SEARCH RESULTS
 
Showing 1-10 of 11 records
 
Expand article

Fierce 1.0

The Article has images
2007-12-20 16:39:32 by RSnake in ha.ckers.org web application security lab
...dictionary support (especially with cnames like www.corp.company.com where corp represents a sub dictionary) better enumeration for things like www01, www02, etc Future support to make it into a PERL module perhaps for bigger projects, etc Lots to do! Its a nice release, given that its been in beta for a year through countless sub revisions...
 
Tags: fierce, fool fierce, production kinks, zone transfer, backtrack, production, dictionary, corp, kinks
 
 
 
 
Expand article

Tallying Twitters Application Security Best Practice Violations

2009-01-07 06:24:31 by Chris Eng in Zero in a bit
 
...dictionary attack to brute force a password Continue reading here after youve picked yourself up off the floor. Heres the money quote The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitters administrative control panel by pointing an automated password-guesser at a popular users account. The user...
 
Tags: twitter, twitter account, twitter blog entry, twitter admins, twitter users, popular twitter service, twitter passwords, security, application security
 
 
 
 
Expand article

Roboticsonline.com customer orders compromised

The Article has images
2008-01-04 14:51:08 by Evan Francen in The Breach Blog
...dictionary takes one helluva long time to crack (many years). A weak password can be broken almost instantaneously. So either the admin was using a weak password, or the site was compromised in another manner such as a vulnerability in the software Either way, it is sad when a company collects money online, but doesn't know how to secure the...
 
Tags: secure administration site, administration site, credit card information, information, site, credit card provider, credit card, password, evan roboticsonline
 
 
 
 
Expand article

What Does SHA1 is Broken Mean?

2007-12-12 07:35:00 by Eric Marvets in The Security Samurai
 
...dictionary attack against the users passwords is several orders of magnitude easier. SHA1 protects the hash against brute force attacks. It does nothing to protect a user who chooses a poor password A system is only as strong as its weakest link Eric Marvets
 
Tags: sha1, choose sha1, sha1 protects, hash data, data, sha1 drops, hash function, hash, function
 
 
 
 
Expand article

Stealing Password Hashes with Java and IE

2008-06-09 11:34:54 by Dave Lewis in Liquidmatrix Security Digest
 
...dictionary attacks on NTLM - and discuss how we can steal domain credentials from the Internet with a bit of help from Java. Im going to split it into two posts. In this post well apply the attack to Windows XP (a fully patched SP3 with IE7). In my next post well consider its impact on Windows Vista For the full article read on Why are you...
 
Tags: attacks, internet exploder, internet, dictionary attacks, password hashes, java, windows, post, article link
 
 
 
 
Expand article

The U.S. Governments Global Electronic Surveillance Network

2008-06-16 01:23:31 by Editor in Digg / Security
 
The ECHELON system has intercept stations all over the world to capture all satellite, microwave, cellular and fiber-optic communications traffic, and then process this information through the massive computer capabilities of the NSA, including advanced voice recognition and look for code words or phrases (known as the ECHELON Dictionary
 
Tags: fiber-optic communications traffic, massive computer capabilities, code words, voice recognition, echelon dictionary, echelon system, intercept stations, nsa, world
 
 
 
 
Expand article

Two-way formatted data binding in ASP.NET

2008-08-15 20:22:37 by keith-brown in Security Briefs
 
...dictionary of old and new values, which appear to come directly from the controls (in my case, a TextBox was used to gather the updated data AmountPaid, so the type of object that I found in NewValues["AmountPaid"] was a string. I wrote a little helper method called ParseDecimal that parses a string into a decimal value, allowing currency...
 
Tags: data, data amountpaid, amountpaid, data-bound control, decimal amountpaid, return decimal, return, data source flawlessly, decimal
 
 
 
 
Expand article

Wee-Fi: Houston-Fi, ASCII WPA Passphrases, Green Wi-Fi

The Article has images
2008-08-19 10:26:25 by Glennf in Wi-Fi Networking News
...dictionary along with changing your network's SSID (network name) provides all the security you'll ever need for a home or small business. (If you need more, deploy WPA/WPA2 Personal Green Wi-Fi's Senegal efforts hit snags: The folks at Green Wi-Fi are well motivated, and they're running up against all forms of security theater and...
 
Tags: wi-fi, wi-fi attacks, houston, wi-fi security, free downtown wi-fi, free, security, ascii, security theater
 
 
 
 
Expand article

Zebras and Aardvarks

2008-08-25 03:02:30 by Richard Clayton in Light Blue Touchpaper
 
...dictionary or Rumpelstiltskin attacks (where spammers guess addresses). If there are not many other zebras, then guessing zebra names is less likely Aardvarks should consider changing species or asking their favourite email filter designer to think about how this unexpected empirical result can be leveraged into blocking more of their...
 
Tags: email address local, local, email address, address, non-spam, spam, considers real aardvarks, real, aardvarks
 
 
 
 
Expand article

Learning From Sarah Palins Yahoo Mail Compromise

2008-09-18 13:31:56 by Chris Wysopal in Zero in a bit
 
...dictionary words. Add some numbers or symbols to the answer. For example is Sarah Palin had used Wasilla high 1964 or !Wasilla high! it is far less likely it would be guessed. Pick a scheme to modify your secret answers so they arent guessable Try resetting your password. See if there are downgrade attacks which make it easier to reset the...
 
Tags: password reset email, reset, password reset functionality, service, online postal service, password reset, online, online service, password