Archive | 2014


13 September 2014 | 2,587 views

Google DID NOT Leak 5 Million E-mail Account Passwords

So a big panic hit the Internet a couple of days ago when it was alleged that Google had leaked 5 Million e-mail account passwords – and these had been posted on a Russian Bitcoin forum. I was a little sceptical, as Google tends to be pretty secure on that front and they had made […]

Continue Reading


11 September 2014 | 2,813 views

Lynis v1.6.0 Released For Download – Linux Security Auditing Tool

Lynis is an open source linux security auditing tool. The primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional! It’s a great tool for […]

Continue Reading


08 September 2014 | 774 views

Twitter Bug Bounty Official – Started Paying For Bugs

So the Twitter bug bounty program is now official, they are actually paying – and not a bad amount too. A minimum of $140 for a confirmed bug with no defined maximum. This includes the Twitter website itself and any sub-domain (mobile, ads, apps etc), and the official mobile apps for iOS and Android. It’s […]

Continue Reading


03 September 2014 | 3,198 views

BurpSentintel – Vulnerability Scanning Plugin For Burp Proxy

BurpSentintel is a plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. […]

Continue Reading


02 September 2014 | 6,631 views

Massive Celeb Leak Brings iCloud Security Into Question

So this leak has caused quite a furore, normally I don’t pay attention to this stuff – but hey it’s JLaw and it’s a LOT of celebs at the same time – which indicates some kind of underlying problem. The massive list of over 100 celebs was posted originally on 4chan (of course) by an […]

Continue Reading


29 August 2014 | 3,849 views

IronWASP – Open Source Web Security Testing Platform

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the […]

Continue Reading


27 August 2014 | 1,259 views

Twitter Patents Technique To Detect Mobile Malware

So it was discovered that Twitter has been granted a patent which covers detection of mobile malware on websites to protect its user base. The patent was filed back in 2012, but well – as we know these things take time. The method is something like the technology Google uses in Chrome to warn you […]

Continue Reading


23 August 2014 | 2,491 views

Garmr – Automate Web Application Security Tests

Garmr is a tool to inspect the responses from websites for basic security requirements. It includes a set of core test cases implemented in corechecks that are derived from the Mozilla Secure Coding Guidelines which can be found here: https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines The purpose of this page is to establish a concise and consistent approach to secure […]

Continue Reading


20 August 2014 | 1,466 views

Heartbleed Implicated In US Hospital Leak

If you’ve been up on your news consumption in the past week or so, you’ll have read about the Chinese hackers who managed to access 4.5 million patient records in a huge US Hospital Leak. Community Health Systems hacked, records of nearly 4.5 million patients stolen Now it turns out, the first entry for this […]

Continue Reading


18 August 2014 | 4,315 views

Passera – Generate A Unique Strong Password For Every Website

We’ve discussed password storage/generation solutions quite often, especially in the news stories about hacks and plain text password leaks, here’s a tool for the more paranoid who don’t want to store their passwords locally or in the cloud. Passera is a simple tool written in Go that allows users to generate a unique strong password […]

Continue Reading