At last a new major release of Nmap!
If for some odd reason you don’t already know what Nmap is, it is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host [...]

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
This is everywhere today. Every major news site has this ‘magic’ number in it. Digg.com had stories with more than 24.000 diggs (that’s actually the first time I see that many).
In case you’ve been in a cave for the [...]

This is just a simple warning to all NMAP users out there. If you’re registered on the announcement mailing list you already now this, otherwise, heads up.
NMAP 4.20 has been released with something that looks promising. 2nd generation OS detection. The changelog is available here.
Enjoy!

With this simple tutorial I will explain how to install Nessus client (nessus) and Nessus Daemon (nessusd) and properly register it, so you don’t end up with the limitations of a non-registered version of the vulnerability scanner.
Installing:
I personally use apt-, however, you may choose any other package manager.
apt-get install nessus nessusd -y
This will install the [...]

This has just been posted to Bugtraq.
For now you can test if your version is vulnerable, here. (will cause Firefox to close)
So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.
The code used on the test page and the one submitted to Bugtraq can be found here.
Severity: [...]

CAPTCHA, acronym for “completely automated public Turing test to tell computers and humans apart” is used, most of the times at least, as an authentication mechanism. Not to prove your identity, but to do a much simpler job than that; to prove your a human.
With the bad guys always a step ahead (which is cool [...]

Get ready for a complete month of fun with H D Moore’s Month of Browser Bugs.
Quoting from Browser Fun blog:
This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser [...]

An interesting find made by John Hackenger surfaced today. For those of you familiar with MySpace, you’ll know that it uses ‘Bulletins’ to send a single message to multiple friends in your list.

Because the message is sent only to the people you have authorized to be on your list, sometimes you get a feel of [...]

No, it wasn’t Microsoft.com, still, a very cool hack.
Microsoft France suffered an attack by a Turkish group, going by the handle of TiTHacK. You can check TiTHacK ‘profile’ over at Zone-H. By the looks of things, he has been really busy today.

At the time of this writing, the site still hasn’t been fixed. However, [...]

Following Darknet post regarding SyScan’06, I decided to make a little resume of the most important security events all around the world.
Unfortunately we won’t be able to go, so all the pictures are welcome. (-:
If there’s any missing do let us know.
Recon 2006 – WWW – 16 June to 18 June 2006 – Plaza Hotel [...]

In my opinion, the best way to keep clean of spam is simple:
The first rule is NEVER reply to spam, NEVER click the unsubscribe link and NEVER e-mail to the unsubscribe address.
These are simply underhand tactics to get ‘active’ e-mail addresses.
Some other tips to avoid getting spammed in the first place:

1) Never use your [...]

If you receive a e-Mail alert of a new patch for your Windows XP OS, think again before opening the link present on the message.
The spammed emails, which purport to come from patch@microsoft.com, claim that a vulnerability has been found ‘in the Microsoft WinLogon Service’ and could ‘allow a hacker to gain access to an [...]

I know this maybe old news for some of you, however, I just got the chance of reading this great article on Security Focus (it’s been 2 weeks since I add it to my Favorites)
This two part article discusses some good points of Cryptology, more precisely in the field of Cryptovirology.

Writing a virus is just [...]

We all knew it was just a matter of time until the ‘thing’ was out.
PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP.

Microsoft confirmed today the existence of this vulnerability and apparently [...]

A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day!
Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the handle of [...]

SecureDVD is a DVD with the 10 Best Security related Live CD’s.
Yes that’s right, they authored this DVD based on the recommendations made by Darknet!

Now you can have all your favorite CDs ‘compiled’ into a single DVD. I love this idea.
SecureDVD is available to download, but due to it’s size, only in BitTorrent. You can [...]

Well the original Gouki (also known as Akuma) is a character from the Street Fighter game series. I started using this handle approximately 10 years ago, when I was a big fan of the game.
The Gouki behind the keyboard
Personal Homepage
I was born in Portugal and unfortunately, that’s where I currently live. Lisbon, to be accurate. [...]