A nice video demonstration of the plenty of fish hack by Chris ...
[ youtube video ]
Packets Don't Lie
Monday, January 31, 2011
Friday, January 28, 2011
JavaScript Insanity for XSS
Add XSSF to Metasploit Framework on Ubuntu
The XSS Framework (XSSF) is able to manage victims of a generic XSS attack and hold an existing connection with JavaScript loop refreshing in order to allow future browser-based attacks. After injection of the generic attack (resource “loop” generated by XSSF), each victim will ask the attack server (every “x” seconds) if new commands are available... [ more ]
Thursday, January 20, 2011
inSSIDer 2 for Linux (alpha)
I'm not sure if you are aware, but there is a new version of InSSIDer for Linux that just hit the streets. You can read more about this at:
It's exciting for us since we have decided to build an integration with InSSIDer for our AirMinder solution. That's right! You will soon be able to scan with inssider and upload the results of your scan directly to the AirMinder service. The logical question would be - so when will this be available? Well....that we have yet to determine, but it shouldn't be too far down the road.
Check back on our website at:
for all of the latest details!
Wednesday, January 19, 2011
Cyberattacks on social networks doubled in 2010
Spam, phishing and malware attacks on social-networking sites in 2010 were double in number from the year before, according to a new review of cyberthreats.
Released Wednesday, Sophos’ Security Threat Report 2011 explains that the rapid growth of social-networking sites — most prominently Facebook — has made them sitting targets for attackers.
Sophos asked social-networking users whether they’d received spam, phishing e-mails or malware attacks through last December. Sixty-seven percent of people reported spam (up from 33.4 percent in April 2009); 43 percent phishing messages (up from 21 percent); and malware attacks jumped to 40 percent from 21.2 percent.
"Once you break into a Facebook account, it’s a treasure trove," Graham Cluley, senior technology consultant for Sophos, told SecurityNewsDaily. "The user has laid out their personal information for you, including a long list of friends and relationships."
All a hacker has to do is trick the user into divulging some of that personal information, and it can then be sold to advertisers or used for any number of criminal acts, including identity theft.
The fact that Facebook does not screen third-party apps is a serious security flaw, the report notes. The policy allows rogue applications to roam freely throughout the site, preying on a pool of 600 million people.
[ more ]
Friday, January 7, 2011
GAWN in 60 seconds
I attended Josh Wright's SEC617 training and have been attempting to study/prep for the GAWN Certification. Well, with the holidays, work and such I now only have 30 days left so I thought I'd document my journey. I have a pretty decent wlan hacking pedigree, but I'll expose more details for those who are just interested in following along at home. The GIAC certs allow printed materials, but to use the books from the course you'll need to create a Table Of Contents and Index. These are posted
http://www.willhackforsushi.com/?p=503
from the previous class but they needed updating, so that's where I started. The Table of contents is finished and index is almost there. It's amazing how much you refresh your memory converting and/or creating these. I hope to have these finished and use them for the pretest in the next few weeks. I'll post them as well.
http://www.willhackforsushi.com/?p=503
from the previous class but they needed updating, so that's where I started. The Table of contents is finished and index is almost there. It's amazing how much you refresh your memory converting and/or creating these. I hope to have these finished and use them for the pretest in the next few weeks. I'll post them as well.
Subscribe to:
Posts (Atom)