It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.
Binging is a simple tool to query Bing search engine. It will use your Bing API key [...]
origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
Features
Create PDF [...]
As Twitter gains momentum there are more and more attacks on it, it’s users and the most recent is a phishing scam via DM (Direct Message).
It was uncovered recently that it was being used as a Botnet Control Channel, shortly before that it was subjected to a DoS attack.
This isn’t the first time DMs have [...]
This is one nasty piece of malware, seems like it’s working on a low level as per rootkits, there aren’t many technical details but it may well be operating on a Ring 0 level.
The level of detection by AV software is quite scary, especially since the malware is specifically targeting bank login details and it [...]
We’ve been following the whole TJX saga for quite some time now since way back in September 2007 when the hack became public as the Largest Breach of Customer Data in U.S. History and in August 2008 when the TJX Credit Card Hackers Got Busted.
The legal system has ticked along and now they have to [...]
Now this is pretty disgusting behaviour from a national telco provider, but well is it really surprising in Dubai? For me..no it’s not.
I’ve spent a reasonable amount of time in Dubai on various projects, and my first surprise was Flickr being blocked. Especially as Dubai is probably the most liberal place in the Middle East. [...]
The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter. The Middler is intended to man in the middle, or “middle” for short, every protocol for which we can create code.
In [...]
After our recent story about the trading of BlackBerries for data theft the issue has emerged again this time more towards the secure disposal of data stored on PC hard disks.
If a company or organisation has a decent data/information security policy in place (Like ISO27001 for example) they should have a secure destruction/disposal policy as [...]
The number of Crackberry Blackberry users is increasing exponentially – especially since they released the much sexier Bold and the latest touch-screen Storm.
The latest revelation is that used BlackBerries are being traded, not by the value of the phone but by the value of the data contained on the phone!
It just shows most companies still [...]
We did mention Torpig in passing back in January 2008 when talking about the Mebroot rootkit which digs down deep into the Master Boot Record.
It seems like Torpig has been pretty active since then and the latest break is that some security researchers have managed to infiltrate the botnet and collect some data on what [...]
UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, [...]
In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions.
I guess it’s hard to control a 3rd party call center though and who [...]
What is VideoJak?
VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264.
VideoJak works by first capturing the RTP port used in a [...]
Hardware hacking is an interesting area and something not too many people get into as the soldering irons, capacitors and chipsets seem daunting. I did have a play around with cable boxes and satellite feeds in my earlier years and was surprised to find how insecure they were.
Most traffic is transmitted unencrypted, the stuff that [...]
We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform.
There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following.
Due to the large update of Twitter, the amount of datable available [...]
This is an interesting story, I’ll be watching how it develops – it’s not often you see a bounty for online crimes and especially one as enticing as 1 million dollars!
That’s a hell of a sum for nailing down some dodgy hackers who are running an extortion scam after a data leak.
I really wonder where [...]
Google hacking was the big thing back in 2004, I actually did a talk on it in Hack in the Box 2004, it’s resurfaced again as a serious threat with Google noticing more queries relating to things like social security numbers.
The Google Hacking Database has been active for years now and there are hundreds of [...]
You may remember the story about the Pro ATM Hacker ‘Chao’ and his Tips a while back, apparently that was the start of a big global sting operation on credit card fraud.
Chao was admin/moderator on a community of carders (where they bought/sold stolen credit card info) called DarkMarket and the first to be busted, it [...]
It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!
A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).
WHEN Australian web [...]
Another classic data leakage….and once again it happend on Ebay! This time it’s a British agency known as MI6 (Secret Intelligence Service) demonstrating a distinct lack of intelligence.
How on earth does something like even happen? Even smaller agencies and companies I’ve worked with have rigorous data destruction policies when old equipment is recycled or sold [...]
I guess most people have been led to believe this new generation of ePassports or biometric passports are more secure, will help us keep our privacy intact and help us mitigate against identity theft.
Well how wrong the propaganda is! THC (famous for their tools and research in security) has just released some technical information, tools [...]
Well another reason for you guys (and gals) to avoid social networks, a new worm is spreading. Again they are using the same ploys that have been leveraged for years on e-mail and instant messaging.
