Ethic Security

Penetration Testing and Vulnerability Analysis

2011-07-16T10:03:00.001-07:00

http://pentest.cryptocity.net/
Free course material

Mastering the Nmap Scripting Engine (Blackhat 2010) Tutorial

2010-11-15T09:14:00.000-08:00

Mastering the Nmap Scripting Engine (Blackhat 2010) Tutorial: "- Sent using Google Toolbar"

Category:OWASP WebScarab Project - OWASP

2010-10-26T12:05:00.000-07:00

Category:OWASP WebScarab Project - OWASP: "- Sent using Google Toolbar"

Firewall/IDS Evasion and Spoofing

2010-10-21T17:02:00.000-07:00

Firewall/IDS Evasion and Spoofing: "- Sent using Google Toolbar"

Snort IDS Introduction

2010-10-21T03:41:00.000-07:00

Snort IDS Introduction: "- Sent using Google Toolbar"

snort_manual.pdf (application/pdf Object)

2010-10-21T01:08:00.000-07:00

snort_manual.pdf (application/pdf Object): "- Sent using Google Toolbar"

HoneyPorts | Download HoneyPorts software for free at SourceForge.net

2010-10-19T13:16:00.000-07:00

HoneyPorts | Download HoneyPorts software for free at SourceForge.net: "A project that creates dummy ports and reports to the user when a connection is made. These dummy ports can have a fake service which tricks port scanners. Also, the user is notified when they are being port scanned or being DoS'd

- Sent using Google Toolbar"

rootkit.com

2010-10-19T11:54:00.000-07:00

rootkit.com: "- Sent using Google Toolbar"

InfoSiege

2010-10-15T03:11:00.000-07:00

InfoSiege: "- Sent using Google Toolbar"

Nikto2 | CIRT.net

2010-10-14T18:35:00.000-07:00

Nikto2 | CIRT.net: "- Sent using Google Toolbar"

LM - NTLM - SHA1 - MYSQL - MD5 Reverse hash lookup Online - Passwords recovery - Hash Calculator

2010-10-14T16:25:00.000-07:00

LM - NTLM - SHA1 - MYSQL - MD5 Reverse hash lookup Online - Passwords recovery - Hash Calculator: "- Sent using Google Toolbar"

Exploits Database by Offensive Security

2010-10-13T15:59:00.000-07:00

Exploits Database by Offensive Security: "- Sent using Google Toolbar"

Getting Started with Java | Java Beginner

2010-09-14T11:05:00.000-07:00

Getting Started with Java | Java Beginner: "- Sent using Google Toolbar"

NMAP cheat sheet

2010-09-09T21:57:00.000-07:00

http://www.infosecwriters.com/text_resources/pdf/nessusNMAPcheatSheet.pdf

IV Needle

2010-09-09T18:47:00.000-07:00

IV Needle

nmap info

OSI concepts/model

2010-09-08T20:41:00.001-07:00

OSI Model Concepts:
http://www.petri.co.il/osi_concepts.htm

Live Hacking « Ethical Hacking | Penetration Testing

2010-09-08T11:28:00.000-07:00

Live Hacking « Ethical Hacking | Penetration Testing: "- Sent using Google Toolbar"

Metasploit Megaprimer Videos - Over 2 hrs of video available till now! More being added daily : netsec

2010-09-07T10:08:00.000-07:00

Metasploit Megaprimer Videos - Over 2 hrs of video available till now! More being added daily : netsec: "- Sent using Google Toolbar"

SourceForge.net: HoneyPorts - Project Web Hosting - Open Source Software

2010-09-01T19:53:00.000-07:00

SourceForge.net: HoneyPorts - Project Web Hosting - Open Source Software: "- Sent using Google Toolbar"

Simple yet effective: Directory Bruteforcing « Security Aegis

2010-08-31T15:30:00.000-07:00

Simple yet effective: Directory Bruteforcing « Security Aegis: "- Sent using Google Toolbar"

ISO27k infosec management standards

2010-08-25T10:56:00.000-07:00

ISO27k infosec management standards: "- Sent using Google Toolbar"

CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL

2010-08-19T12:44:00.000-07:00

CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL: "CERT® Advisory CA-2001-19 'Code Red' Worm Exploiting Buffer Overflow In IIS Indexing Service DLL

- Sent using Google Toolbar"

2010-08-19T12:42:00.000-07:00

"THE MACRO VIRUS * * WRITING TUTORIAL * * PART 1
http://web.textfiles.com/virus/mactut.txt
- Sent using Google Toolbar"

All Cheat Sheets from SANS Institute | DevCheatSheet.com

2010-08-17T22:38:00.000-07:00

All Cheat Sheets from SANS Institute | DevCheatSheet.com: "- Sent using Google Toolbar"

