FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability

A useful tool for anyone working with PHP applications. DESCRIPTION ———— FIS (File Inclusion Scanner) is a vulnerability scanner for PHP applications. Is scans PHP files mapping PHP/HTTP variables and then performs a security audit,in order to find out which of them are exploitable. USAGE —— php fis.php [local file] [remote file] [remote FIS ID […]

Tags: , , , , , , , , , ,

Posted in: Countermeasures, Security Software, Web Hacking | Add a Comment

Most Damaging Computer Attacks Rely on Stolen Logins

A sterling case for two factor authentication if I ever saw one. The rule is use two of the 3 methods of authentication, if possible use all 3. What you have (A USB key or Token) What you are (Biometrics – Fingerprint or Iris scan) What you know (A password or passphrase) More than 8 […]

Tags: , , , , , , , , ,

Posted in: General Hacking | Add a Comment

SIFT Web Method Search Tool

SIFT has just published a world-first tool for identifying rogue web methods. The Web Method Search tool is a Windows based application that uses a hybrid dictionary attack in an attempt to find unpublished administrative and other web services functions. As web services are becoming more prevalent, poor security practices from previous generations of application […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment

DOE Hit By Hackers and Covered Up

Ahah! More government cover-ups? This one was a while back too. Digging on those archives right now yah. A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh? The US government security really does scare me sometimes, their internal departments […]

Tags: , , , , , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment

Domain Stealing or How to Hijack a Domain

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things. Summary The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and […]

Posted in: Network Hacking, Social Engineering | Add a Comment

China Outlaws Private E-mail Servers

Ah China, always been famous for repressing their population, now there repression is moving onto the Internet and using digital means.. Just like the so called ‘Great Firewall of China’, I’ve been meaning to do an article about that for quite some time, I have something drafted. Anyway the latest thing China has done has […]

Tags: , , , , , , ,

Posted in: General News, Spammers & Scammers | Add a Comment

Former Hacker Irks Microsoft in EU Dispute

Ah the anti-trust battle continues, good to see someone with technical skills involved, I wonder how the case is coming along, I haven’t heard about it for a while. Again this is quite an old story. As an expert witness on digital crime, British computer consultant Neil Barrett has helped prosecutors in the United Kingdom […]

Tags: , , , , , , , , , ,

Posted in: General News, Legal Issues, Windows Hacking | Add a Comment

Impressive Open Source Intrusion Prevention – HLBR

It’s good to see work on open source tools in the countermeasure department aswell as the attack and penetration arena. It’s a shame since Snort and Nessus have gone semi-commercial. I hope more people invest their time in good IDS, Firewall and IPS systems, I love things like IPCop and hope to see more products […]

Tags: , , , , , , , , , , , , , , , ,

Posted in: Countermeasures, Malware, Network Hacking | Add a Comment

Using the capture command in a Cisco Systems PIX firewall.

This is an excellent article you might find useful covering the use of the capture command in Cisco PIX firewalls. A vital tool to use when troubleshooting computer networking problems and monitoring computer networks is a packet sniffer. That being said, one of the best methods to use when troubleshooting connection problems or monitoring suspicious […]

Tags: , , , , , , ,

Posted in: Countermeasures, Hardware Hacking, Network Hacking | Add a Comment

Moving Ahead in the War Against Botnets

This effort started quite a long time ago, I was just checking up to see how they were getting on, but there’s not much news of their progress. perating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and […]

Tags: , , , , , , , ,

Posted in: Countermeasures, Malware | Add a Comment