Trust is gained as the message or link/video/etc comes from a known source so people are more likely to click/open/play it [...]
We reported on this case back in September 2007, the largest US data breach in history so far (45 million customer records!).
It seems like finally the people behind it have been busted, 11 people have been charged by US authorities.
The US authorities have charged 11 people in connection with the theft of credit-card details in [...]
This is a pretty old issue, but this is an interesting new implementation of an old idea. Using your browser history and by matching your browsing habits the site attempts to guess your gender with a weighting system according to the gender demographics for a list of fairly popular sites.
It’s not super accurate unless you [...]
After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites.
Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can leak [...]
It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.
A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain [...]
Now this is an interesting privacy related case to think about over the weekend, Google has to reveal viewing details for Youtube to Viacom.
Anyone who has EVER watched a Youtube video, that’s pretty extreme. Luckily most people are using dynamic IP addresses, so it shouldn’t be too much of a concern.
Unless of course they decide [...]
It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.
The latest target appears to be Google Calendar.
As always be on your guard as these scams are coming from all directions.
A few months ago, spam came to Google Calendar. Now [...]
Now this isn’t a new tool, and it’s not quite up to date as the author hasn’t updated it for a while – but it’s still exceedingly cool!
As you know most IP addresses are registered to companies or organizations in blocks, so you can identify which network an edit is coming from as Wikipedia logs [...]
If not the magic camera in the sky might think you are a terrorist and a squad of crack F16s might be dispatched to blow up your plane..
Don’t go to the toilet too often too, or walk around too much…or do anything really. Better just sit in your seat with a blank expression on your [...]
Ah TJX in the news again….after previously having the Largest Breach of Customer Data in U.S. History, now they are screwing people over that try to help them and their seemingly ridiculous information security policies.
Hello blank passwords? Sounds crazy but I believe it happens, at more places than just TJX. It’s sad that someone who [...]
Oh dear, UK going backwards again. A bad case of Big Brother syndrome and once again under the blanket excuse of efforts against terrorism.
Please! That’s so old and tired now, do governments seriously think they can keep infringing people’s privacy and rights under the same old guise? Strike terror into the public by continually telling [...]
Another big heist in the US netting a whole lot of juicy information on credit and debit cards, over half a million USD lost in this case alone. There’s a whole lot of fraud going on..
Not bad for fiddling with the cash register system of a restaurant chain. It just shows, anyone dealing with finanical [...]
Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.
Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted [...]
Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available on the target/victim website.
It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn and so on. [...]
A while back we reported how US customs owns your data, now it’s getting even worse. 10 days ago the US appeals court gave them rights to COPY all your data without notice even if there are no suspicions.
Anyone want to talk about dilution of intellectual property? Privacy? Or just basic human rights..
In a letter [...]
The same old story, if you ask people for something they will most likely give it without thinking of the consequences..
Even more so if you are a pretty girl, and in this case you offer someone chocolate. Hey who doesn’t love chocolate? I have to say I don’t love it enough to give out my [...]
It seems like Russia wants to keep a tight reign on things, anything with Wifi capability must be licenses! That includes your phone…imagine having to apply for a permit to have a wireless AP at home?
Rather ridiculous no?
Business travellers to Russia might want to keep their laptops and iPhones well-concealed – not from muggers, necessarily, [...]
WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security.
The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and covering [...]
cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.
Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.
If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – [...]
It seems like most countries are getting more serious about the illegal downloading and the protection of intellectual property, after the UK recently proposed disconnecting ‘pirates’ from the Internet – Australia is now considering following suit.
I guess this is just the start, laws will become more heavy handed and draconian as most of it is [...]
A UK firm Virtuity has created data protection software called BackStopp which comes with ’self-destruct’ technology based on Wi-Fi and RFID tags that starts to run as and when a laptop is moved from its designated space.
So in layman’s terms, if the laptop is moved from its permitted zone (which is set by the user) [...]
Ok more controversy for you guys, and once again it’s the UK leading a new initiative. This time it’s not against making hacking tools illegal, it’s against people downloading ‘pirated’ content from the Internet (using torrent sites etc.).
