SQLmap is a security tool that can check your site for sql injection vulnerabilities.
Fun with Trams
An article on the site of Bruce Schneier talks about “hacking Trams” via TV remote control.
Why would you need remote controls when most of the control cupboards are only protected with a generic lock for which you can find a key in any decent store? It’s much more fun figuring out what the function of the different buttons are if you’re closer to the “vehicle”.
Flash UPnP attack
An interesting read on gnucitizen.org on the UPnP attack via Flash.
A user visiting a webpage that is hosting a malicious SWF file (Flash) might allow an attacker to remotely take control of UPnP devices (like routers) on the users’ private network. Because of the lack of authentication mechanisms this can happen without any user authentication.
A successful attack would allow an attacker to change the firewall setup or administrative setup of broadband modems. Most … Read more.
log system security events to twitter
An article on the blog of Evan Weaver talks about having you logs forwarded to twitter.
It doesn’t sound like such a good idea because you’re relying on the “privacy” protection mechanism of Twitter. This mechanism is acting as a black box so you could as well not be using any protection mechanism.
The idea itself isn’t that bad, having your critical messages (like process xxx not running)- forwarded to twitter might be more useful … Read more.
Networking Monitoring Tools
A list of useful networking monitoring tools. This is not a Top 10 or Top 5 or Top whatever, the usefulness of these applications depends on your environment and what exactly you want to monitor for.
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run … Read more.
Snort 3.0 Architecture Serie
If you care at all about Snort you must read Snort 3.0 Architecture Series by Marty Roesch.
Passive Monitoring of DNS Anomalies
Op Dimva 2007 een heel interessante lezing gevolgd van Bojan Zdrnja. Hij vertelde op’n heel simpele manier hoe hij aan de hand van de queries op DNS-servers het gedrag van botnets (en malware in het algemeen onderzocht).
… later meer …
Powered by ScribeFire.
DIMVA 2007, Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment
From Wednesday 11 July until Friday 14 July I’ll attend Dimva 2007, the Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment in Luzern.
If someone wants to hang out during this conference then feel free to drop me a note. Outside the conference hours I’ll probably be paying for beers at an Irish pub.
ARP Cache Poisoning Incident
Op de blog van Neil Carpenter, een medewerker van Microsoft van het PSS Security Support Team, valt er een interessant artikel te lezen over een ARP Cache Poisoning Incident.
De auteur beschrijft een situatie waarbij bij welke web-request een iframe werd ingevuld. Na hun onderzoek kwamen ze er op uit dat de invoegingen gebeurden via’n gehackte machine die zich via ARP packets als de nieuwe default gateway bekend maakte.
De worm Worm.Delf.fs is één van … Read more.
Phrack 64 ; of toch niet helemaal
Een nieuwe hoax vertelde over de laatste versie van het hacker magazine Phrack . De nieuwe editie zou te vinden zijn op Phrack.ru. Let op de “.ru” ….
Op het archief van Full-Disclosure staan nog enkele van de “nieuwe” artikels :
PHRACK 64: INTRODUCTION PHRACK 64: YOUTUBE IS THE ATTACK PHRACK 64: PHRACK WORLD NEWS PHRACK 64: THE UNDERGROUND SCENE PHRACK 64: PROPEDOPHILE PHRACK 64: AUTOMATED VULNERABILITY AUDITING IN MACHINE CODE PHRACK 64: THE … Read more.
