Tuesday, August 5th, 2008
PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection.
This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.
The injected DLL installs some hooks and ...
Posted in Internet, Security, Software | No Comments
Monday, August 4th, 2008
Most of the major security suite vendors release their new editions in the fall, but some run ahead or behind the rest of the pack. With the release of Kaspersky Internet Security 2009 the fall flood of security suites has officially begun. I'm working on two other suites right now, ...
Posted in General BS, Hardware, Linux, Software, Windows | No Comments
Wednesday, July 30th, 2008
It’s déjà vu all over again. Whitelisting technology has enjoyed a resurgence of interest lately, with antivirus companies such as Symantec, McAfee, and Microsoft planning to add it to their blacklisting-based malware detection tools and some enterprises even dropping AV altogether in favor of whitelisting alone. All thanks to the ...
Posted in Internet, Privacy, Security, Software | No Comments
Tuesday, July 29th, 2008
A recent study of Web browser installations showed that far too few are up to date with the latest security patches. And browsers aren't alone; as my dear old mum can attest, it can be hard to keep up with OS and application patches when all you want to do ...
Posted in Internet, Privacy, Security, Software | No Comments
Tuesday, July 29th, 2008
An Argentinian security researcher has published a security exploit toolkit targeting the update mechanisms of Java, Mac OS X, OpenOffice.org and other software, and relying on man-in-the-middle techniques such as those made possible by the recently disclosed DNS security hole.
The toolkit, ISR-Evilgrade 1.0, was released by Francisco Amato, a researcher ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
