Technology: Submitted by Wade on 26-Nov-06 at 09:01am
The somewhat contentious inclusion of Radio Frequency Identification (RFID) tags into clothing and other products provides a new, but somewhat slow, method of communication: "Transmission of IP Datagrams on Human Carriers". Whilst this falls under the same umbrella as the 1990 April Fools Day RFC for transmitting IP over carrier pigeon, it is still possible and probably quicker.
Site News: Submitted by Wade on 22-Oct-06 at 09:34pm
The latest version of BeEF (0.3.1.1) has more functionality including distributed ports scanning, target zombie selection and autorun modules.
BeEF (Browser Exploitation Framework) Beta Released
Security: Submitted by Wade on 24-Aug-06 at 07:13pm
BeEF the browser exploitation framework has been released. The current version is beta and still a work in progress but it should be easy to install.
Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.
Security: Submitted by Wade on 02-Aug-06 at 07:56pm
Attacks from browsers are increasing in sophistication and researchers are focusing more resources in this area. Recently, a javascript port scanner was published that was based on a SPI Dynamics paper. The scanner is entirely encapsulated within the web browser.
It doesn’t take an Einstein to start linking web application attack vectors. In the “Inter-browser Communication” (IBC) blog I illustrated one basic method to maintain indirect real-time control over a browser (including data transfer). Using IBC it possible to load tools (in real-time) such as a port scanner to the controlled browser and retrieve the results. Following this logic, an entire HTTP Suite can be developed to attack internal networks using the browser as an unsuspecting proxy. Not to mention the extra dimensions that XSS viruses add.
John The Ripper MPI Patch Updated
Site News: Submitted by Wade on 30-Jul-06 at 07:17pm
After lots of interest in the John The Ripper MPI Patch it has been updated. Also, a pre-patched version can now be downloaded to.
Security: Submitted by Wade on 14-Jun-06 at 12:08am
Details are still emerging, but it looks like yahoo mail has been hit with a cross-site scripting virus/worm.
http://it.slashdot.org/it/06/06/13/1226209.shtml
http://www.theregister.com/2006/06/12/javscript_worm_targets_yahoo/
Yahoo has now fixed the issue
The Biological-Digital Bridge (BDB)
Security: Submitted by Wade on 12-Jun-06 at 12:58pm
Possible, probable, impossible, hypothetical, conspiracy, aliens, or a moot debate... Mapping the human genome completed in 2003 and today scientists within the realm of Genetic Engineering manipulate the DNA sequence of cells, usually with the aim of expressing a protein . Software is an integral part of this technology, allowing DNA sequences to be read, manipulated (written), cataloged and processed.
Site News: Submitted by Wade on 10-Jun-06 at 10:46pm
A John The Ripper MPI Patch has been added to bindshell tools.
This is an updated version of Ryan Lim's patch for john the ripper to support MPI, in addition to a large number of third party patches to support additional ciphers and such.
MassResolve: Multi-threaded Reverse DNS Lookup
Site News: Submitted by Wade on 29-May-06 at 09:46pm
MassResolve is now is available on tools page. This program performs multi-threaded reverse DNS lookups. It can be passed a netblock or a file of IP addresses to process.
Security: Submitted by Wade on 28-May-06 at 10:59pm
Cross-site scripting (XSS) models are commonly thought to be the server controlling the browser. That is, all commands have come from code residing on the server. This is not necessarily the case. Control can be one browser (in)directly controlling/communicating to another. One method of browser-to-browser communication is employing an intermediate web server.