SEARCH RESULTS
 
Showing 1-10 of 228 records
 
Expand article

Rock Phish-ing in December

The Article has images
2008-12-02 07:12:31 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...previous ones targeting multiple brands, the thousands of malware infected hosts and domains are targeting Alliance & Leicester and Abbey National only Active Rock Phish Domains in fast-flux stgsfw7sr .com q06ciwt60 .com jnlyf96v4 .com neegzlh35 .com 7azwmrsg5 .com pn3ekq976 .com 2coxi8sb6 .com d8ri1iz5d .com ki7wvgauf .com 5nt5r3keh...
 
Tags: fast flux networks, fast, fast-flux spam, fast-flux, fast flux provider, mybank, fast-flux research, rock phish-ing, provider
 
 
 
 
Expand article

Using Metasploit to create a reverse Meterpreter payload EXE by John Strand

2008-10-15 20:20:00 by Editor in Irongeek's Security Site
 
New Video: Using Metasploit to create a reverse Meterpreter payload EXE by John Strand John Strand of Black Hills Security sent me an awesome video on using Metasploit to create an EXE with the Meterpreter payload that creates a reverse TCP connection outbound, blowing through many NAT boxes and firewalls. This goes great with a previous video I...
 
Tags: exe, video, previous video, metasploit, meterpreter payload, black hills security, awesome video, exe bindersjoiners, nat boxes
 
 
 
 
Expand article

Weak Hashing Algorithms: Outlook PST file CRC32 password cracking example

2008-10-01 00:18:44 by Editor in Irongeek's Security Site
 
...previous video I explained the basics of cryptographic hashes. Go watch " A Brief Intro To Cryptographic Hashes/MD5 " before this video. In this tutorial, I'll be giving an example of why weak hashes are bad. The example I'll be using is the CRC32 hash that Outlook uses to store a PST archive's password with. The CRC32 algorithm as...
 
Tags: password, weak, outlook, video, previous video, weak hashes, original password, microsoft outlook, algorithms
 
 
 
 
Expand article

Corrupted Heap Termination Redux

2008-06-07 04:00:00 by sdl in The Security Development Lifecycle
 
...previous post I explained how to use HeapSetInformation correctly. In short there's an option when calling this function that will terminate your application if the heap manager detects some form of heap corruption, or the potential to cause heap corruption I would recommend you read the previous post before continuing You guessed it, the...
 
Tags: heap, free block list, block, handle, bogus heap handle, invalid, invalid heap, custom heap, block header
 
 
 
 
Expand article

Covert channel vulnerabilities in anonymity systems

2007-12-10 10:39:42 by Steven J. Murdoch in Light Blue Touchpaper
 
...previous research on covert channels (unintended means to communicate in violation of a security policy) to analyse several anonymity systems in an innovative way One application for anonymity systems is to prevent collusion in competitions. I show how covert channels may be exploited to violate these protections and construct defences...
 
Tags: covert, covert channel vulnerabilities, vulnerabilities, network covert channels, covert channels, channels, covert channel, anonymity systems, systems
 
 
 
 
Expand article

Rogue RBN Software Pushed Through Blackhat SEO

The Article has images
2008-03-05 08:19:46 by HASH0x8b39d2c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...previous example for instance, we had an second ongoing IFRAME campaign with just 4 pages injected with 89.149.243.201 , however, what Keep it Simple Stupid really means in this case is that the next IP in their netblock 89.149.243.202 is currently getting injected at many other sites as well. The difference between the previous campaign and...
 
Tags: rbn, huge iframe campaign, iframe campaign, iframe, rbn coverage, single rbn, russian business network, campaign, antivirus
 
 
 
 
Expand article

SDL and the OWASP Top Ten

2008-05-01 15:46:00 by sdl in The Security Development Lifecycle
 
...previous list. And items that were on the previous list were removed from this list in fact, even the previous #1 most important issue (unvalidated input) does not appear in the current top ten (perhaps because it was deemed to be too generic). Its possible that some security researcher will drop an 0-day at Black Hat , or Toorcon , or some...
 
Tags: security, web application security, top, security standpoint, list, previous list, agile development teams, development teams, security researcher
 
 
 
 
Expand article

Asprox Phishing Campaigns Dominated in April

The Article has images
2008-05-27 06:38:48 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...previous post. The IPs in question 212.174.25.241 62.233.145.45 218.92.205.246 85.105.182.6 212.0.85.6 Where's the connection? It's in the historical domains that used to respond to the IPs, in the Asprox case, a great deal of the original domain names used a couple of months ago are still in a fast-flux and further expose and connection...
 
Tags: asprox, botnet, asprox botnet, previous, previous months, historical domains, ips, months, domains
 
 
 
 
Expand article

UltimateBet cheating goes undetected for almost 21 months

The Article has images
2008-06-04 10:55:17 by Evan Francen in The Breach Blog
...previous ownership of UltimateBet prior to the sale of the business to Tokwiro in October 2006 Evan] Shouldn't an information security and risk assessment be conducted as part of the acquisition and integration? If so, then wouldn't a code review of the proprietary software that came with the acquisition be included? This is the proprietary...
 
Tags: ultimatebet, tokwiro enterprises enrg, tokwiro enterprises, ultimatebet issues statement, ultimatebet prior, ultimatebet subsequently, ultimatebet immediately removes, ultimatebet servers, ultimatebet statement