.::anti-abuse.com::. » General Hacking

US Subway Stores POS Hacked For $3Million Dollars

admin — Wed, 28 Dec 2011 16:19:44 +0000

Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them. The scale of this incident somehow reminds me of the whole TJ MAXX fiasco a few years back. [...]

Read the full post at darknet.org.uk

Security By Obscurity Not So Bad After All?

admin — Wed, 05 Oct 2011 15:18:09 +0000

I’m sure you’ve been taught, as have I – that security through or by obscurity is bad (changing port numbers, removing service banners and so on). I’ve personally always used it, as an additional line of defence on my systems. As a hacker I know, the more information a system gives me straight off the [...]

Read the full post at darknet.org.uk

MagicTree v1.0 Released – Productivity Tool For Penetration Testers

admin — Tue, 04 Oct 2011 16:27:29 +0000

We wrote about MagicTree back in January of this year when it was first launched – MagicTree – Penetration Tester Productivity Tool . It’s come quite a long way and the authors are happy to announce that MagicTree version 1.0 has been released and is available for download. MagicTree is a productivity tool for penetration [...]

Read the full post at darknet.org.uk

Coliseum Lab By eLearnSecurity – Web Application Security Lab

admin — Fri, 16 Sep 2011 09:38:47 +0000

Coliseum Labs is a revolutionary new product by eLearnSecurity, it’s a 100% practical training device for people wanting to learn more about penetration testing. Basically Coliseum is a framework which allows students to learn web application security through 100% practical hands on training. With the specially crafted web applications ready…

Read the full post at darknet.org.uk

Facebook To Start Paying Bug Bounties

admin — Fri, 29 Jul 2011 18:36:59 +0000

We’ve covered various stories about companies offering hackers and security researchers bounties for giving them working exploits for their software/website etc. Early runners in the game were – Google Willing To Pay Bounty For Chrome Browser Bugs Now, 2 years down the road, Facebook has decided it’s a good idea to offer up a…

Read the full post at darknet.org.uk

Last Chance To Get 10% Off Penetration Testing – Student Course

admin — Mon, 27 Jun 2011 18:07:07 +0000

A couple of weeks back we posted about the new course suited to beginners by eLearnSecurity – we also offered an exclusive 10% Discount for Darknet readers – Penetration Testing – Student Course/Training by eLearnSecurity (Get 10% Off Until June 30th!). This is just a reminder that this offer expires in THREE days on June [...]

Read the full post at darknet.org.uk

IMF (International Monetary Fund) Suffer Major Breach In Sophisticated Cyberattack

admin — Mon, 13 Jun 2011 11:50:08 +0000

Oh dear, another big organization has fallen foul to the whole RSA SecurID hack – it seems that way anyway. In combination with a Spear Phishing attack (similar to the one carried out on high level US officials via Gmail recently) hackers have busted the IMF wide open. It seems to be a very targeted [...]

Read the full post at darknet.org.uk

Penetration Testing – Student Course/Training by eLearnSecurity (Get 10% Off Until June 30th!)

admin — Thu, 09 Jun 2011 09:35:32 +0000

Introduction You may remember a while back we reviewed the Penetration Testing – Pro course by eLearnSecurity here – eLearnSecurity – Online Penetration Testing Training and we posted about the course update here – Penetration Testing Course Pro 1.1 – New Version & New Module. The latest news is they’ve come out with a…

Read the full post at darknet.org.uk

VUPEN Whitehats Claim To Have Broken Chrome Sandbox

admin — Tue, 10 May 2011 12:04:54 +0000

The big news recently is that someone has finally managed to pop the formidable Chrome browser, as we know from following Pwn2Own – it’s been safe for 3 years in a row. It has a sandbox, ASLR and DEP and that’s a pretty heavy combination to keep users safe from malicious software coming in via [...]

Read the full post at darknet.org.uk

Adobe Patches Latest Flash Zero Day Vulnerability

admin — Mon, 18 Apr 2011 10:17:21 +0000

There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious. They don’t have a great reputation for testing their software before releasing [...]

