Tuesday, April 29th, 2008
The latest versions of fgdump and pwdump have been released by the foofus.net team. Looks like the most important change is that both tools support 64-bit targets. Here is the official announcement:
"The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number ...
Posted in Coding, Linux, Privacy, Security | No Comments
Saturday, April 26th, 2008
WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...
Posted in Coding, Internet, Privacy, Security, Software | 1 Comment
Friday, April 25th, 2008
Opera 9.5 Beta 2 has stepped up its security game. The browser has added fraud protection and support for EV SSL (Extended Validation Secure Sockets Layer) certificates to help prevent identity theft.
Opera’s move to join the EV SSL crowd leaves Safari as the only browser without anti-phishing protection. As you ...
Posted in Internet, Software | No Comments
Thursday, April 24th, 2008
AVG Technologies, a leading provider of Internet security software, will tomorrow release AVG Anti-Virus Free 8.0, the latest version of the company’s popular and widely-used free security software, which now incorporates protection against spyware through a new combined anti-virus and anti-spyware engine.
AVG Free provides basic protection against viruses and spyware, ...
Posted in Internet, Security, Software | No Comments
Wednesday, April 23rd, 2008
GNU’s wget command line program for downloading is very popular, and not without reason. While you can use it simply to retrieve a single file from a server, it is much more powerful than that and offers many more features.
One of the more advanced features in wget is the mirror ...
Posted in Coding, Internet, Linux | No Comments
Tuesday, April 22nd, 2008
Following a friendly heads up from someone yesterday morning, I re-loaded the
following Kraken samples into my honeypot:
1d51463150db06bc098fef335bc64971
65b958bf6f5eddca3d9455354af08b6f
6ec7d67d5553cbec2a99c7fbe385a729
7ecef2f126e66e7270afa7b803f715bc
8fd8c67103ec073d9303a7fbc702f89a
and began monitoring them. Each sample proceeded to update itself;
the updated binary is around 160KB, given a random name and
placed in the system32 directory, and no longer has an imagefile icon.
The names/MD5 values of ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, April 21st, 2008
The Captcha used in the current version 8.1 of PHP Nuke can be deciphered with 100% accuracy. more information can be found here:
http://www.rooksecurity.com/blog/?p=6
Exploit Code: http://www.rooksecurity.com/exploits/php_nuke_captcha.zip
What is so interesting about this captcha is that it is incredibly wide spread. Variants of this captcha are being used by big names like Paypal. ...
Posted in Coding, Internet, Security, Software | No Comments
Friday, April 18th, 2008
A bot is a computer program installed on a compromised machine which offers an attacker a remote control mechanism. Botnets, i.e., networks of such bots under a common control infrastructure, pose a severe threat to today’s Internet: Botnets are commonly used for Distributed Denial-of-Service (DDoS) attacks, sending of spam, or ...
Posted in Internet, Privacy, Security | No Comments
Thursday, April 17th, 2008
You may think that you are anonymous as you browse web sites, but pieces of information about you are always left behind. You can reduce the amount of information revealed about you by visiting legitimate sites, checking privacy policies, and minimizing the amount of personal information you provide.
What information is ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, April 15th, 2008
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to ...
Posted in Internet, Privacy, Security, Software | No Comments
