Buffer Overflow Attack Tutorial - Backtrack 5 StumbleUpon Diigo Delicious
BlackHole Exploit Kit 2.0 released with more latest Exploits | THN Security and Hacking News According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security holes in order to install malicious software on victim's systems. The new variant doesn’t rely on plugindetect to determine the Java version that’s installed, thus speeding up the malware download process.
Blackhole exploit kit The supposedly Russian creators use the names "HodLuM" and "Paunch". It was reported on the October 7, 2013 that "Paunch" has been arrested. Basic summary of how Blackhole works Defenses against the Blackhole exploit kit
This is a new format of blog post I’m trying out. The idea is to put key points about a technology into easily digestible bullet points. I’ll draw from textbook knowledge and real-world experience to sum up the “what” and the “why”. If you know “what” and “why”, the “how” becomes an exercise in syntax which you can look up, so I probably won’t belabor individual coding steps as much. Five Things To Know About DHCP Snooping
Online security must be a priority for retailers - ICO news release News release: 9 August 2011 Cosmetics retailer Lush breached the Data Protection Act after the security of its website was compromised for a four month period, the Information Commissioner’s Office (ICO) said today. The breach, which occurred between October 2010 and January 2011, meant that hackers were able to access the payment details of 5,000 customers who had previously shopped on the company’s website. As a result of the breach, the ICO has required Lush to sign an undertaking to ensure that future customer credit card data will be processed in accordance with the Payment Card Industry Data Security Standard. The ICO is taking this opportunity to warn online retailers that if they do not adopt this standard, or provide equivalent protection when processing customers’ credit card details, they risk enforcement action from the ICO.
I came across this gem on the Visa website: Trojan Horse virus What’s a Trojan Horse virus? A Trojan Horse is an email virus usually released by an email attachment. If opened, it will scour your hard drive for any personal and financial information such as your social security, account, and PIN numbers. Once it has collected your info, it is sent to a thief’s database. What’s a Trojan Horse virus?
Public wifi hotspots and restricted internet access More and more, you can find public wireless hotspots, in cities, train stations, airports... and even some public hotspots that are available with a subscription, accessible through a web login form. The thing is, most of the time, these hospots will have a reduced connectivity. Only some ports and protocols will be allowed. For instance, you may be restricted to HTTP, HTTPS, POP and SMTP. How to bypass strict firewalls on public wifi hotspots and restricted networks, by tunneling blocked ports and protocols - verot.net
Yes, You can build a GSM basestation using an USRP and the OpenBTS. What you do, is announce that you are a basestation for i.e. AT&T, and if you have better signal power than other basestations in the area, AT&T cellular phones will start connecting to your basestation. Normally, the mobile phones would encrypt the sent data using keys that only AT&T knows, but if you tell the phones not to encrypt, they gladly oblige. At this point, you will be acting as their basestation. sniffer - Mobile numbers capture and transmit data - IT Security
Learn from my mistakes as I figure out how to gather forensics data on an ext4 filesystem. One great thing about writing technical articles is that you have a nice collection of documentation you can turn to. I tell people that I probably reference my books and articles more than anyone else, because although I may not always remember specific steps to perform a task, I do always remember whether I wrote about how to do it. One article I find myself referring to now and then is the "Introduction to Forensics" article I wrote in Linux Journal back in the January 2008 issue (my first feature article in Linux Journal). Hack and / - Forensics with Ext4
Social Engineering In Penetration Testing Registration « Social-Engineer.Com – Professional Social Engineering Training and Services Thank you for your interest in registering for one of the upcoming Social Engineering In Penetration Testing 5-day courses. * 5-Days of Intense Social Engineering Penetration Testing Training * Hands-On Exercises * Performance Based Certification * The only course of its kind
Bitcoin mining is so last year. Put your expensive GPU to use cracking passwords. When the Bitcoin mining craze hit its peak, I felt the tug to join this new community and make some easy money. I wasn't drawn only by the money; the concepts behind Bitcoin mining intrigued me, in particular the new use of graphics processors (GPUs). Hack and / - Password Cracking with GPUs, Part I: the Setup
Security Assessment - Home Security-Assessment.com is a purist security company, with a strong focus on research and development. This is delivered in the form of world-class advisory and assurance services to large and medium size enterprises that require a true independent measurement of security compliance, and who need specialist advice to improve their overall information security stance. We are a trusted partner providing clients with on-going assurance services and advice to support informed decision making regarding security and risk for their business. Security-Assessment.com helps design security into the organisational practices rather than through tactical or technological solutions.
Update (19 March 2013): This blog post advises to use RC4 to migitate the BEAST attack, but RC4 has recently been discovered to be weaker than previously known. At this point the attacks against RC4 are still not practical. The only fully safe choice at the moment is the AES-GCM suites supported only in TLS 1.2. Mitigating the BEAST attack on TLS | Qualys Security Labs | Qualys Community