It seems like the Chinese are always coming up with inventive ways to scam people, this time the people in their own country. Android is of course growing quickly globally and China is no exception with the availability of cheap hardware there the open-source Android OS is a natural choice. The latest scam is some […]
Archives for 2011
MagicTree – Penetration Tester Productivity Tool
MagicTree is a penetration tester productivity tool, it allows easy and straightforward data consolidation, querying, external command execution, and report generation. In case you wonder, “Tree” is because its stores all the data in a tree, and “Magic” because it is designed to magically do the most cumbersome and boring part of penetration testing – […]
Researchers Hack Mobile Calls On GSM Network
Gotta love a bit of hardware hacking in the new year, this Karsten Nohl guy has been busy lately – he recently exposed Car Immobilisers Using Weak Encryption Schemes and more relevant to this article we’ve written about him and GSM Hacking Coming To The Masses Script Kiddy Style before. This kind of GSM snooping […]
cross_fuzz – A Cross-Document DOM Binding Fuzzer
cross_fuzz is an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market – many of said bugs exploitable – and it is still finding more. The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across […]
Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese dudes […]