Update 19:00 – Also related to this is this post by Carlos Perez, Unfortunately the script is not yet in the metasploit trunk today. But you can download it and copy it to the appropriate folders in the meantime. So, I compromised a Win2k8 R2 x64 host during a pen test and wanted to dump …
Feedback and/or contributions to make this better are appreciated and welcome For those interested, there was also a technical article posted over the weekend: SSH Service: How to set it up in Backtrack without getting pwned Remember, sometimes the funny section has some food for thought 🙂 Highlighted quotes of the week: ‘”You have won …
Category Index Hacking Incidents / Cybercrime Unpatched vulnerabilities Software Updates Business Case for Security Web Technologies Network security Database Security Cloud Security Mobile Security Privacy / Human rights General Funny Hacking Incidents / Cybercrime Facebook may have leaked hundreds of thousands of user details [www.scmagazineuk.com] A Facebook privacy flaw has led to personal information …
SSH provides shell access and as such it is one of the services that must be secured as well as it is possible. Step 0a – Change the default password IMPORTANT!: The first thing to do with Backtrack is to change the default password: To start the SSH service having the default password enabled is …
Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Data breach incidents cost U.S. companies $214 per compromised customer record in 2010. The average total per-incident cost in 2010 was $7.2 million. Additionally, brand damage can be significant.” – Ponemon Institute’s sixth annual U.S. Cost of a Data …
Category Index Hacking incidents / Cybercrime Unpatched vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Mobile Security Cloud Security Privacy Funny Hacking incidents / Cybercrime LastPass Forces Users to Pick Another Password [krebsonsecurity.com] LastPass.com, a free password management service that lets users unlock access to all of their password protected sites …
Do you still believe input validation is enough to fix Cross Site Scripting (XSS)? Billy Hoffman said it best at Schmoocon 2007 (4 years ago!!!) in his talk “JavaScript Malware for a Grey Goo Tomorrow” (fast forward to Q & A, minute 51:45): Person in the audience asks: “You said that AJAX doesn’t really change …
Update 01/08/2011: The videos are now up here. Thank you Tomasz! Update: Thanks to Jamie Duxbury (@w1bble) for hosting most of the pictures linked to from this page. I thought it was Soraya for some reason, sorry :). As I mentioned earlier: I was really honoured to attend BSides London and DC4420, aka Defcon London …
Thanks to Toby for contributing to this security news bulletin! I was honoured to attend BSides London and DC4420, aka Defcon London both of which were a blast this Wednesday and an obligatory blog post will follow hopefully this evening. Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the …
Category Index Hacking Incidents / Cybercrime Software Updates Business Case for Security Web Technologies Network Security Database Security Mobile Security Privacy General Hacking Incidents / Cybercrime Russian news reports that 20-year-old Ivan Kaspersky was kidnapped and his captors are demanding ransom [www.darkreading.com] [4/22/11 UPDATE: Russian media this morning are reporting that Ivan Kaspersky has …