This story actually gave me a lot of LULZ, how stupid can you be seriously? Man this guy made so many mistakes for someone so paranoid (he had a web cam setup outside his appartment door so he could see who was coming)..
But then he exposed his IP address on IRC, posted his face on [...]

A while back it was all over the blogs and Twitter that Amazon had somehow demoted Gay and Lesbian themed books to keep them from showing up in searches.
There was outrage from all the civil rights folks especially in the LBGT camp (rightfully so if it was true).
After that the rumour started the manipulation was [...]

It seems like there is some serious hacking going on, attacks on power stations and industrial control systems.
You’d think most of these systems would be offline, or at least behind a solid DMZ. But as we’ve seen before they often get exposed by people plugging into the LAN then accessing the net through dial-up or [...]

So it seems something big was brewing with Conficker, they just didn’t want to do what everyone expected and unleash it on April 1st when all eyes were on them.
Smart move really, they kept quiet and waited a week or so after before dropping some fairly serious and complex payloads (encrypted rootkits).
It seems like they [...]

It’s seems like a new hacker is in the sights of the US Government, this time it’s Ehud Tenenbaum AKA ‘The Analyzer’.
He seems to have been quite sloppy about covering his tracks and remaining under the radar, he acts as if no-one can get him. Perhaps he knows something we don’t?
Anyway he’s firmly under investigation [...]

What is Native Client?
Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. We’ve released this project at an early, research stage to get feedback from the security and broader open-source communities. [...]

The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.
For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived [...]

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any [...]

This is more of a tool for the information security professional amongst us, those working in a team carrying out web application audits, penetration tests and vulnerability assessments.
It’s useful for a team to use a tool like dradis so everyone is on the same page and the progress and segregation of responsibility can easily be [...]

Isn’t it amazing in this day and age an entire country can be knocked offline by Denial of Service attacks! You’d have though it wouldn’t happen any more.
I do remember the days when it was fairly easy to take one of the smaller ISPs out in UK, so I guess the infrastructure of some developing [...]

We’ve been following the case of the ‘NASA Hacker’ Gary McKinnon since it started in April 2006 when we reported the British Hacker Gary McKinnon Fears Guantanamo.
So you can see the case has been going on for quite some time, the most recent news we published about it was UK Hacker Gary McKinnon Loses Appeal [...]

This is a very complete list, probably the most complete one I’ve seen and it includes pictures – pictures of people who rarely have their pictures taken or allow them out on the Internet.

The list is according to the proper original definition of a Hacker, as taken from the New Hacker’s Dictionary:

A person who enjoys [...]

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.
This application is more towards creating [...]

We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform.
There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following.
Due to the large update of Twitter, the amount of datable available [...]

You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years.
We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has been slammed [...]

Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy by [...]

I found an interesting article today which sums up most of the acryonyms involved in wireless networks and wireless security and explain them all in brief.
It may clear things up for some people who get overwhelmed by all the jargon, especially with the recent news hitting the mainstream about WPA being partially cracked.

Users have every [...]

Another teen hacker in the news, this guy looks like he has some formidable skills though with the list of crimes he’s perpetrated.
He’s pleaded guilty though, so he should get a reduced sentence and he’s still classified as a juvenile offender being only 17 – so that works in his favour too.

A juvenile hacker with [...]

This is an interesting story, I’ll be watching how it develops – it’s not often you see a bounty for online crimes and especially one as enticing as 1 million dollars!
That’s a hell of a sum for nailing down some dodgy hackers who are running an extortion scam after a data leak.
I really wonder where [...]

Robert Tappan Morris is a character of Internet lore, anyone who has studied Computer Science, Software Engineering or Computer Security will have heard of this guy.
He’s pretty much the fellow that made the Internet famous (for all the wrong reasons) and the first creator of a bit of self-replicating network based malware (now known as [...]

Sam Spade is one of the oldest network security tools around in terms of a neat package containing a lot of stuff you need, it’s one of the first things I used when I got into information security and I was on a crusade against spammers and scammers.
It has all kinds of useful tools in [...]

Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based [...]

This is another oldskool tool, but still relevant! TCP and UDP still work in the same way and firewalls/edge devices are still often configured wrongly.
Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or [...]

I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform, there also seems to be an auto follow vulnerability that spammers would love.
Do you remember Myspace and samy with 900,000 friends? Now we have johng77536 on Twitter!

Last week, TechCrunch’s Jason Kincaid wrote about an [...]

