On CBS.com: HD may burn your eyes
BNET Business Network:
BNET
TechRepublic
ZDNet
From Metasploit to Microsoft: Skape goes to Redmond
Metasploit developer Matt Miller, who for years frustrated Microsoft officials with the public release of Windows exploits, is heading to Redmond to join Microsoft's Security Science team. Miller, who uses the hacker moniker Skape,will work on improved ways to find security vulnerabilities and better software defenses through...
Tags: Developer, Microsoft Corp., Matt Miller, Microsoft Windows, Operating Systems, Software, Ryan Naraine
Blog posts 2008-08-18
Microsoft joins 'patch DNS now' chant; Apple patch missing
On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...
Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine
Blog posts 2008-07-25
Fast-Fluxing SQL injection attacks executed from the Asprox botnet
The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling...
Tags: Microsoft .NET, Domain, SQL, SQL Injection, Asprox, Com, Programming Languages, Phishing, Databases, Security, Software Development, Software/Web Development, Spam And Phishing, Enterprise Software, Software, Data Management, Dancho Danchev
Blog posts 2008-05-19
IPS - Implementing Cisco Intrusion Prevention System v6.0
View Available Dates and LocationsIn this Global Knowledge-enhanced course, you will gain the skills required to deploy Cisco's recently updated version 6.0 network-based Intrusion Prevention System IPS. New features added to version 6.0 include virtual sensor support, passive OS fingerprinting, and anomaly detection. The course introduces...
Tags: Intrusion Prevention System, Sensor, Cisco Systems Inc., Intrusion Prevention, Security
Training 2008-01-01
German security shop challenges anti-hacker laws
Fed up with the "ambiguity and confusion" surrounding Germany's controversial anti-hacker laws, a private security research firm has put its hacking tools back online as part of a public test of the interpretation of the new law. n.runs AG, a well-known penetration testing shop that counts Microsoft...
Tags: Germany, Law, Tool, Phenoelit, Productivity, Security, Hacking, Ryan Naraine
Blog posts 2007-09-26
Exploits, security tools disappear as German anti-hacker law takes effect
Security professionals in Germany have started removing exploits and hacking tools from the Internet in response to a new German law that expressly forbids the distribution of any software that can be used in computer/network attacks.Stefan Esser left, the PHP security guru behind the recent Month of PHP Bugs project,...
Tags: Security, Law, Tool, Security Tool, Ryan Naraine
Blog posts 2007-08-13
Microsoft's advisories giving clues to hackers
Hows this for a new twist on the old responsible disclosure debate: Hackers are taking advantage of information released in Microsofts security advisories to create exploits for unpatched security vulnerabilities.The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within...
Tags: Exploit code, Data theft, Browsers, Botnets, Black Hat, Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers
Blog posts 2007-04-16
Microsoft, responsible disclosure, and that 2-year-old kernel flaw
A few weeks ago, I wrote about a Windows kernel vulnerability that was reported to Microsoft on October 22, 2004 and remained unpatched for more than two years.This is a bug I've been following closely since last November when Cesar Cerrudo, the hacker who found it, got tired of waiting...
Tags: Data theft, Browsers, Vulnerability research, Punditocracy, Pen testing, Hackers, Zero-day attacks, Viruses and Worms, Responsible disclosure, Patch Watch, Microsoft, Metasploit, Exploit code
Blog posts 2007-04-09
Hacking with Metasploit on a Nokia N800
Earlier this month at the RSA conference, I got a chance to see a demo of Immunitys Silica, a $3600 handheld devide that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform. ...
Tags: Data theft, Exploit code, Hackers, Metasploit, Open source, Pen testing, Vulnerability research, Wi-Fi security
Blog posts 2007-02-25
Wi-Fi hacking, with a handheld PDA
SAN FRANCISCO -- The palm-sized PDA tucked away in Justine Aitels pocketbook just might be the most scary device on display at this years RSA security conference. Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access...
Tags: Hackers, Zero-day attacks, Vulnerability research, Exploit code, Data theft, Open source, Pen testing, Justine Aitel, Silica
Blog posts 2007-02-06
Military computers attacked from Chinese computers - but who's doing the hacking?
Someone - or many someones - using computers based in China is launching a large-scale attack on nonclassifed US government computers - including the Defense, State, Energy and Homeland Security departments. But government officials told the Washington Post, it's not clear whether that's the Chinese government, other governments, or just...
Tags: PLA, CHINA IS, network, computer
Blog posts 2005-08-26
PPTP VPN authentication protocol proven very susceptible to attack
Later today, Joshua Wright will release an upgraded version of his ultra-high speed password cracking tool called ASLEAP . For those of you already familiar with ASLEAP, you might be wondering what this has to do with Microsoft's PPTP VPN protocol since ASLEAP is a LEAP authentication dictionary attack tool....
Tags: PPTP, password, ASLEAP
Blog posts 2004-12-17
  • << Previous
  • page 1 of 1
  • Next >>
advertisement
Click Here