Darknet – The Darkside

Attack Surface Analyzer is developed by the Security Engineering group, building on the work of our Security Science team. It is the same tool used by Microsoft’s internal product groups to catalogue changes made to operating system attack surface by the installation of new software. Attack Surface Analyzer takes a snapshot of your system state [...]

Continue Reading

What a massive mother-load of patches Microsoft has unleashed on this month patching more than 34 security vulnerabilities including the fairly high profile vulnerability exploited at the Pwn2Own contest earlier this year in April. Good news as long as all the average Internet users actually use Windows Update and install the latest patches, which somehow [...]

Continue Reading

Many users are expecting a patch for the Microsoft IIS Semicolon Bug, but from the recently published bulletin by Microsoft it seems that is highly unlikely during this patch cycle. Microsoft Security Bulletin Advance Notification for January 2010 It seems they will only be pushing out a fairly low priority fix which is rated critical [...]

Continue Reading

So a pretty serious remote vulnerability has been discovered in Windows 7, as usual Microsoft is downplaying the problem asking you to block the ports on your firewall rather than fixing the issue. I’d imagine the problem would only really be a big issue inside networks as who exposes SMB ports to the outside world [...]

Continue Reading

There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more. As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase [...]

Continue Reading

It seems like another fairly critical flaw has been discovered in Microsoft Windows. It’s serious as it allows remote code execution, which basically means if you get hit with it your machine is owned. It seems DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk. Windows Vista, Server 2008 [...]

Continue Reading

Microsoft is in the news again, but this time for holding back on something security related. It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too. A lot of Windows networks use ISA (as it used to be called) – in the [...]

Continue Reading

It seems like Windows 7 is already creating some controversy even though it’s still in BETA. Just like Vista it also has UAC (User Access Control) which a lot of people disable completely because they find it irritating (myself included). When that happens, the boundary between security and usability has crossed too far and the [...]

Continue Reading

Now this doesn’t happen all that often, it must be really serious! An Out-of-Band patch from Microsoft (since it’s famous ‘Patch Tuesday‘ it only releases patches on the second Tuesday of each month) has been released for a new RPC flaw. I’d imagine it’s similar to the RPC flaw that spawned such disasters as Blaster [...]

Continue Reading

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database. It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS: MS-SQL Server ORACLE MySQL (experimental) Attack Templates for: MS Access MySQL ORACLE PostgreSQL MS-SQL Server Also you can [...]

Continue Reading