Archive | 2014


30 October 2014 | 1,661 views

Serious Linux/UNIX FTP Flaw Allows Command Execution

A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client It’s a fairly unlikely set of circumstances however, and it […]

Continue Reading


27 October 2014 | 2,158 views

Arachni v1.0 Released – Web Application Security Scanner Framework

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application’s behaviour during the scan process and is able to perform meta-analysis using a number of factors in order […]

Continue Reading


25 October 2014 | 1,112 views

Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint

So the latest news is, don’t open any .ppt files if you aren’t entirely sure where they came from as there is a Microsoft Zero Day vulnerability in OLE (Object Linking and Embedding) handling in Microsoft Office that is currently being exploited in the wild by malicious Powerpoint slide decks. Not that anyone reading this […]

Continue Reading


23 October 2014 | 2,212 views

Pipal – Password Analyzer Tool

Pipal is a password analyzer tool that can rapidly parse large lists of password and output stats on the contents. Pipal will provide you with stats on things like the most frequently used password, password lengths, dates (months/days/years) or numbers used, the most common base words and much more. It also makes recommendations based on […]

Continue Reading


21 October 2014 | 2,518 views

Apple’s OS X Yosemite Spotlight Privacy Issues

So Apple pushed out it’s latest and great OS X version 10.10 called Yosemite, but it’s facing a bit of an uproar at the moment about some Spotlight privacy issues. For those who are not familiar, Spotlight is some kinda of super desktop search that searches everything on your computer (and now also the Internet) […]

Continue Reading


18 October 2014 | 2,482 views

RIPS – Static Source Code Analysis For PHP Vulnerabilities

RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced […]

Continue Reading


16 October 2014 | 3,588 views

Everything You Need To Know About POODLE SSLv3 Vulnerability

So yah, it’s been quite a year – not long after Heartbleed and then Shellshock we now have POODLE SSLv3 vulnerability. Yes, that’s right – POODLE. It is actually an acronym this time though, yay (Padding Oracle On Downgraded Legacy). Is it a huge risk? Not really as it doesn’t allow any type of remote […]

Continue Reading


14 October 2014 | 988 views

ThreadFix – Vulnerability Aggregation & Management System

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation […]

Continue Reading


10 October 2014 | 1,717 views

Retarded E-mails – Satilight Hacking, Website Cloning, Detailo & More!

It’s been a good 3 years since my last entry in this category and I’ve had a steady stream of retarded e-mails recently fit for posting. Plus I actually had 1-2 people e-mail me and tell me they missed the posts in the Retards category and that it always gave them a good laugh – […]

Continue Reading


08 October 2014 | 2,472 views

IPFlood – Simple Firefox Add-on To Hide Your IP Address

IPFlood (previously IPFuck) is a Firefox add-on created to simulate the use of a proxy. It doesn’t actually change your IP address (obviously) and it doesn’t connect to a proxy either, it just changes the headers (that it can) so it appears to any web servers or software sniffing – that you are in fact […]

Continue Reading