Read the full post at darknet.org.uk

TJX Hacker Albert Gonzalez Claims Government Made Him Do It

admin — Mon, 11 Apr 2011 09:45:11 +0000

The latest news from the tinfoil hat wearing conspiracy camp is that Albert Gonzalez the TJX hacker who was convicted in 2009 was authorized to hack by the US Government. Back in 2009 we posted about that too – TJX Hacker Albert “Segvec” Gonzalez Indicted By Federal Grand Jury. And now he’s saying his actions [...]

Read the full post at darknet.org.uk

Apple Adds greenpois0n Jailbreak Detection to iBooks Software

admin — Wed, 16 Feb 2011 10:58:34 +0000

Apple has pulled out some new tricks in it’s war against the unstoppable jailbreak machine, this time leveraging on the iBooks application. It’s quite a neat implementation, it appears the new iOS update with iBooks dropped an un-signed application on the phone and tries to run it – if it executes it assumes the device [...]

Read the full post at darknet.org.uk

Penetration Testing Course Pro 1.1 – New Version & New Module

admin — Wed, 09 Feb 2011 08:26:38 +0000

Penetration Testing Course Pro 1.1 release aims at addressing all of the suggestions collected in the first 6 months of activity and adds 1 new module and 50 minutes of video training on Social Engineering Toolkit. As reviewed by us before (eLearnSecurity – Online Penetration Testing Training) this course is becoming a very popular choice [...]

Read the full post at darknet.org.uk

MagicTree – Penetration Tester Productivity Tool

admin — Wed, 12 Jan 2011 15:44:46 +0000

MagicTree is a penetration tester productivity tool, it allows easy and straightforward data consolidation, querying, external command execution, and report generation. In case you wonder, “Tree” is because its stores all the data in a tree, and “Magic” because it is designed to magically do the most cumbersome and boring part of penetration…

Read the full post at darknet.org.uk

Cloud Computing Use By Criminals Increasing

admin — Thu, 02 Dec 2010 09:27:47 +0000

Over the last couple of years Cloud Computing has started gaining some real leverage, it’s being deployed on a wide scale, it’s becoming more affordable and the platforms supplying such services are becoming more stable. Of course the natural progression of this wider adoption is the focus of the security community and naturally the…

Read the full post at darknet.org.uk

TA-Mapper v1.1 – Time and Attack Mapper – Effort Estimator For Pen-Testing

admin — Mon, 27 Sep 2010 10:21:25 +0000

We wrote about this tool back in January 2009 when it was first released, recently v1.1 has become available for download. Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to…

Read the full post at darknet.org.uk

Adobe Scrambling To Fix Another Serious PDF Flaw

admin — Mon, 09 Aug 2010 09:07:09 +0000

It was only the start of July when we talked about Adobe Patching PDF Vulnerabilities Being Exploited In The Wild and once again they are suffering a serious vulnerability which allows code execution from a malicious PDF document. This time the vulnerability came out during Black Hat and it seems to be serious as Adobe [...]

Read the full post at darknet.org.uk

Adobe Patches PDF Vulnerabilities Being Exploited In The Wild

admin — Fri, 02 Jul 2010 11:24:10 +0000

At least! Adobe has sorted itself out and released patches for 17 critical vulnerabilities in their Reader and Acrobat applications. We reported back in January about Active Exploitation Of Unpatched PDF Vulnerabilities. The latest slew of vulnerabilities has been actively exploited by hackers for at least the past month as detected in the wild by…

Read the full post at darknet.org.uk

eLearnSecurity – Online Penetration Testing Training

admin — Thu, 27 May 2010 05:28:08 +0000

Introduction
If you are in the information security industry, or plan to be you’ve probably been looking at the various infosec certifications available. Back when I started there really wasn’t anything available, there were no infosec degrees and no professional certs. Only later some high level ones came from SANS, then more jumped…

Read the full post at darknet.org.uk

New Malware Variants More Malicious Than ILOVEYOU Bug

admin — Mon, 03 May 2010 14:57:56 +0000

So no big surprise here, malware is getting more malicious! It’s good to know though and it’s good that companies out there like Messagelabs, under the watchful eye of Symantec, are trying to measure what is going on in malware land.
The malware/worm landscape has always been a fast moving one and my guess is it’s [...]

