Comments Posted By Sandeep Nain

Displaying 1 To 30 Of 149 Comments

ratproxy – Passive Web Application Security Audit Tool

One more good step taken by google…..
Giving one of their very important internal tool for free.
hats off to google…

@grav, yes this tool will be banned if the law against hacking tools is implemented But I don’t really think that this law will be passed at all. Fingers crossed.

» Posted By Sandeep Nain On July 4, 2008 @ 12:08 am

Google Calendar a New Target for Phishing

Well that was supposed to happen. Phishers and spammers don’t let go any type of web application which accepts user input and displays it to public…

Emails, forums,blogs and now google calender.. But luckily google has been very fast in fixing such stuff. They will find a way to handle this as well..

» Posted By Sandeep Nain On July 3, 2008 @ 6:44 am

China Home to at Least HALF of Malicious Web Sites

well there are always work arounds i think…
these applications are becoming smarter day by day but spammers are usually smarter

» Posted By Sandeep Nain On July 7, 2008 @ 1:34 am

Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool

By The Way, its a very nice tool for Blind SQLi.

I used its previous version too and found this one far better than that.
Thanks for introducing to it darknet.

@grav

Blind SQL Injection is where you don’t actually get to see the results of your injected SQL.

» Posted By Sandeep Nain On July 3, 2008 @ 6:57 am

@grav, In simple words SQL Injection is all about modifying the underlying SQL statements to get results which are not supposed to be displayed to the user..

If their is a URL. http://www.estore.com/showItem=25
which actually is creating a query “select * from items where id=25″

You can inject it as follows:

select * from items where id=25;drop table items;

if the input is not sanitized, the db server will run sql statements and the second one will drop the items table

» Posted By Sandeep Nain On July 3, 2008 @ 6:55 am

AV Firms Split Over Defcon Contest

That is right Yash
AVs are usually good against nothing but already reverse engineered malware… not many AVs have got good protection against polymorphic viruses… and stopping new sophisticated viruses is still a distant story..

and I’m sure contests like this will definitely raise a concern.. and will make the AV vendors work harder..

» Posted By Sandeep Nain On April 30, 2008 @ 5:32 am

Scavenging for project members on Darknet

Hi Backbone.. thanlks for inviting me to the group.. will be posting some ideas soon. Although you have already covered almost everything. It will be my pleasuer if i could help you in anyway to build this tool.

» Posted By Sandeep Nain On October 30, 2007 @ 5:51 am

A question for you Backbone, As you know these days developers tend to use URI segments instead of simple querystring in their applications and tools like blackwindow fail to handle such scenarios.

will your tool be able to handle the scenario as given below:

http://www.abc.com/folder/page_name/method_name/parameter_value/

» Posted By Sandeep Nain On October 29, 2007 @ 4:04 am

Hi Backbone,

Though I’m not a php-guru but probably ill be of some help to you in that space. let me know…

» Posted By Sandeep Nain On October 29, 2007 @ 1:09 am

VPS – Virtual Private Server for Darknet

Great stuff darknet, I’m sure it will make your life much more tension free… and the “power of root” in hand will be just awsome.

I hope you never face “system failure issues” again..

» Posted By Sandeep Nain On October 25, 2007 @ 6:54 am

The Next Evolution – GFI Uncovers MP3 Spam

uffff…. now its gonna be a headache to actually identify the legitimate emails… I usually ask my frnds to send me mp3 files through emails and wont expect it to be banned :( by my sys admin

whats next???? probably emails containing small video clips…

» Posted By Sandeep Nain On October 24, 2007 @ 10:49 am

Posts Restored & Business (almost) Back to Usual

Great Stuff…. im sure you have worked really hard to get everything back.. i didnt expect that it can be done..

its just great to see all the missing posts back….

» Posted By Sandeep Nain On October 17, 2007 @ 2:08 am

New German Hacking Law 202(c) – Sites Close & Possible Backfire

Well it seems like a good news for hackers in the other parts of the world.. as in europe there won’t be many security professionals left to test or secure the applications i.e. good chances of finding vulunerabilities in applications developed in europe

» Posted By Sandeep Nain On October 25, 2007 @ 5:52 am

September Commenter of the Month Competition Winner!

I got my creative zen music player today..
thanks Darknet and GFI.

» Posted By Sandeep Nain On October 23, 2007 @ 7:35 am

Hi Darknet and Sarah (GFI)

I recieved the merchandise packet from GFI today. Thanks a lot for that. Kool stuff there, especially the GFI t-shirt and Mug.

But surprisingly there was no PSP in it. i was just wondering if it is supposed to come later. Can you please confirm?

» Posted By Sandeep Nain On October 17, 2007 @ 12:47 pm

bookmark me

Guys, don’t worry if you wanna create a bookmarklet with javascript code more than 500 characters..

see this:

http://codinginparadise.org/weblog/2005/08/ajax-creating-huge-bookmarklets.html

» Posted By Sandeep Nain On October 25, 2007 @ 5:47 am

Server Crash

@Darknet, First of all you must take some severe action against your hosting service provider who couldn’t recover any of your data.
Why were they not taking backups. :( (cost cutting may be… )

And I don’t think I should be asking you any questions like .. WHY weren’t you taking regular backups of your stuff??

Anyways.. good work in getting everything back up and running… I’m sure this is a big lesson learnt.

