New tools to block and eradicate SQL injection

Tuesday, June 24th, 2008

The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is ...

Posted in Coding, Internet, Security, Software | No Comments

New Security Tools

Monday, June 9th, 2008

Here is a list of new security tools that were released in the past week. SQL Ninja 0.2.3 - SQL server injection and takeover tool fgdump 2.1.0 - Tool for mass password auditing of windows systems AxBan 1.0.0.4 - ActiveX killbit program Nmap 4.65 - Network port scanner Nessus 3.2.1 - Vulnerability assessment tool Immunity Debugger ...

Posted in Coding, General BS, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments

What you need to know about HTTP Verb Tampering

Wednesday, June 4th, 2008

Recently Arshan Dabirsiaghi, Director of Research of Aspect Security, published a white paper entitled “Bypassing URL Authentication and Authorization with HTTP Verb Tampering”. Initially there was a lot of confusion about what exactly was being explained or claimed. Including, is it real? Is it novel? Is it dangerous? What is ...

Posted in Coding, Internet, Privacy, Security | No Comments

Malware & MySQL - Believe it!

Tuesday, June 3rd, 2008

Most malware tends to store stolen credentials and information in make-shift text files, which are then forwarded to the author via email or another protocol. However, the use of scalable and robust solutions is becoming more popular in the malware community. In fact, it is becoming increasingly popular for malware ...

Posted in Coding, Internet, Privacy, Security | No Comments

XSS Methods Also Seen Being Used in Mass Compromises

Sunday, June 1st, 2008

XSS (Cross-Site Scripting) Very Much Alive and Kicking We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...

Posted in Coding, Internet, Security | No Comments

Previous Entries
Next Entries  
Copyright 2008-2009 PC Sympathy - Entries (RSS) - Comments (RSS) - Sitemap