For some of the long time readers, you might remember we’ve been covering the case of the UK Hacker Gary McKinnon for quite some time. The last post was about a year ago though in August 2007 when he Won Right to Lords Appeal Extradition Hearing.
The first post on the case was over 2 years [...]

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]

It just goes to show, having an aluminium lined wallet could really be useful! Hackers in the Netherlands found they could clone an access card using the Mifare chip, after that they traveled to London to try their technique out on the Oyster card (used on the London Underground), which uses the same chip.
It just [...]

If you don’t know, BackTrack is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is [...]

Looks like India has them moving into the hacking scene young, it’ll happen anywhere with decent network infrastructure and disparate levels of economy. Look at Eastern Europe and China as other examples, India though due to it’s outsourcing culture and plentiful legitimate jobs in the IT industry doesn’t seem to suffer so many problems with [...]

We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features.
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote [...]

Microsoft helping the good guys eh? I had someone ask me if I can get a hold of this so I did some checking up on..
I’d guess MS is doing this to sell additional software and services, but either way its a good thing to make a portable, easy to use and effective forensics toolkit.
Would [...]

As far as I know this has been happening for some time, sometimes a patch comes out for a vulnerability that many people don’t know about (including the hackers) so they will see what problem the patch fixes (possibly through reverse engineering) then develop an exploit to leverage on the flaw.
It seems things are a [...]

It looks like someone is going after the bad guys in a new way, by hacking them back! It’s no news to us that many hacking tools and script kiddy trojan kits are badly programmed..a lot of them have back-doors and the client-side tools have easy exploits that enable you to take over the ‘hackers’ [...]

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of [...]