Archive | 2014


14 July 2014 | 4,583 views

Password Manager Security – LastPass, RoboForm Etc Are Not That Safe

We’ve talked a lot about using a password manager to secure, generate and manage your passwords – way back since 2008 when we introduced you to the Password Hasher Firefox Extension. Since then we’ve also mentioned it multiple times in articles where plain text passwords were leaked during hacks, such as the Cupid Media hack [...]

Continue Reading


09 July 2014 | 3,104 views

dirs3arch – HTTP File & Directory Brute Forcing Tool

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started

You [...]

Continue Reading


07 July 2014 | 2,812 views

Hacking Your Fridge – Internet of Things Security

So one of the latest fads is IoT or the Internet of things phenomena which has been talked about for a while (especially since the discussion of IPv6 started), IoT is connecting physical items to the Internet and giving them some kind of IP (be in NAT or a proper IPv6 address). This enabled you [...]

Continue Reading


04 July 2014 | 4,247 views

ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want [...]

Continue Reading


02 July 2014 | 1,945 views

Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have [...]

Continue Reading


27 June 2014 | 2,875 views

Dradis v2.9 – Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: Information discovery Exploit useful information Report the findings But penetration testing is also about sharing the information you and your teammates gather. Not [...]

Continue Reading


25 June 2014 | 3,106 views

Hackers Recreate NSA Snooping Kit Using Off-the-shelf Parts

So some curious hardware hackers grabbed the leaked catalogue that detailed the hardware involved in the NSA Snooping Kit, and have recreated some of the ‘high-tech’ top secret tools with off-the-shelf parts and items that can be bought from Kickstarter. I mean some of it seems pretty simplistic though, a monitor mirror and a hardware [...]

Continue Reading


23 June 2014 | 1,463 views

Codesake::Dawn – Static Code Analysis Security Scanner For Ruby

Codesake::Dawn is a source code scanner designed to review your code for security issues. Basically a static analysis security scanner for ruby written web applications. Codesake::Dawn is able to scan your ruby standalone programs but its main usage is to deal with web applications. It supports applications written using majors MVC (Model View Controller) frameworks, [...]

Continue Reading


20 June 2014 | 3,048 views

Source Code Hosting Service Code Spaces Deleted By Hacker

There’s been a LOT of noise about this incident in the past day or two, the very definition of a cloud nightmare. Git/SVN & Project Management SaaS Code Spaces has been hacked and completely deleted by a hacker. It started off with a large scale DDoS attack (the likes of which Feedly and Evernote have [...]

Continue Reading


18 June 2014 | 1,807 views

Don’t Get Hacked – Have A Free Acunetix Security Scan

The recent Heartbleed vulnerability has highlighted the urgent need for more network level security scanning. In view of this, Acunetix has announced that it will be offering 10,000 users a Free Acunetix Security Scan with the Acunetix Online Vulnerability Scanner (OVS) in a bid to make it easier for businesses to take control of their [...]

Continue Reading