tag:blogger.com,1999:blog-11547500934873121482012-01-28T07:58:03.230-05:00Jamal Khanhttp://www.blogger.com/profile/11081181953537179199noreply@blogger.comBlogger151100tag:blogger.com,1999:blog-1154750093487312148.post-1911145417450994702012-01-28T07:53:00.002-05:002012-01-28T07:58:03.288-05:00

Zulu - a free service from Zscalar that scans websites for potential threats. This service uses mix of proprietary-based and open-source tools to scan sites and provide security ratings. Threat rating is done through the use of heuristics, reputation and host domain analysis for a particular URL. It supports direct URLs as well as addresses masked with URL shortening services. These days

cERTxnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-24216780029669255832010-07-23T03:37:00.000-04:002010-07-23T03:37:24.932-04:00

The Open Information Security Foundation (OISF) has released version 1.0 of its open source intrusion detection and prevention engine – Suricata. The first stable release includes a number of improvements and new features over the previous development releases, such as support for DCERPC over UDP and the tag keyword. Unlike Snort, another popular open source network intrusion prevention and

Fahdhttp://www.blogger.com/profile/13117699133623286926noreply@blogger.com1tag:blogger.com,1999:blog-1154750093487312148.post-65857220831176803752010-05-25T02:30:00.000-04:002010-05-25T02:30:17.000-04:00

A company called Sophos have claimed that numbers of Facebook users are having concerns about how the privacy is being maintained on the social networking site and how is it effecting them. Previously the company ran an online survey asking Facebook users if they would consider quitting Facebook over privacy concerns. In response the survey concluded that sixty per cent of the users stated that

Fahdhttp://www.blogger.com/profile/13117699133623286926noreply@blogger.com1tag:blogger.com,1999:blog-1154750093487312148.post-58700053068372104832010-02-26T00:18:00.001-05:002010-02-26T00:18:16.333-05:00

According to US media reports, criminals have launched large-scale attacks on petrol pumps with built-in card payment systems to gain access to card data. Similar attacks that involve the attachment of special skimming devices over the legitimate equipment to copy card data, have previously only targeted cash points. Attackers often obtain the PIN with a hidden camera or a secondary PIN pad

Fahdhttp://www.blogger.com/profile/13117699133623286926noreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-4680958895985077982009-04-13T06:33:00.005-04:002009-04-13T07:56:44.072-04:00

According to " http://www.infiltrated.net/amishAttacks.html " reported on 9th april "Security experts are reporting today that Amish hackers equipped with reverse engineered VCIM's have hacked into Instar's vehicle satellite navigation systems and are extorting Instar." while some witnessess were also reported saying "It's horrible. I was headed down Main Street and my Garmin told me to turn

Abdus Samadnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-64622967682926158242009-03-12T11:16:00.002-04:002009-03-12T11:16:37.242-04:00

The new adobe vulnerability is now exploitable not only by reading the infected pdf file but also by at least three different methods using metadata which is used by windows to show file information. It turns out that adobe has a shell extension which get the file information. Security Researcher "Didier Stevens" have released a short video on his blog which shows how this vulnerability can be

Abdus Samadnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-34604473751875064372009-01-29T07:40:00.001-05:002009-01-29T07:42:04.394-05:00

While I was surfing online today, this news was something really interesting.“The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic

Abdus Samadnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-21660660544403640232009-01-22T07:02:00.000-05:002009-01-22T10:18:50.363-05:00

Popular xss archive website xssed.com is reporting that government websites like FBI.gov, CIA.gov and NSA.gov are susceptible to XSS attacks found by independent researchers. Cross site scripting attacks are not new and have been causing damage since 2007, numerous trainings, presentations and books have been in market since its time of discovery but this has still been around like the SQL

Abdus Samadnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-29236813241467903562009-01-01T03:39:00.009-05:002009-01-01T07:09:49.826-05:00

<!--[if gte mso 9]> Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 <![endif]--><!--[if gte mso 9]>

Abdus Samadnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-69269434350162645932008-12-23T08:52:00.004-05:002008-12-27T08:08:32.183-05:00

It seems like microsoft is having a bad year end to 2008 as the host of security vulnerabilities being published not only in its products but also on their website. The following is one more to the pile of security issues faced by the company these days. Although it is a simple url redirect but the purpose it can be used and is being used is really dangerous mainly because of the domain name

Abdus Samadnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-44772421825002734022007-07-10T07:22:00.000-04:002007-07-10T19:35:47.902-04:00

MSN Messenger 8.x has a rather scary bug that is being exploited by people online.  When any of the strings given below are pasted into the private message box on your MSN Messenger, your Messenger will immediately disconnect.  It happens so quickly that you will think that it has not connected in the first place. If any of your friends asks you to paste the following in your personal message, do

Abdus Samadnoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-42996056420627436782007-04-19T23:39:00.000-04:002007-04-19T23:46:39.208-04:00

The guys over at Podcast Bunker have accepted our podcast onto their listings.

Lab Monkeynoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-24010938133155682342007-04-18T22:33:00.000-04:002007-04-19T19:53:17.376-04:00

This week's podcast covered:Windows DNS Service zero day flaw exploited in targeted attacks while Microsoft hit by slew of new zero day flaws New Storm Worm outbreak hits the Internet and finally, Cisco fixes WiFi flaws.

Lab Monkeynoreply@blogger.com1tag:blogger.com,1999:blog-1154750093487312148.post-51419530774918192982007-04-17T21:17:00.000-04:002007-04-18T22:12:19.793-04:00

It looks like Blackhats are increasingly releasing vulnerabilities in the days immediately after Patch Tuesday in an effort to cause as much frustration as possible for Microsoft. We expect this trend to continue. So not only do enterprises have to contend with deploying Microsoft patches on one day but also they can expect a major vulnerability the day after.

Lab Monkeynoreply@blogger.com0tag:blogger.com,1999:blog-1154750093487312148.post-59312039851067136742007-04-17T20:59:00.000-04:002007-04-18T22:15:20.188-04:00

Microsoft released their advisory on 12 Apr 07 and hackers reacted quickly with working exploits the very next day. By Apr 14th, working exploits were out in the wild for script kiddies and crackers to add to their Internet worms.What you need to knowThis exploit involves The Lookup_ZoneTreeNodeFromDottedName() which uses a vulnerable function Name_ConvertFileNameToCountName() to convert a

Lab Monkeynoreply@blogger.com0