So the latest news with the Gary McKinnon case that was he was trying to fight against Extradition, he started off with Appeals against US Extradition, then he Won The Right to Lords Appeal Extradition Hearing and then he lost the Lords case then went for the European Court.
Sadly it seems he lost his appeal [...]

Another one bites the dust, this time for spying on a teenage girl via webcam. 4 years is a reasonable sentence this time I think as the case borders on many offenses such as blackmail, indecent behaviour, infringement of privacy, unlawful access and probably a few more.
It was a pretty simple hack as it goes, [...]

In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development.
He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for the [...]

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.
A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain [...]

Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP.
It’s aiming to be a more automated method for testing Web Application Security.

Features

User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS by the user. [...]

If you don’t know, BackTrack is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is [...]

It just goes to show, however smart you think you are…don’t bother trying to wreck someones data. In this case, even if the guy was pissed it was highly responsible as it involved medical records and could actually seriously effect someones life.
He was pretty careful but left a few clues behind, more than enough for [...]

Now this isn’t a new tool, and it’s not quite up to date as the author hasn’t updated it for a while – but it’s still exceedingly cool!
As you know most IP addresses are registered to companies or organizations in blocks, so you can identify which network an edit is coming from as Wikipedia logs [...]

Another big heist in the US netting a whole lot of juicy information on credit and debit cards, over half a million USD lost in this case alone. There’s a whole lot of fraud going on..
Not bad for fiddling with the cash register system of a restaurant chain. It just shows, anyone dealing with finanical [...]

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted [...]

So a new initiative – the Open Source Computer Emergency Response Team known as oCERT has been set up one of the main sponsors being Google (read more here – Contributing to Open Source Software Security).

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or [...]

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit [...]

It seems like Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services.
It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a [...]

This is pretty interesting – US, UK, Canada, Australia and New Zealand are taking part in a fictitious cyberwar as an exercise to prepare and plan for sustained cyber attacks including some of which have actually caused power outages.
I personally think it’s a great idea, I must have missed Cyber Storm I as this is [...]

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and [...]

Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a porn site!
This is just what happened to Perl.com a few days ago.

Visitors to Perl.com, the O’Reilly Media-owned [...]

Ah I remember some of the nastiest viruses back in the day attaching themselves in the MBR (Master Boot Record) rendering most anti-virus software useless (as it sits on top of the OS).
Now it seems MBR infection is back in fashion for a new age of rootkits.

Security mavens have uncovered a new class of attacks [...]

It’s that time of the year, our annual christmas present – the Sans Top 20 Vulnerabilities for 2007.
The SANS Top 2007 list is not “cumulative.” We include only critical vulnerabilities from the past year or so. If you have not patched your systems for long time, it would be wise to patch the vulnerabilities listed [...]

Apple has admitted that is has at LEAST three serious design weaknesses in it’s new application based firewall being rolled out with Mac OS X ‘Leopard’.
It comes (somewhat oddly) only 24 hours after a Mac OS X security update that fixed 41 OS X and Safari security vulnerabilities.
Previously independent researchers proved that Apple’s claim that [...]

As mentioned in the previous FireCAT 1.1 post, FireCAT 1.2 was released last month.
If you aren’t aware, FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions.

Changes for FireCAT 1.2

Renamed subcategory “Social Engineering” to “Data mining”
Bibirmer updated location (thanks to Zagrodzki Krzysztof from Telekomunikacja Polska)
Enhanced History Manager (to new subcategory Misc [...]

This has been floating around for a while and you might have noticed a warning on some German based security sites that they’ve had to move their tools due to this new legislation known as 202(c) – a couple of examples are KisMAC and Phenoelit.
Basically the new law prohibits manufacturing, programming, installing, or spreading software [...]

This case has been going on for a while but obviously hush hush, being that it is the largest breach of customer data in U.S. History. The details of the case have only started emerging in the last couple of months.
Information Week published a good article covering what has been going on recently.
Amazing the amount [...]

Seen as though we get a lot of searches for PSP firmware updates and information about homebrew, I thought I’d post about this which popped up a few months ago.
In what undoubtedly will be remembered as a historic and life-changing event for PSP enthusiasts everywhere, a group of coders (Noobz and [...]

After the recent fiasco about the Pentagon being Hacked by Chinese Military another few governments have piped up with information about cyber surveillance by China.
The latest is France.
It seems like right now china has it’s fingers in many pies.

