few years. The king of the hill back in 2011 used to be BackTrack and the last time we mentioned it was when BackTrack 5 came out. This article is […]

Continue Reading


13 November 2014 | 2,375 views

Microsoft Schannel Vulnerabilty – Patch It NOW

So yah, it seems like every implementation of TLS is broken and some may say this Microsoft Schannel vulnerabilty is actually worse than Heartbleed. Why is it worse you ask? Because it allows remote code execution, which honestly – is about as bad as it gets. This is a critical update, a really, really critical […]

Continue Reading


11 November 2014 | 2,055 views

Radare – The Reverse Engineering Framework

Radare started out as a simple command line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks. It has evolved into a project that is composed of a hexadecimal editor as the central point of the project with assembler/disassembler, code analysis, scripting features, analysis and graphs of […]

Continue Reading


05 November 2014 | 712 views

Brakeman – Static Analysis Rails Security Scanner

Brakeman is a Rails security scanner – unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found. It […]

Continue Reading


03 November 2014 | 782 views

Facebook Allows Tor Access To Site

Facebook started out blocking users of the Tor network in 2013, but have recently had a change of mind and now Facebook allows Tor access to the site even providing a special .onion address for users of the network to directly connect to Facebook infrastructure. It’s an interesting decision as many of the Facebook ‘security […]

Continue Reading


31 October 2014 | 2,115 views

ZMap – Fast Open-Source Network Scanner

ZMap is a fast open-source network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the […]

Continue Reading


30 October 2014 | 1,626 views

Serious Linux/UNIX FTP Flaw Allows Command Execution

A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client It’s a fairly unlikely set of circumstances however, and it […]

Continue Reading