Friday, July 18th, 2008 Clever mnemonics aside, last week we have seen another large scale SQL injection attack (or YAMSIA, if you prefer), this time being orchestrated by a botnet that has become known as Asprox—but first, a history lesson.The code behind the Asprox botnet seems to have been around for quite some time ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, June 24th, 2008 The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is ...
Posted in Coding, Internet, Security, Software | No Comments
Monday, June 9th, 2008 Here is a list of new security tools that were released in the past week.SQL Ninja 0.2.3 - SQL server injection and takeover tool
fgdump 2.1.0 - Tool for mass password auditing of windows systems
AxBan 1.0.0.4 - ActiveX killbit program
Nmap 4.65 - Network port scanner
Nessus 3.2.1 - Vulnerability assessment tool
Immunity Debugger ...
Posted in Coding, General BS, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Sunday, June 1st, 2008 XSS (Cross-Site Scripting) Very Much Alive and KickingWe were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Friday, May 30th, 2008 We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features.Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
