Wednesday, April 9th, 2008
A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.
Wfuzz is a tool designed for bruteforcing Web Applications, ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Tuesday, April 8th, 2008
Microsoft continued to release formerly closely-held application protocol documentation Tuesday, posting 14,000 pages of information for Microsoft Office 2007, SharePoint Server 2007 and Exchange Server 2007 at MSDN, a Web site for developers.
The protocol information released includes protocols that allow Exchange Server to communicate with Outlook and those used by Office ...
Posted in Coding, General BS, Internet, Privacy, Software, Windows | No Comments
Tuesday, April 8th, 2008
Researcher Dan Kaminsky plans to show how a web-based attack could be used to seize control of certain routers.
Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind ...
Posted in Hardware, Internet, Privacy, Security | 1 Comment
Monday, April 7th, 2008
Billy Rios has discovered a vulnerability in the Google Code service which could be exploited to steal passwords from developers who have registered on the site. The Google Security Team has since fixed the vulnerability.
Rios succeeded in gaining cross-domain access by uploading a crafted Java applet to a project on ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Monday, April 7th, 2008
A loyal ISC reader pointed us to this note from AUSCERT. The basic story is that HP has optional "floppy USB keys" for some of their Proliant servers. The 256 KB and 1 GB versions include a batch that also came with 'W32.Fakerecy' or W32.SillyFDC' designed to infect your machine ...
Posted in Hardware, Privacy, Security | No Comments