France has become the fourth country to speak out against hackers in China [...]

Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

EtherPEG was a program that sniffed for JPEGs passing by on the AirPort networks at MacHack, and showed them on the huge screen [...]

The details are still a bit shaky, but this news has been making the rounds.
Apparently the the hack attack in June on the Pentagon may have been carried out by the Chinese Military (People’s Liberation Army).

One senior US official said the Pentagon had pinpointed the exact origins of the attack. Another person familiar with the [...]

A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.
This was less than a month after Technet got owned.
I don’t think they are ever going to lay [...]

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework.

FireCAT comes from “Firefox Catalog of Auditing Toolbox”
Changes for FireCAT 1.1
+ Category Network Utililies
- Added ffsniff to subcat “Sniffers”
- Added CrossFTP to subcat FTP (thanks to Benjamin [...]

KGB Keylogger from Refog Software is a decent light weight Key Logger.
KGB Keylogger is a multi-functional keyboard tracking software that is widely used by both regular users and IT security specialists for tracking the key strokes typed on a given machine.

KGB Keylogger Features at a Glance

Stealth mode and visible mode of work;
Logs keyboard input, including [...]

Teredo is a platform-independent protocol developed by Microsoft, which is enabled by default in Windows Vista. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some [...]

Elcomsoft is quite a well known firm when it comes to password ‘recovery’, I have used their products in the past when I was in a fix and I needed a password that had been, you know…lost.
They rose to fame in 2001 after cracking Adobe’s eBook format.
Recently they announced a fairly serious backdoor in Quicken [...]

Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.
Remember kids if a deal is too good to be true…it isn’t.

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings [...]

Some light entertainment for once.
You all leet.
The government better watch out, RAMZI IS IN THE HIZZOUSE.

I thanksyou all.
Phew.

The Pentagon got owned pretty hard with 1,500 accounts being taken offline due to a hack attack. For once however they did admit the incident and didn’t try to cover it over or brush it off.
I guess the amount of attacks they get is exponentially more than other networks…but still, I would have thought they [...]

This is some pretty interesting news, rather than trying to cover things up like normal during July the Philippine government will be soliciting hackers to test the security of their Internet voting system.
I think it’s a great initiative from the International Foundation for Electoral System.

Local and foreign computer hackers will be tapped to try and [...]

An interesting snippet from last month, AOL seems to have a strangely configued password system.
Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters.

A reader wrote in Friday with an interesting observation: When he [...]

Ah, FBI slammed again, it’s not the first time this has happened.
Remember when a Consultant Breached FBI’s Computers?
It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN.

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls [...]

Or half-open scanning technique is the first of three to come series about stealth scanning… The other two are Xmas/Fin/Null and idle/zombie scan techniques…
Intro
This is a series of three to come articles about stealth scanning, everything that I am going to present is hping oriented so if you want to learn this techniques you’d better [...]

Basically Ubuntu Ultimate Edition is Ubuntu Edgy Eft with a whole lot of software pre-added.
Sadly the author had to removed Java, Flash and Acrobat reader due to licensing agreements. But don’t worry as there is a custom repository in the release which includes all of these and much more.

SMP Support (dual core CPUS) / works [...]

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.
ISSUE 1.10 (February 2007) – DOWNLOAD

Microsoft Windows Vista: significant security improvement?
Review: GFI Endpoint Security 3
Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
Top 10 [...]

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by [...]

It didn’t take them long! A while ago some smart chaps worked out the a way to extract the HD DVD and Blu-ray Disc “volume keys” to decrypt AACS DRM on individual films (This was about 2 months ago).
Now they have cracked the scheme behind it, the so called “processing key” used to decrypt the [...]

Some sneaky hacker got into the Wordpress download server and placed a backdoor in the latest available version (2.1.1).
Luckily within a day someone reported the exploit to the Wordpress team and they took the site down to investigate.

This morning we received a note to our security mailing address about unusual and highly exploitable code in [...]

Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.
Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.
For me this has serious [...]

A paper about cracking SHA-1 originally surfaced in 2005, from a fairly reputable scientific source in China, it was widely publicised nor talked about much.
But then recently, just last month China managed to make a wave out of it, almost 2 years after the initial ‘report’.
It was even Slashdotted on January 20th 2007, the article [...]

This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie.
Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside.

Can the coins jingling in your pocket trace your movements? The Defense Department is warning its American contractor [...]

