| Wednesday October 22nd 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘security’ Archives

MySpace “Hacker” Tells His Story

MySpace “Hacker” Tells His Story

"If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he's not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm. Samy's worm wasn't malicious, but it did force News [...]

XSS Cheat Sheet

XSS Cheat Sheet

XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate XSS vectors or how to write the [...]

NIST encryption standard may have NSA backdoor

NIST encryption standard may have NSA backdoor

According to security experts, an algorithm for generating random numbers that is included in an official standard documented by the National Institute of Standards and Technology (NIST) could potentially include a backdoor planted by the NSA. In a recent blog entry, cryptographer Bruce Schneier describes research that was presented by his [...]

Using Google to match MD5 password hashes

Using Google to match MD5 password hashes

One of the steps used by the attacker who compromised a friend's Blog a few weeks ago was to create an account (which he promoted to administrator). I quickly disabled the account, but while doing forensics, I thought it would be interesting to find out the account password. Wordpress stores raw MD5 hashes in the user database (despite many [...]

Over 10 offers to pay student hacker’s fine

Over 10 offers to pay student hacker’s fine

Chinese undergraduate Zhao Ke, fined $15,000 for hacking into his former school's computer network, has received "over ten" offers to help pay his fine. At least two law firms here, including Allen & Gledhill, have also offered to help him appeal the sentence. The 21-year-old who is doing a double degree in engineering and economics on a [...]

Recovering Windows passwords with Linux

Recovering Windows passwords with Linux

If you lose a Windows password, or you buy a system that has an OS on it, but you don't know the password, what are you to do? The best thing to do would be to throw in a Linux CD, format the drive, and install the Distro. But, what if you want to boot to the system and see what's on there, and get data off? (more…)

Intro to Reverse Engineering – Part 2

Intro to Reverse Engineering – Part 2

In Part 1, Intro to Reverse Engineering - No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We're proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap [...]

ExploitMe: Free Firefox Plugin

Dark Reading covers the upcoming release of free Firefox plug-ins that test common web application vulnerabilities. As with most security tools, they could be used for good or ill. "The ExploitMe tools -- which are in currently in beta form -- include SQL Inject-Me, which lets you right-click on an HTML field in your Firefox browser and inject [...]

Intro to Reverse Engineering

Intro to Reverse Engineering

Last time we went over the C programming language in an introductory article specifically focusing on getting the security professional on the road to coding (or at least the road to understanding). This time around we extend the series of coding articles for non-programmers with an area of high interest in the infosec community, reverse [...]

BackTrack 2 Virtual Appliance

BackTrack 2 Virtual Appliance

The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Mati Aharoni, specifically for the EH-Net Community: Metasploit updated to [...]

Technical Advances Make Your Passwords Practically Worthless

Technical Advances Make Your Passwords Practically Worthless

Russian outfit Elcomsoft has just filed for a US patent which leverages GPUs to crack passwords. Their approach harnesses the massively parallel processing capabilities of modern graphics cards to make minced-meat of corporate-strength password protection. (more…)

Online Poker World Rocked by Hack

Online Poker World Rocked by Hack

Chief of Absolute Poker site says 'consultant' developed method to look at others' hole cards without their knowledge OCTOBER 22, 2007 | The controversy has been swirling in online poker forums for a few weeks, but now it's official: Absolute Poker has been hacked. In a letter to regular players, Absolute Poker owner Joe Norton conceded that [...]

How to Turn Your Browser Into a Weapon

How to Turn Your Browser Into a Weapon

On Monday, I wrote about three of my favorite Firefox extensions that help me stay safe when I'm browsing the darker areas of the Web and incoming email. Today, let's look at three other extensions: Those that can turn Firefox into a feature-filled, Web-hacking weapon. These extensions aren't required to use Firefox for hacking Web applications, [...]

Insert Coin

Insert Coin

Since I was asked by several peers in a computer course why the printer said Insert Quarter today, so I deemed this post necessary. It is amazing how unaware some people can be. This little perl script allows you to change the "Ready Message" on most HP printers to whatever you'd like. For the *nix intolerant: here is a link to a Windows binary [...]

Invasive Browser Sniffing

Invasive Browser Sniffing

Using a number of sneaky attacks, it is possible for phishers and other Web-based bad guys to figure out which Web sites you regularly visit. While the fact that you frequently visit ESPN may not be a problem, such attack techniques can tell the phisher exactly which online bank you use, allowing her to tailor deception-based phishing emails so [...]

Exploits of a Mom

Exploits of a Mom

This quite possibly the best xkcd comics I've ever read. I've always wanted to name a kid with a MySQL code injection attack, or "+++ATH" or "^d^d^c^c^g^g^g^g". Anything to mess with database nation.

 Page 14 of 14  « First  ... « 10  11  12  13  14