» Posted By Sandeep Nain On October 11, 2007 @ 11:58 pm

Police to Monitor Indian Cyber-Cafes

@srinivas
There are 2 news floating around regarding india’s counter terrorism measures.
1. monitoring the cybercafes for tracking the suspecious internet users.

2. monitoring the entire internet telecommunications including SMS and telephone conversations.

The first type of monitoring is more of a state govt operation and more of a talk rather than implementation.

where as second type of monitoring is an operation started and controlled by centre govt and is a very large scale project.

Now, it will be very difficult task. Not because India don’t have enough resources or security gurus but because the number of internet users and traffic is way toooo large…

and the last thing… university degree for terrorists: I was just adding some humour to my post ;)

» Posted By Sandeep Nain On October 29, 2007 @ 12:53 am

Yes dre, we do have EDGE and GPRS and HSDPA in india and is being used widely.

Well yes you are rigt EVDO will b hard to monitor and there are several other ways too to hide the real identity of the internet users.
which will make indian govt’s task really tough.

It seems like now terrorists will need to get university degrees in internet communication if they want to continue using internet ;)

» Posted By Sandeep Nain On October 28, 2007 @ 4:31 am

@Srinivas
Hi srinivas, I’m actually aware of the news you are talking about. The software is not developed as yet but being developed by CDAC. It was told that there will be 2 centres in india (mumbai and delhi) where this monitoring will take place.

and definitely it will help in in reducing the number of terrorist messages being transferred through internet. but it won’t be that simple to differentiate between the normal messages and terrorist messages as terrorists tend to encode them to simple language.

» Posted By Sandeep Nain On October 27, 2007 @ 1:02 am

So a number of serial blasts have made indian government to think about catching the terrorists if they use internet:

Its good that Indian Government has started thinking on these materials.. this whole idea has many flaws e.g.

1. india has cyber cafes in every corner of every street… so it will be almost impossible to implement this idea and monitor every activity from all the computers

2. Use of proxies or tor can hide the location of the attackers.

3. reading an email and sending an email will take atmost 5 minutes.. it will not be easy for a police to identify the location, alarm the police petrol vans and send a unit to the location in such a short span..

Despite of all this, its good to know that indian govt is taking this issue seriously.. and things may improve over time.

» Posted By Sandeep Nain On October 23, 2007 @ 7:01 am

Cyber Crime Toolkits Go On Sale

and I reckon, govt agencies must be looking at these cybercrime toolkits but not because they wanna use it and get support as well…

but they will actually be looking at how to prevent govt. systems from the attacks which can be generated using these toolkits.

» Posted By Sandeep Nain On October 28, 2007 @ 4:56 am

@Dre, I understood your point and what i want to communicate here is:

Sony can afford to not to have their own rootkit or not having good enough security professionals but Army and govt agencies MUST have THE BEST security professionals and programmers who can make rootkits and what not rather than buying off a 3rd party rootkit and anti-root kit.

I hope this is much clear now…

» Posted By Sandeep Nain On October 28, 2007 @ 4:51 am

Yes you are right DRE that sony is probably as large as any govt or military outfit but the security requiremenets differ… A loophole in sony’s it security may be a threat to the company itself but thats it. Can you imagine somebody getting a root access to US Army’s main servers?? its a NATIONAL THREAT.. so they can’t afford to trust a 3rd party software like rootkits to be installed on their systems. its just LAME. they probbaly think of getting anti-root kit stuff.

» Posted By Sandeep Nain On October 28, 2007 @ 4:20 am

I believe these government and military agencies have enough funds andd resources that they can build these kits by themselves rather than buying from hackers… as i’m sure govt won’t trust these sources.. and they should not…

and definitely anti-rootkit stuff will be a revolution.

» Posted By Sandeep Nain On October 26, 2007 @ 4:32 am

well this is funny… on one side there is germany who has completely banned the posession of security testing softwares and tutorials… and on the other hand there are these hacking kits with support packages which you can buy easily…

This “sale of hacking packages with support” thing is serious coz it will give rise to the number of script kiddies and needless to say most of them will be using these tools for illegal activities

» Posted By Sandeep Nain On October 19, 2007 @ 4:24 am

Pentagon Hacked by Chinese Miltary

Wowww…. thx for keeping my words darknet…

Also, have you actually looked into this kit? Does it come with CDs/DVDs of tools or just has information on how to use these tools..

If it has tools too.. i’m sure its must have.

and what do you reckon, which one has better set of tools, backtrack or EH Kit..

and I’m sorry to sidetrack you all from the main article…

» Posted By Sandeep nain On September 7, 2007 @ 10:57 am

Hi darknet

How about adding this hacker toolkit to the list of prizes to be given to top commenter…

just a suggestion ;)

» Posted By Sandeep Nain On September 7, 2007 @ 3:18 am

I have been reading this news since last 2-3 days… and was wondering if china is denying this, why can’t US show them the proof…
and ofcourse these attacks would have put pentagon information security team to red alert…
I hope they will hire some big nerds now…

» Posted By Sandeep nain On September 6, 2007 @ 11:32 am

August Commenter of the Month Competition Winner!

Congratulations TRDQ… and great job Nobody Holme

» Posted By Sandeep nain On September 4, 2007 @ 11:14 am

 Page 1 of 5  1  2  3  4  5  » 
«« Back To Stats Page

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to StumbleUpon


| 246,180 views |
Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This