BeautyandBoost.com
Music
‘security’ Archives
NIST encryption standard may have NSA backdoor
According to security experts, an algorithm for generating random numbers that is included in an official standard documented by the National Institute of Standards and Technology (NIST) could potentially include a backdoor planted by the NSA. In a recent blog entry, cryptographer Bruce Schneier describes research that was presented by his [...]
Using Google to match MD5 password hashes
One of the steps used by the attacker who compromised a friend's Blog a few weeks ago was to create an account (which he promoted to administrator). I quickly disabled the account, but while doing forensics, I thought it would be interesting to find out the account password. Wordpress stores raw MD5 hashes in the user database (despite many [...]
Over 10 offers to pay student hacker’s fine
Chinese undergraduate Zhao Ke, fined $15,000 for hacking into his former school's computer network, has received "over ten" offers to help pay his fine. At least two law firms here, including Allen & Gledhill, have also offered to help him appeal the sentence. The 21-year-old who is doing a double degree in engineering and economics on a [...]
Recovering Windows passwords with Linux
If you lose a Windows password, or you buy a system that has an OS on it, but you don't know the password, what are you to do? The best thing to do would be to throw in a Linux CD, format the drive, and install the Distro. But, what if you want to boot to the system and see what's on there, and get data off? (more...)
Intro to Reverse Engineering – Part 2
In Part 1, Intro to Reverse Engineering - No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We're proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap [...]
ExploitMe: Free Firefox Plugin
Dark Reading covers the upcoming release of free Firefox plug-ins that test common web application vulnerabilities. As with most security tools, they could be used for good or ill. "The ExploitMe tools -- which are in currently in beta form -- include SQL Inject-Me, which lets you right-click on an HTML field in your Firefox browser and inject [...]
Intro to Reverse Engineering
Last time we went over the C programming language in an introductory article specifically focusing on getting the security professional on the road to coding (or at least the road to understanding). This time around we extend the series of coding articles for non-programmers with an area of high interest in the infosec community, reverse [...]
BackTrack 2 Virtual Appliance
The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Mati Aharoni, specifically for the EH-Net Community: Metasploit updated to [...]
Technical Advances Make Your Passwords Practically Worthless
Russian outfit Elcomsoft has just filed for a US patent which leverages GPUs to crack passwords. Their approach harnesses the massively parallel processing capabilities of modern graphics cards to make minced-meat of corporate-strength password protection. (more...)
Online Poker World Rocked by Hack
Chief of Absolute Poker site says 'consultant' developed method to look at others' hole cards without their knowledge OCTOBER 22, 2007 | The controversy has been swirling in online poker forums for a few weeks, but now it's official: Absolute Poker has been hacked. In a letter to regular players, Absolute Poker owner Joe Norton conceded that [...]
How to Turn Your Browser Into a Weapon
On Monday, I wrote about three of my favorite Firefox extensions that help me stay safe when I'm browsing the darker areas of the Web and incoming email. Today, let's look at three other extensions: Those that can turn Firefox into a feature-filled, Web-hacking weapon. These extensions aren't required to use Firefox for hacking Web applications, [...]
Insert Coin
Since I was asked by several peers in a computer course why the printer said Insert Quarter today, so I deemed this post necessary. It is amazing how unaware some people can be. This little perl script allows you to change the "Ready Message" on most HP printers to whatever you'd like. For the *nix intolerant: here is a link to a Windows binary [...]
Invasive Browser Sniffing
Using a number of sneaky attacks, it is possible for phishers and other Web-based bad guys to figure out which Web sites you regularly visit. While the fact that you frequently visit ESPN may not be a problem, such attack techniques can tell the phisher exactly which online bank you use, allowing her to tailor deception-based phishing emails so [...]
Exploits of a Mom
This quite possibly the best xkcd comics I've ever read. I've always wanted to name a kid with a MySQL code injection attack, or "+++ATH" or "^d^d^c^c^g^g^g^g". Anything to mess with database nation.
