As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep. There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that […]
network-security
THC-Hydra 5.8 Released – Extremely Fast Multi-Threaded Login/Password Cracker
The number one biggest security hole is passwords, as every password security study shows. Hydra is a parallelized (multi-threaded) login cracker which supports attacking/cracking numerous protocols. New modules are easy to add, beside that, it is flexible and very fast. We haven’t mentioned Hydra since way back in 2007 – THC-Hydra – The Fast and […]
sessionthief – HTTP Session Cloning & Cookie Stealing Tool
sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, […]
WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key)
Well as it tends to be, when something is scrutinized for long enough and with enough depth flaws will be uncovered. This time the victim is WPA2 – the strongest protection for your Wi-fi network which is standardized. WEP fell long ago and there’s a myriad of WEP Cracking tools available. In 2008 it was […]
Sagan – Real-time System & Event Log (syslog) Monitoring System
[ad] Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time! Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for […]