Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

Wednesday, April 9th, 2008

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon. Wfuzz is a tool designed for bruteforcing Web Applications, ...

Microsoft Releases 14,000 Pages Of Trade Secrets

Tuesday, April 8th, 2008

Microsoft continued to release formerly closely-held application protocol documentation Tuesday, posting 14,000 pages of information for Microsoft Office 2007, SharePoint Server 2007 and Exchange Server 2007 at MSDN, a Web site for developers. The protocol information released includes protocols that allow Exchange Server to communicate with Outlook and those used by Office ...

Password theft via vulnerability in Google code

Monday, April 7th, 2008

Billy Rios has discovered a vulnerability in the Google Code service which could be exploited to steal passwords from developers who have registered on the site. The Google Security Team has since fixed the vulnerability. Rios succeeded in gaining cross-domain access by uploading a crafted Java applet to a project on ...

Before Patch Tuesday, There Were Malware

Monday, April 7th, 2008

Recycling an old social engineering technique and using two different attack methods, a new spam run emerges as a threat to Web users before Microsoft’s Patch Tuesday. And not because it exploits soon-to-be named vulnerabilities. What this spamming operation takes advantage of is the anticipation itself for the release of patches ...

Storm Blogs

Monday, April 7th, 2008

Storm has once again turned its eye to the blogging community, specifically the Blogspot.com community. Several blogger sites with random or very quirky names have been sporting a love theme, Storm style. These sites appear to have been created solely for Storm's purposes and no legitimate blogger site has of yet ...