Author Archives:
pwntooth v0.2.1 | Hackerjournals Tools
Another interesting tool – pwntooth v0.2.1 – for automated bluetooth penetration testing: pwntooth v0.2.1 “pwntooth (pown-tooth) is designed to automate Bluetooth Pen-Testing. It scans for devices, then runs the tools specified in the pwntooth.conf; included blueper, bluesnarfer, Bluetooth Stack Smasher (BSS), carwhisperer, psm_scan, rfcomm_scan, and vcardblaster. pwntooth is a fully automated “search and destroy” tool [...]
Cybersecurity is ‘really about the people,’ official says
Cybersecurity is ‘really about the people,’ official says (10/21/10) — GovExec.com. Interesting and somewhat true – here’s the statement that I really get: “If you have the right people, technology processes and other things don’t matter that much. If you don’t, technology processes and other things don’t matter that much. It’s really about the people.” [...]
Watch out for "Firesheep"
There’s a new Firefox plug-in out there that allows you to sniff unsecured wireless traffic, and gain access to other peoples Facebook, Twitter accounts etc – basically session hacking. Sounds too simple right? Unfortunately it is that simple. Techcrunch did a write up on it and I decided to install and test it – it [...]
Computer consultant accused of hacking into Houston Healthcare database
Computer consultant accused of hacking into Houston Healthcare database – Crime & Courts – Macon.com. This is a classic example of what not to do to get a job. A talented information security person no doubt, but stuck in an encapsulated thought process. It may have been an ‘innocent’ attempt at impressing IT to get [...]
Kaspersky hit by cyber criminals?
UPDATED: Kaspersky hit by cyber criminals? | IT PRO. It seems the unthinkable has happened – according to reports an attack hit their site on Sunday and exploited a vulnerability in a third party application. They say the ‘fake anti-virus’ redirection was in place for around three and a half hours. This is a company [...]
A tip to spawn tty shell in webshell
This is a handy little nugget! Try it – it works! A tip to spawn tty shell in webshell Author: akshell – Site: http://linuxpentest.com During pen-test , some times we may need to get a tty shell to use ssh, vi or something like that. But the problem we meet is that we only have [...]
Newly Discovered Evasion Method For Targeted Attacks Silently Bypasses Network, Application Security
Newly Discovered Evasion Method For Targeted Attacks Silently Bypasses Network, Application Security – DarkReading. Now this is a scary one – this is an method that uses vulnerabilities inherent in IDS/IPS and WAF’s to sneak in and execute attacks. “It takes advantage of the fact that the TCP protocol allows conservative creation of packets, but [...]
Six enterprise security leaks you should plug now
Six enterprise security leaks you should plug now. Here’s the list from the article. There is a lot more detail in the article and it makes for interesting reading, especially if you weren’t expecting to see a couple of those in there. 1. Unauthorized smartphones on Wi-Fi networks 2. Open ports on a network printer [...]
BLADE: Can it stop drive-by malware?
BLADE: Can it stop drive-by malware? | IT Security | TechRepublic.com. BLADE (BLock All Drive-by download Exploits) Here’s a promising development for negating drive by malware. BLADE a browser-independent operating system kernel extension designed to prevent unauthorized content execution. The author, Michael Kassner, interprets that to mean BLADE intercepts all downloaded content that has not [...]
