Once again SANS has released it’s “Top 20” security risks for 2007. This is always a good report and I recommend all security professionals read it. This year they give highlight to two increasing attack vectors, users who are easily misled (aka: Social Engineering) and custom built web applications. Either of these should be of […]
SANS Top 20 for 2007 Released Read More »
I have been trying to find a better way to manage passwords for web sites, application login’s, email, etc…I have been using OS X’s Keychain application for this in the past but I was concerned with the security of the application and the fact that I couldn’t move my password “database” to another non-OS X
Secure, portable password management with Password Safe Read More »
This was a hard one to categorize as I have a Video Game Console Hack section but this really isn’t a hack…it looks like a New Zealand security researcher determined that cracking password hashes on a Playstation 3 via brute force is much faster (100 times actually) then cracking on Intel based hardware. From the
Crack passwords with your Playstation 3! Read More »
As I am sure all of you are already aware…the UK recently had their biggest data breach ever. 25 million (close to half of the population in the UK) personal records which include names of children, the equivalent of the SSN in the US, address, and certain bank info. Interesting read about this incident over
UK’s Biggest Data Breach Ever: HMRC Read More »
I decided to setup a little wardriving experiment to really get an idea on how many people are still using WEP to secure their wireless access points. I also wanted to find out if people really still setup a wireless network without encryption. You would think that most people would at least use WEP right?
The Wardriving Experiment – Part 1 Read More »
Looks like Thomas over at de-ice.net (creator of the De-ICE Pentest LiveCD’s) has started online training for beginning pen testers. Looks pretty affordable at only $395. He also has a special for $100 for the first 100 that sign up. Here are some details on the training from Thomas’ web site: “PenTesting Fundamentals” The following
De-ICE.net Online Training Announcement Read More »
In doing a recent pen test…just a reminder to not forget about easy things that a DBA might over look like keeping around a dangerous stored procedure like xp_cmdshell. While most of us spend time trying to figure out complex and creative ways to get into systems…sometimes it’s the simple things that get over looked.
Don’t forget about xp_cmdshell Read More »
Found an announcement of an update to a wireless pen test tool called WifiZoo. I have been meaning to play with this tool but I just haven’t had the time. I like the fact that I don’t have to use Wireshark or another tool like Ettercap to get packet data read (ie: user names/passwords). Pretty
WifiZoo v1.2 – Gather Wifi Information Passively Read More »
Here is a product that is truly revolutionary. A company called WiebeTech has developed a technology that allows forensic investigators (ie: Police) the ability to move a powered on computer. Their product called “HotPlug” basically gives you the ability to unplug a live computer (if plugged into a power strip or wall outlet) and transport
Transport a live computer without shutting it down Read More »
I recently wrote about some other Firefox plugins which allow you to manipulate and hack web pages. Looks like there is another set of tools called “ExploitMe” which allows for SQL Injection and XSS (Cross Site Scripting), and web service testing. From the article: “The ExploitMe tools — which are in currently in beta form
More Firefox application testing plugins: ExploitMe Read More »
