This year’s Executive Excess 2007 report found that “top executives averaged $10.8 million in total compensation, which is 364 times the pay of the average American worker.”

continue reading.....

Gold Lasso uses an open source infrastructure to power its email marketing business. Cofounders Elie Ashery and Michael Weisel say open source is the only way to keep prices down and “truly compete in the current marketplace.” And, they say, Gentoo Linux is the only way to keep their system truly secure. But finding employees who can manage a system built on Gentoo has been a challenge.

continue reading.....

Filed under: misc hacks

[Skylark] converted a pair of defective HDTV processing boards into his very own FPGA SHA-1 hash cracker. After two months of evening work, he ended up with 15 Virtex-II Pro FPGAs and 5 Spartan-II FPGAs to do his bidding. (FPGA’s aren’t cheap, so this rocks) Eventually he’s going to give it a web interface to allow cracking submissions on request. Great find on the boards and fantastic work [Skylark].

Read | Permalink | Email this | Linking Blogs | Comments

continue reading.....

Finstall is a modern installer for a modern FreeBSD system, with support for advanced features not present in sysinstall:

=> More information about project.
advanced features, freebsd installation, freebsd systemYou may also be interested in …Say hello to new Debian Etch GUI installerHowto install Linux on a Windows XP or NT systemFreeBSD Download Sun Java JDK and [...]

continue reading.....

Why did the comparison of Craig to the guy from the ‘hood’ so easily roll out of arresting officer Dave Karnsnia’s mouth? It didn’t seem to fit. Or did it?

continue reading.....

Why did the comparison of Craig to the guy from the ‘hood’ so easily roll out of arresting officer Dave Karnsnia’s mouth? It didn’t seem to fit. Or did it?

continue reading.....

Both Linux and Unix like oses comes with z commands. It allows you to read gzip compressed text files using zless, zcat and zmore etc. gzip reduces the size of the files using Lempel-Ziv coding (LZ77). Whenever possible, each file is replaced by one with the extension .gz, while [...]

continue reading.....

NIST has released a new guide on securing Web Services. It is a pretty good read for anyone who is planning to run WS, specifically Appendix A which lists Common WS Attack categories such as:
- Reconnaissance Attacks
- Privilege Escalation Attacks
- Attacks on Confidentiality
- Attacks on Integrity
- Denial of Service Attacks
- Command Injection
- Malicious Code Attacks

Protecting Web Services with ModSecurity

If you compile ModSecurity 2.x with XML support (with libxml2) and activate the libxml2.so file in httpd.conf, you can gain some protection for your WS traffic. While ModSecurity can not prevent every WS attack category listed above, it can certainly help to prevent a large number of the common HTTP attacks that now simply riding in the XML payloads.

XML Support in the Core Rules

Version 1.4 build 2 of the Core Rules introduced support for inspecting the the XML payloads of Web Services transactions. You can identify this by the inclusion of the XML:/* data in the variable listing. An example rule is listed below:


# Email Injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* "[\n\r]\s*(?:to|bcc|cc)\s*:.*?\@" \
"t:none,t:lowercase,t:urlDecode,capture,ctl:auditLogParts=+E,log,auditlog,msg:'Email Injection Attack. Matched signature &lt%{TX.0}&gt',,id:'950019',severity:'2'"


Since the Core Rules offers generic detection and does not tie specific attack payloads to specific parameters, the XML:/* variable is somewhat similar to the REQUEST_BODY payload in that ModSecurity will treat it as one large piece of data. This results in ModSecurity searching the entire XML payload looking for rule matches. For those ModSecurity users who are familiar with the 1.9.x branch, this is similar to the SecFilter rule processing where it performs a wider search for attacks as it does not know exactly where the input vectors are located. The side-effect is that there may be a performance hit if you WS XML payloads are large. If this is the case in your environment, they you will want to create some custom XML rules.

Custom XML Rules

ModSecurity can also be used to create custom rules for your WS application. Not only will this make the protection stronger and lowering the false positive rate, but you will also gain a performance boost when you specify full XPath locations in the variable list vs. the generic XML:/* variable that the Core Rules utilizes. We have created a use-case document entitled Securing Web Services with ModSecurity2 that will help to provide you with some examples of how to setup custom WS rules. Taking the previous Core Rule example, if we customize it for our WS application that is running at “/axis/getBalance.jws” and has one input parameter called “id”, then the new rule would look something like this -

&ltLocation /axis/getBalance.jws&gt
SecRule XML:/soap:Envelope/soap:Body/q1:getInput/id/text() "[\n\r]\s*(?:to|bcc|cc)\s*:.*?\@" \
"t:none,t:lowercase,t:urlDecode,capture,ctl:auditLogParts=+E,log,auditlog,xmlns:soap=http:// \
schemas.xmlsoap.org/soap/envelope/,xmlns:q1=http://DefaultNamespace,msg:'Email Injection Attack. Matched signature &lt%{TX.0}&gt',id:'950019',severity:'2'"
&lt/Location&gt

Notice the bolded portions of the ruleset where we have updated the XML variable to include a full XPath to our “id” input parameter and we also specified two xmlns actions to help ModSecurity to appropriately parse the payload.

continue reading.....

