So a pretty serious remote vulnerability has been discovered in Windows 7, as usual Microsoft is downplaying the problem asking you to block the ports on your firewall rather than fixing the issue.
I’d imagine the problem would only really be a big issue inside networks as who exposes SMB ports to the outside world anyway [...]
There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more.
As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase their [...]
It seems like another fairly critical flaw has been discovered in Microsoft Windows. It’s serious as it allows remote code execution, which basically means if you get hit with it your machine is owned.
It seems DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk. Windows Vista, Server 2008 and [...]
Microsoft is in the news again, but this time for holding back on something security related.
It seems like they want to have some extra time for development, and well perhaps some business related factors come into play too.
A lot of Windows networks use ISA (as it used to be called) – in the future it’ll [...]
It seems like Windows 7 is already creating some controversy even though it’s still in BETA. Just like Vista it also has UAC (User Access Control) which a lot of people disable completely because they find it irritating (myself included).
When that happens, the boundary between security and usability has crossed too far and the control [...]
Now this doesn’t happen all that often, it must be really serious! An Out-of-Band patch from Microsoft (since it’s famous ‘Patch Tuesday‘ it only releases patches on the second Tuesday of each month) has been released for a new RPC flaw.
I’d imagine it’s similar to the RPC flaw that spawned such disasters as Blaster and [...]
BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database.
It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS:
MS-SQL Server
ORACLE
MySQL (experimental)
Attack Templates for:
MS Access
MySQL
ORACLE
PostgreSQL
MS-SQL Server
Also you can write your own attack template for any other database as well [...]
NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and [...]
Seen as though we’ve been having a good bash on Microsoft recently, here’s some more relevant news. The December update from Microsoft has delivered patches for 11 series flaws spanning both IE6 & IE7 and all their currently supported operating systems (Windows 2000, Windows XP and Windows Vista).
So if you are running Windows, make sure [...]
Skavenger? Yes, because scavenger is already used?!?
What is skavenger? Skavenger is a source code auditing tool, firstly though for php, but also used for any kind of source code file; as long as you know what to look for…
Yes I thought is as a replacement tool for egrep/sed under Windows! because not everybody installs cygwin [...]