I do hope they can differentiate using torrents to download open source software or creative commons music and [...]
Ok here’s something controversial for you guys to digest, there has been anecdotal evidence of US Customs seizing laptops before and examining the data…but it now seems to be rather more widespread.
It’s a little worrying to me how a government can just rummage through your data when you are totally innocent and they don’t even [...]
After banning hacking tools it looks like the German police are looking into digital wiretapping and creating ‘whitehat’ trojans for monitoring the bad guys…
Of course they define who the bad guys are, and according to law 202(c) it could be us..
This is very definitely questionable when it comes to ethics, it’s almost as bad as [...]
It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files [...]
So facebook has finally fallen victim, after the recent Orkut worm now we have malware infection from Facebook, an application called Secret Crush. The application was renamed as My Admirer but that seems to be gone now too.
The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret [...]
The Revisionist is a tool for extracting and indexing hidden metadata (such as deleted or modified text) from large collections of MS Word files. It can operate whole Web sites or SMB or NFS directories. It is handy for pen-testing, or it can be used just to spot embarrassing secrets.
It’s useful in that it can [...]
It seems Wi-Fi is actually extremely common, in fact in a recent poll up to 45% do it! I guess most people here have, I admit I do even with my phone when I’m out and about I’ll use any WiFi point that works.
We can blame it on the manufacturers for having lax default security [...]
This story reads like something from one of those glamourised Hollywood ‘hacker’ movies like Swordfish or Antitrust.
The legendary MPAA hacker has been revealed, and it looks like he himself got social engineered and dumped…he should have realised when you are playing with unscrupulous people you are setting yourself up to get screwed.
Promises of Hollywood fame [...]
A while back it was discovered that some ISPs have taken to inserting ads into web pages you are viewing, these are ads from the ISP you are using (AND PAYING FOR) not ads from the content provider or site that you are viewing.
Some ISPs are resorting to a new tactic to increase revenue: inserting [...]
A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by [...]
Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.
Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.
For me this has serious [...]
This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie.
Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside.
Can the coins jingling in your pocket trace your movements? The Defense Department is warning its American contractor [...]
I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information.
The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured.
It’s ok [...]
Today while browsing I suddenly came across projectBypass, which is a very useful website which acts as a proxy, and assures us 100% anonymity:
Make ProjectByPass your homepage for 100% secure web surfing! Keep your online activity free from potential attackers.
…of course I have my doubts about this because…
ProjectByPass.com is a FREE Web Based CGI Proxy [...]
This is a pretty interesting idea and for once it addresses a real requirement. A lot of stories have hit the press about people getting fired or ‘dooced’ because of stuff online or not even getting jobs because of something found on MySpace.
So up pops a company that is willing to protect your reputation online.
The [...]
UK Police have uncovered a fairly massive data theft operation with a total close to 8,500 victims.
It’s quite worrying when things like this are uncovered as if 1 is uncovered or discovered…imagine how many aren’t found out about, just like exploits.
British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from [...]
It seems finally someone has found a flaw in the way Tor works, a way to beat it and find out who is using the system.
Perhaps an end to the most anonymous system on the Internet?
I got this info fresh from SANS.
One of our readers sent in a very worrying analysis of what appeared to [...]
Data security giant McAfee has bought a young Tel Aviv startup, Onigma, for somewhere between $15 million to $25 million cash, surmise hi-tech circles.
McAfee will be integrating the Onigma technology in its enterprise security solution, and will be recruiting dozens more Israeli developers for the startup, which will become a local R&D center.
Onigma was founded [...]
This is pretty funny, but frankly typical of McDonalds..act before they think, it’s cheap, it’ll get more customers, whack it out!
They gave out a bunch of flash drive mp3 players as a promotion, it turns out every single one was loaded with a fairly nasty piece of spyware!
McDonalds Japan has launched a recall after discovering [...]
An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files.
So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could..
Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of information. A [...]
Ah Facebook again, security problems again?
Not this time, but privacy fears with the new stalker-esque features for tracking changes to people’s pages.
Millions of people have flocked to social networking sites to post information about themselves and share it with friends.
Now Facebook, one of the most popular, is facing a user backlash over a recent redesign [...]