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs.
A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment.
So if [...]

I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information.
The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured.
It’s ok [...]

A pretty cool song about RFID and RFID hacking from Monochrom.at.
Written and first performed at 23C3 (23rd Chaos Communication Congress) in December 2006 in Berlin as part of monochrom’s ‘Proto-Melodic Comment Squad’.

Users, there’s trouble ahead
I said users, it is totally sad
But users, the future lies in your hand
Cause it’s all about surveillance
Comrades, you don’t know [...]

The famous Phenoelit Default Password List has been updated, it’s been quite some time since an update.

http://www.phenoelit.de/dpl/dpl.html
This is a must have resource on your pen-drive and backed up offline somewhere for those important times when you need to know the login for a router/switch

Ah the old mythical tale of hacking your school to change your grades to straight A’s, well I know people do it, I’ve seen it in the past…but now someone has actually gotten caught for it.
And what’s more..he’s the senior class president!

Cooper City High School’s senior class president was arrested Tuesday and charged in [...]

Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business.
So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links to [...]

MTR was written by Matt Kimball, with contributions by many people. Take a look at the “AUTHORS” file in the distribution. Roger Wolff took over maintenance of MTR in october 1998.
MTR combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool.

As MTR starts, it investigates the network connection between the [...]

When things like this happen it’s kinda of scary, like a while back when someone managed to get into a highly secure power station network through a stupid contractors laptop that was connected to the net via dialup and to the uber ’secure’ power station LAN.
An infected laptop PC gave hackers access to computer systems [...]

UK Police have uncovered a fairly massive data theft operation with a total close to 8,500 victims.
It’s quite worrying when things like this are uncovered as if 1 is uncovered or discovered…imagine how many aren’t found out about, just like exploits.

British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from [...]

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.
The 9th issue of (IN)SECURE magazine was recently released, in this issue you can find the following:

Effectiveness of security by admonition: a case study of [...]

Here is a newly released VA methodology, the author believes it to be more focused, and thus cost effective VA process. It may map to internal work, but it is probably more suited to external sites.
It’s gone through a couple of revisions so it’s a bit more polished now.
You can find the notes on the [...]

A dream come true, would I say… recently found this article on securityfocus, it’s awesome… all that you need (beside Firefox) is pointed out in the article, so go on, what are you waiting for…
http://www.securityfocus.com/infocus/1879

An interesting enough article, but if you work in infosec you could probably guess the topics anyway.
In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered immediate, specific prevention strategies [...]

It makes sense really, the paranoia that quickly infected every corner of the ‘Western’ world had to be cashed in on by somebody, tada! The security industry of course.

During the Cold War, Canada’s National Optics Institute developed a system to detect which type of enemy tank or fighter jet was approaching. After the Soviet Union’s [...]

Something a little off-topic for once, nerdcore is getting big!
Geek music is hitting the streets.

Gangsta is dead. Grime is a bore. There’s a new beat on the street and it’s called Nerdcore. This geeky hip hop subgenre, also dubbed CS rap (that’s computer science, yo!), is finally booting up with the release of Rhyme Torrents, [...]

A sterling case for two factor authentication if I ever saw one.
The rule is use two of the 3 methods of authentication, if possible use all 3.

What you have (A USB key or Token)
What you are (Biometrics – Fingerprint or Iris scan)
What you know (A password or passphrase)

More than 8 out of every 10 [...]

Ahah! More government cover-ups? This one was a while back too.
Digging on those archives right now yah.
A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?
The US government security really does scare me sometimes, their internal departments have some of [...]

“pleez, pleez, PLEEZ teach me how to hack a Hotmail Account!!!”
-unidentified IRC user
From here on in you walk alone. Neither little_v OR Black Sun Research Facility AND its members will be responsible for what you do with the information presented here. Do not use this information to impress your “l33t0_b0rit0″ friends. Do not [...]

Ah another flaw in Myspace, this time it’s quite dangerous exposing the details of teenagers.

A security hole in the popular MySpace social networking site allowed users to view entries marked “private”, a crucial protection for users aged under 16, according to weekend reports.
Though the site is said to have fixed the problem, it was said [...]

Ah another huge hacking resulting in a large loss of confidential information, companies really need to start getting more pro-active about aggresively testing their corporate networks and web based applications.
Information including CREDIT CARD numbers sadly.

AT&T on Tuesday said hackers broke into one of its computer systems and accessed personal data on thousands of customers who [...]