Read the full post at darknet.org.uk

Hackers Penetrate Apache.org In Direct Targeted Attack

admin — Wed, 14 Apr 2010 11:03:27 +0000

This is not the first time Apache.org has been hacked, it was comprised back in September 2009 using SSH keys.
This time another targeted attack against the site was successful and allowed the attackers to capture the passwords of users logging into the bug-tracking service. It also exposed the entire password list, which sadly although hashed…

Read the full post at darknet.org.uk

US Investigators Pinpoint Author Of Google Attack Code

admin — Tue, 23 Feb 2010 07:46:48 +0000

The big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.
Within the last few days the origin of the code was traced to 2 Chinese [...]

Read the full post at darknet.org.uk

Microsoft Releases Out-Of-Band Patch For IE 0-Day Vulnerability

admin — Thu, 21 Jan 2010 08:01:14 +0000

Ah Microsoft is treating this one seriously after France and Germany advised users to avoid IE.
The current strain being exploited only targets IE6 users, but one security company has developed an exploit for IE8 which also bypasses DEP (Data Execution Prevention).
It was rumoured this was the exploit used last week to compromise Google and…

Read the full post at darknet.org.uk

Home Secretary says McKinnon must face US trial

admin — Mon, 30 Nov 2009 10:19:15 +0000

Since the last update almost a year ago when Gary won the right to appeal against extradition, the latest news in the Gary Mckinnon saga is that his extradition to the US for trial will be going ahead.
Even with his apparent medical condition of Ass Burgers Asperger’s it seems he will be extradited anyway according [...]

Read the full post at darknet.org.uk

Metasploit 3.3 Released! Exploitation Framework

admin — Tue, 24 Nov 2009 11:06:16 +0000

What is Metasploit?
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework…

Read the full post at darknet.org.uk

UCSniff 3.0 Released – VoIP/IP Video Sniffing Tool

admin — Wed, 04 Nov 2009 09:30:53 +0000

UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free…

Read the full post at darknet.org.uk

Using Cloud Computing To Crack Passwords – Amazon’s EC2

admin — Tue, 03 Nov 2009 10:07:29 +0000

Now this is interesting a proper mathematical calculation for using cloud computing to crack passwords, now Amazon has opened up their EC2 (Elastic Compute Cloud) the cost of massive parallel processing power has come right down.
And guess what, someone thought of using it to crack passwords. It seems the cut-off would be a 12 character [...]

Read the full post at darknet.org.uk

UK Government To Launch ‘Hack Idol’

admin — Tue, 13 Oct 2009 10:28:07 +0000

Now this should be interesting, perhaps they should turn it into a hacking based reality TV show? From the description though it looks more centered around defense than offense and perhaps should be called ‘System Administrator Idol’.
Not quite so catchy though is it.
Well at least they doing something to try and nurture talent in the…

Read the full post at darknet.org.uk

Flawfinder – Source Code Auditing Tool

admin — Wed, 16 Sep 2009 09:46:04 +0000

Flawfinder is a program that examines source code and reports possible security weaknesses (flaws) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. It’s a static analysis source code auditing tool.

Flawfinder is…

Read the full post at darknet.org.uk

TJX Hacker Albert “Segvec” Gonzalez Indicted By Federal Grand Jury

admin — Tue, 25 Aug 2009 08:34:03 +0000

We’ve been following the whole TJX saga for quite some time now since way back in September 2007 when the hack became public as the Largest Breach of Customer Data in U.S. History and in August 2008 when the TJX Credit Card Hackers Got Busted.
The legal system has ticked along and now they have to [...]

Read the full post at darknet.org.uk