SampleCaptures - The Wireshark Wiki

SampleCaptures - The Wireshark Wiki

Ultimate Penetration Testing Lab Kit (UPTLK) | The Security Zealot

Ultimate Penetration Testing Lab Kit (UPTLK) | The Security Zealot:

"In an attempt to build Ultimate Penetration Testing Lab Kit (UPTLK), I have started a list of tools, Live CD, Penetration Testing Labs and websites"

Net telephony: Hacker's new target- Telecom-News-Indiatimes - Infotech

Net telephony: Hacker's new target- Telecom-News-Indiatimes - Infotech:

"LONDON: Leakage of credit card and bank account details on the Internet has been a regular scenario, but the latest entrant in this virtual world of identity frauds involves hackers tapping into voice-over IP telephony accounts."

Remote-Exploit.org - Supplying offensive security products to the world

Remote-Exploit.org - Supplying offensive security products to the world:

Hotspotter - Automatic wireless client penetration

"About:
Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim."javascript:void(0)

The Ethical Hacker Network - Maltego Part I - Intro and Personal Recon

The Ethical Hacker Network - Maltego Part I - Intro and Personal Recon:

"According to their web site, 'Paterva invents and sells unique data manipulation software. Paterva is headed by Roelof Temmingh who is leading a light and lethal team of talented software developers.' On May 6 2008, they released a new version of a very kewl tool named Maltego.

'Maltego, is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields!'"

Surf Jacking: HTTPS Will Not Save You

Surf Jacking: HTTPS Will Not Save You:

"In this paper we will describe a security issue that affects major web sites and their customers. Attackers exploiting this vulnerability are able to hijack an HTTP session even when the victim and the attacker’s connection is encrypted using SSL or TLS."

Apple OS X Root Privilege Vulnerability « securitySumo

Apple OS X Root Privilege Vulnerability « securitySumo:

"If you are a Mac user, and haven’t seen the latest security vulnerability for OS X yet, Macshadows has an excellent writeup, with a temporary solution."

How does the CIA keep its IT staff honest? - Network World

How does the CIA keep its IT staff honest? - Network World:

"Be prepared to go through a lot of scrutiny if you want to work in the Central Intelligence Agency's IT department, says CIO Al Tarasiuk. And it doesn't stop after you get your top secret clearance. 'Once you're in, there are frequent reinvestigations, but it's just part of process here,' says Tarasiuk, who also gets polygraphed regularly, though he won't be more specific."

The Security Zealot - Part 2

The Security Zealot - Part 2:

"A team of hackers comprised of Karsten Nohl and two other unnamed hackers, have announced that they can brute forced the RFID chips which are used on “smartcard”. This RFID chip is the same chip that is used on credit cards, security badges and government identification."

"SmartCard" RFID Hack | The Security Zealot

"SmartCard" RFID Hack | The Security Zealot:

"This is a common attack against Proximity Badges, but the article claims that this attack is capable of obtaining the credit card information stored on the RFID chip which would including the cardholder’s name, card number, and expiration date. with the $8 dollar RFID reader vs. $1000 of equipment it cost Karsten Nohl and two other unnamed hackers."

GMail has finally added a https option | The Security Zealot

GMail has finally added a https option | The Security Zealot:

"There is a new security feature in the setting options of Gmail, an “Always Use https” feature. Not that https is new or that you could use GMail without HTTPS, but no longer will it have to be manually have to type “https://gmail.com”.

To change your settings go to Settings > General > Browser Connection > Always use https ."