This is a little scary, intensely personal ads which to be frank are getting a little invasive as it is..It’s like the part in minority report where the billboards scan your eyes and talk to you using your name and history of purchases.
It looks like it might be happening sooner than we think.
The first thing [...]
Can you believe this the provincial government in British Columbia has managed to auction off a set of data tapes containing people’s social insurance numbers, dates of birth and medical records among other information.
The provincial government has auctioned off computer tapes containing thousands of highly sensitive records, including information about people’s medical conditions, their social [...]
Introduction
This tutorial is an attempt to help you re-route all internet winsock applications in ms windows trough a socks chain, thus making your connections much more anonymous.
Theory
The more different hops you make your data jump, the more difficult it will be to trace it back. take this [...]
An interesting find made by John Hackenger surfaced today. For those of you familiar with MySpace, you’ll know that it uses ‘Bulletins’ to send a single message to multiple friends in your list.
Because the message is sent only to the people you have authorized to be on your list, sometimes you get a feel of [...]
Well I would say this was true for office workers everywhere, not particularly just Brits.
But well the British are an inquisitive nation, so this doesn’t suprise me at all.
Nearly a quarter (22 per cent) of UK employees admit to having illegally accessed sensitive data such as salary details from their firms employer’s IT systems. More [...]
RFID, biometrics, hi-tech police officers, yes it’s all going to be happening in Germany for the close approaching World Cup 2006.
Not surprisingly, security is a top priority for the German government, even higher than its desire to see the national team walk off the pitch with the World Cup 2006 trophy.
The list of security precautions [...]
Irrepressible Adj. 1) Impossible to repress or control.
Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information.
The Internet is a new frontier in the struggle for human rights. Governments – with the help of some of the biggest IT companies in the world – are cracking down [...]
Introduction
Anonymity is derived from the greek word ανωνυμία, meaning without a name or name-less. In colloquial use, the term typically refers to a person, and often means that the Ppersonal identity, or personally identifiable information of that person is not known.
The main question is of course, what are you trying to hide? Closely following that [...]
Pretty Scary eh?
Although some people do call them the Central Lack-of Intelligence Agency.
Privacy is a major issue and well people should be a little more careful about what they reveal online, perhaps I’ll rehash my old Google Hacking Presentation and write it up as a post for Darknet. I guess it would be interesting reading [...]
1. Introduction
This article describes and partly implements a method to delete or re-locate, potentially sensitive and / or incriminating information from your UNIX flavoured machine, after the sad event of your death.
An older version of this article has been published before, yet it has since disappeared from the Internet and the Google cache; hence this [...]
The RIAA’s latest tactic, is to reveal to Santangelo and her new lawyer that they’ve been investigating her children, and have been able to collect a lot of non-public information. The RIAA will probably claim that the info is related to the case, but it certainly borders on using scare tactics, and trying to intimidate [...]
Now after the huge Sony BMG Rootkit fiasco, this has become quite a hot topic, how far can vendors go to enforce their ‘Digital Rights Management’ (or Digital Restrictions Management as we like to call it), can they install a rootkit on your machine and hook into your OS? Can they take over your PC [...]
Yes that’s right, big brother wants a backdoor in your operating system even MORE of a reason to use Open Source alternatives that we can audit ourselves eh?
There has been talk of such things in the past, US government backdoors in common cryptography algorithms and now talks of backdoors in the most popular OS in [...]
Google Enterprise has reacted to privacy concerns and released Google Desktop 3 Enterprise.
It responds to security concerns allowing full administrator control, letting them use the standard group policy settings to completely disable features, including the controversial Search Across Computers feature which you can read about in our original article.
Google Enterprise’s [...]
Google has offered multiple reasons why it shouldn’t have to comply with a Justice Department subpoena. One is privacy. An excerpt:
If Google is forced to compromise its privacy principles and produce to the Government on such a flimsy request, its search query and URL data, Google will, without a doubt, suffer a loss of trust [...]
AnonymousInet has relaunched! A nice clean FREE web based proxy service.
http://www.anonymousinet.com/
Works great for me, it’s fast and free!
It also encodes the URL so stupid simple content filters wont stop it.