I’ve been spending a lot of time online lately reading all kinds of stupid text files on how to “Takeover Ops Boi!!!”, “eLeEt WaYs To gEt OpS!!!”, “HOW TO GET OPS ON SERVER SPLITS”, etc. We all know none of these things work, at least not for me. They’re either written by morons, or they [...]

Recently one of the sites I am developing for my self was link spammed. Some unpleasant individual decided that it would be fun to post 160 “comments” spread over all the blog posts. All the comments contained was URL’s. Even more stupid they used BB tags, but as I wrote the site it doesn’t use [...]

Ah cyberwar, cyber terrorism, efforts are ramping up, more sites are going down.

The war in Lebanon is now showing its consequences in the digital world and a huge number of websites has been attacked and defaced as a protest against the invasion of Lebanon by Israel.
Today two NASA websites were attacked as well. The intrusion [...]

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks.

It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The [...]

Israeli hackers have decided to ‘help’ and join the war against Palestine.
The hackers group that calls itself “IDF” (which also means Israeli Defence Force) has hacked dozens of sites, erased the site content and replaced it the index with a picture of the Lebanon destruction that is made by Israeli Defence Force as an answer [...]

Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service.
It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site.

eplawless stated the following:
It was me. I did it. C’est [...]

For those who haven’t noticed yet, today booster made a milestone in PSP history. Enabling firmware 2.71 emulation in DevHook 0.44.

Alot has been going on lately in the PSP scene and its great. With the release of the 2.5/.6 downgrader and full iso and game emulation in DevHook.
Download here. Credit goes to booster [...]

Using standard script kiddy tools a consultant managed to compromise some of the FBI’s computers containing confidential information.
Quite a hack eh?
A government consultant, using computer programs easily found on the Internet, managed to crack the FBI’s classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.
The [...]

Ticketcharge.com.my, a Malaysian website that sells event tickets online appears to have been hacked. Forgot to take a screenshot of it but this screenshot from google cache taken today can be seen below. This happened over the weekend or perhaps earlier.

Google cache here . This will be gone when google re-cache the [...]

Dark_AleX has now shared Downgrader Test v0.5 For PSP 2.50/2.60 Firmware which, according to MANY users (including TGMG, LalaMan, Firey, and LAXitives), works 100% with PSP consoles that were upgraded to v2.50 or v2.60 Firmware. However, it will NOT work with TA-082 versions and it’s NOT recommended for users whose FACTORY/STOCK Firmware was 2.50 or [...]

Forgot to post this earlier. I received this email from SANS Institute sometime in April. They seem to be having two of their training sessions in singapore in August. Those who live in Asia or anywhere near the region and are interested can look it up. SANS Institute has one of [...]

An interesting interview had been posted on Wired with Gary McKinnon about what he actually found whilst penetrating the US government networks.

After allegedly hacking into NASA websites — where he says he found images of what looked like extraterrestrial spaceships — the 40-year-old Briton faces extradition to the United States from his North London home. [...]

Cross Site Scripting, or know as XSS, is the most common basic web hacking tehnique… and harmless, as many would say… but on this mather I don’t realy agree, that’s why I wrote this article.
About
XSS as I knew it is a very abstract definition for javascript injection, or at least this is what I have [...]

It seems even though vendors are pushing their snakeoil harder than ever, the actual figures show that the money lost due to cybercrime has decreased every year for the last four years!

Perhaps people are finally getting more secure, it’s not suprising with the advent of cheaper and easier to use intrusion detection and intrusion prevention [...]

I saw some interesting information recently on a mailing list.

We took one sample of one carding/phishing forum that our Global Surveillance Center was monitoring and sampled the set into a graph that lists the top 10 banks and the losses over the last month. As you can see, it’s obvious who the top credit card [...]

RFID, biometrics, hi-tech police officers, yes it’s all going to be happening in Germany for the close approaching World Cup 2006.

Not surprisingly, security is a top priority for the German government, even higher than its desire to see the national team walk off the pitch with the World Cup 2006 trophy.
The list of security precautions [...]

A pretty interesting article that statistically measured the frequency of passwords by taking an aggregate sample of passwords (primarily from the UK).
Here are listed the most commonly occuring from the sample.
10. ‘thomas’ (0.99%)
First off, at number 10, is the most common format of passwords – the name. Thomas is a perennially popular name in the [...]