Fully-functional video drivers — ones capable of handling 3-D acceleration — remain one of the weak points of free software. The Free Software Foundation has declared them a high-priority project. Meanwhile, some distributions and even more users have resorted to using the proprietary drivers offered as free downloads by card manufacturers. One of the main projects attempting to provide complete, free drivers is focusing on developing the Avivo driver for the R500 and R600 cards from AMD/ATI, so-called after a specification first introduced in this line of cards. According to Jerome Glisse, who coordinates the development of the driver, progress is being made in the project, and “maybe by the end of this year, we might have some 3-D acceleration.”

continue reading.....

If you’ve been reading my blog for some time, you know that I have a serious issue with the proper way of measuring the success of security programs in organizations.

Executives will rant and rave over the “dashboard” concept. They want numbers, percentages, deltas, graphs, charts, and stick figure art. (Okay, I made that last one up – but it won’t surprise me when the request comes in.)

Here’s an example of a useless dashboard in action:

continue reading.....

Sending Email From PHP

This tutorial shows how you can easily send email messages from
a PHP-enabled web server. It can be utilized for processing forms data,
sending alerts, etc. It also explains a bit about email headers
formatting.

Read more…

continue reading.....

New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!).
For those that don’t know what pwdump or gfdump are..
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan an…

continue reading.....

Packet Sniffing

Many of our readers routinely ask us what ways they can capture packets to send …(more)…

continue reading.....

FileZilla is one great open source FTP client that — up until now — was available only for Windows. Version 3 is a ground-up rewrite that makes the application available for the first time on Linux, too.

continue reading.....

We regularly have readers inquire about recommendations for filtering bad IPs, networks, or in the w …(more)…

continue reading.....

I was looking at what my friend Stephen Lewis wrote in HakPakSak a few days ago — specifically “…newspapers’ roles as public trusts and cornerstones of our informational infrastructure — i.e. sources of solid information and independent commentary essential to informed citizenry, democratic government, effective public policy, and well-functioning economies”.. What this brought up for me is the notion that human beings are themselves infrastructural; especially when they are constuctive contributors to the structure we call civilization.

continue reading.....

A beautifully constructed timeline of Unix which includes modern day Unix descendants such as Solaris and Mac OSX as well as Linux. This timeline is not very much unlike the mind map of Linux I had created a long time back. But this timeline also provides …

continue reading.....

Spreadsheets are labor-intensive documents. Usually, their contents is entered carefully, one sheet at a time, at an input rate far below a text document. However, like most spreadsheets, OpenOffice.org has several tools for removing some of the drudgery from input.

continue reading.....

September 2007 is going to be a special month for the Ubuntu enthusiasts and would be converts. In this month, you get to view videos of accomplishing various tasks in Ubuntu at the rate of one screencast per day.

continue reading.....

Yahoo! Messenger 8.1.0.413 (webcam) Remote Crash Exploit

1.compile the dll.
2. choose “invite to view my webcam” to …

continue reading.....

/*
* MS07-046(GDI32.dll Integer overflow DOS) Proof Of Concept Code

* by Hong Gil-Dong & Chun Woo-Chi

* Yang …

continue reading.....

MSN messenger 7.x (8.0?) VIDEO Remote Heap Overflow Exploit

thanks ole andre again, His ospy is perfect.

1.compile…

continue reading.....

// ==================================================================================
//
// php_iisfunc.dll PH...

continue reading.....

#!/usr/bin/perl

#Vulneravility for Thomson 2030 firmware v1.52.1

#It provokes a DoS in the device.

use IO::Sock…

continue reading.....

/*

Hexamail Server 3.0.0.001 (pop3) pre-auth remote overflow poc

by rgod
http://retrogod.altervista.org

...

continue reading.....

#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Long;

if(!$ARGV[1])
{
print “n |——————————…

continue reading.....

PHPNS SQL Injection

Software: phpns current version (v1.1)
Vendor link: http://phpns.com
Attack: SQL Injection

O…

continue reading.....

# phpBG 0.9.1 (rootdir) Remote File Inclusion Vulnerability
# D.Script: http://phpbg.sourceforge.net/
# POC:
# /int…

continue reading.....

#!/usr/bin/perl
#########################################################################################
# Pakupaku C…

continue reading.....

#########################################################################################
#
# …

continue reading.....