The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan’06 intends to be a non-product, non-vendor biased security conference. It is the aspiration of SyScan’06 to [...]

There seems to be a certain amount of confusion within the security industry about the difference between Penetration Testing and Vulnerability Assessment, they are often classified as the same thing when in fact they are not.
I know Penetration Testing sounds a lot more exciting, but most people actually want a VA not a pentest, many [...]

I’ve tried out a few of these visual recognition password technique things, and to tell you the truth they didn’t work for me, not at all.
I clicked the requisite 3-4 spots on the image, and remembered them, but when I tried to login it wouldn’t accept it.

A password that uses images instead of numbers could [...]

I don’t know what he was thinking really, tampering with US military or governmental systems without some SERIOUS protection.
A British man accused of being behind the largest ever hack of US government computer networks could end up at Guantanamo Bay, his lawyer has claimed.
Gary McKinnon, from London, denies causing $700,000 (£400,000) damage to military and [...]

With one easy click! We talked about Downloading Youtube.com Videos before, but now it’s even easier.
Found a new site that does this seamlessy, all you have to do is drag the bookmarklet to your toolbar, then when you see a video you want on Google or Youtube, just hit the button on your bookmark toolbar [...]

Pretty Scary eh?
Although some people do call them the Central Lack-of Intelligence Agency.
Privacy is a major issue and well people should be a little more careful about what they reveal online, perhaps I’ll rehash my old Google Hacking Presentation and write it up as a post for Darknet. I guess it would be interesting reading [...]

Ever wanted to download those cool videos from youtube.com? (Its an online video storage site similar to imageshack.us for storing images) and can’t because those peeps made it difficult for you to just download them offline? Well now you can !!

Go to fileleecher.com and follow the instructions on how to copy the youtube.com [...]

Good I say, nothing worse than a spammer.
A bulk e-mailer who looted more than a billion records with personal information from a data warehouse has been sentenced to eight years in prison, federal prosecutors said Wednesday.
Scott Levine, 46, was sentenced by a federal judge in Little Rock, Ark., after being found guilty of breaking into [...]

Is Open Source more secure? That’s a question that can be answered with both yes and no. Not only that, but the reasons for the “yes” and the “no” are fairly much the same. Because you can see the source the task of hacking or exploiting it is made easier, but at the same time [...]

This is old news to those who already knows about it (Found out about it last year and tested it till now). But i just had to try it before actually posting it up.
Do you get tired of being in an elevator and someone else gets on every other floor in between the floors [...]

1. BackTrack
The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).
BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention [...]

the following exploits (if we can call it this way) was published on securityfocus bugtraq mailinglist… it is entirely reproduced in the following lines:

Norton Internet monitoring tools issues
Versions Affected : *
Fix : No
What im writing about is how to stop the internet of some user that is
using the norton tools and IRC / any other [...]

This is actually a very interesting debate.
Just to introduce if you don’t know..
What is Penetration Testing
A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious cracker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. [...]

What is RainbowCrack & Rainbow Tables?
RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.
In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically [...]

Well it’s not really a backdoor… but we can consider it one…
Some time ago it apeared on many websites (including mine) an article about a backdoor in mIRC… all this backdoor stuff was really nothing more than a mIRC script that by it’s mean made the client to respond at any command received via a [...]

SAN JOSE, California — Identity theft and online bank fraud were the unofficial themes of the 2006 RSA Conference, a massive security confab where Bill Gates came to announce the imminent death of the password and vendors filled the exhibition halls with iPod giveaways and promises that their product could stop everything from spam and [...]

Google Enterprise has reacted to privacy concerns and released Google Desktop 3 Enterprise.
It responds to security concerns allowing full administrator control, letting them use the standard group policy settings to completely disable features, including the controversial Search Across Computers feature which you can read about in our original article.
Google Enterprise’s [...]

OWC (Other World Computing) is a great site for buying parts for the mac. Their prices are quite cheap if you compare prices with stores in asia. Two days back (21/2/06) they got their hands on a Macbook Pro, which they received at 10:30pm and managed to take it all apart by [...]

A Spanish hacker who launched a denial of service attack that hobbled the net connections of an estimated three million users has been jailed for two years and fined €1.4m. Santiago Garrido, 26, (AKA Ronnie and Mike25) launched the attack using a computer worm in retaliation for been banned from the popular “Hispano” IRC chat [...]

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions namely Whax and Auditor.

Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the [...]