The Ethical Hacker Network - Tutorial: MS Terminal Server Cracking

2010-08-17T10:10:00.000-07:00

The Ethical Hacker Network - Tutorial: MS Terminal Server Cracking: "- Sent using Google Toolbar"

tcpdump for Dummies - Alex on Linux

2010-08-16T22:14:00.000-07:00

tcpdump for Dummies - Alex on Linux: "es through a machine. It operates on a packet level, meaning that it captures the actual packets that fly in and out of your computer. It can save the packets into a file. You can save whole packets or only the

- Sent using Google Toolbar"

A Tcpdump Tutorial and Primer | danielmiessler.com

2010-08-16T22:00:00.000-07:00

A Tcpdump Tutorial and Primer | danielmiessler.com: "- Sent using Google Toolbar"

Canvas versus Metasploit - Win2K3 Server Fully Patched

2010-08-16T14:26:00.000-07:00

Canvas versus Metasploit - Win2K3 Server Fully Patched: "The Camtasia Studio video content presented here requires a more recent version of the Adobe Flash Player. If you are you using a browser with JavaScript disabled please enable it now. Otherwise, please update your version of the free Flash Player by downloading here.

- Sent using Google Toolbar"

Offensive-Security Certified Professional

2010-08-13T12:39:00.000-07:00

Offensive-Security Certified Professional: "- Sent using Google Toolbar"

Myne_us: From 0x90 to 0x4c454554, a journey into exploitation.

2010-08-07T09:12:00.000-07:00

Myne_us: From 0x90 to 0x4c454554, a journey into exploitation.: "- Sent using Google Toolbar"

CWE - 2010 CWE/SANS Top 25 Most Dangerous Software Errors

2010-08-03T14:07:00.000-07:00

CWE - 2010 CWE/SANS Top 25 Most Dangerous Software Errors:

"2010 CWE/SANS Top 25 Most Dangerous Software Errors

- Sent using Google Toolbar"

Armed with exploits, ATM hacker hits the jackpot • The Register

2010-07-28T19:17:00.000-07:00

Armed with exploits, ATM hacker hits the jackpot • The Register: "

Cracking WEP and WPA Wireless Networks - Docupedia

2010-07-28T19:12:00.000-07:00

Cracking WEP and WPA Wireless Networks - Docupedia:

cracking_wpa [Aircrack-ng]

2010-07-28T19:09:00.000-07:00

cracking_wpa [Aircrack-ng]:

Coding Horror: Rainbow Hash Cracking

2010-07-28T19:05:00.000-07:00

Coding Horror: Rainbow Hash Cracking: "The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password 'Fgpyyih804423' in 160 seconds. Most people would consider that password fairly secure. The Microsoft password strength checker rates it 'strong'. The Geekwisdom password strength meter rates it 'mediocre'.

- Sent using Google Toolbar"

Javascript Password Strength Meter | [The place for open source wisdom.]

2010-07-28T18:48:00.000-07:00

Javascript Password Strength Meter | [The place for open source wisdom.]: "Javascript Password Strength Meter

- Sent using Google Toolbar"

MD5 salted hash, md5 salt hash generator Tool,md5 salting

2010-07-28T18:47:00.000-07:00

MD5 salted hash, md5 salt hash generator Tool,md5 salting:

"MD5 salted hash, md5 salt hash generator Tool,md5 salting

- Sent using Google Toolbar"

Digital Bond » Metasploit Basics – Part 1: Exploits

2010-07-12T13:44:00.001-07:00

Digital Bond » Metasploit Basics – Part 1: Exploits

Digital Bond » Metasploit Basics – Part 2: Payload

2010-07-12T13:44:00.000-07:00

Digital Bond » Metasploit Basics – Part 2: Payload

XSSed - XSS (cross-site scripting) information and vulnerable websites archive

2010-03-25T17:35:00.000-07:00

XSSed - XSS (cross-site scripting) information and vulnerable websites archive

The Cross-Site Scripting (XSS) FAQ

2010-03-25T17:32:00.000-07:00

The Cross-Site Scripting (XSS) FAQ: "What is Cross Site Scripting?"

XSS (Cross Site Scripting) Cheat Sheet

2010-03-25T17:31:00.000-07:00

XSS (Cross Site Scripting) Cheat Sheet: "SS (Cross Site Scripting) Cheat Sheet
Esp: for filter evasion"

BindShell.Net: Home

2010-02-08T17:36:00.000-08:00

BindShell.Net: Home

Papers | The Honeynet Project

2009-09-17T17:03:00.000-07:00

Papers | The Honeynet Project

Hack In The Box Forums • View topic - Penetration Tester's Lab - Hack your own machine (win2k sp4)

2009-09-17T17:02:00.000-07:00

Hack In The Box Forums • View topic - Penetration Tester's Lab - Hack your own machine (win2k sp4):

"I just install windows 2000 pro sp4 into vmware & now I want to do some penetration testing on this machine…hopefully u can help me to find all vulnerabilities in this machine…"

CITRIX: Owning the Legitimate Backdoor | GNUCITIZEN

2009-09-17T17:00:00.000-07:00

CITRIX: Owning the Legitimate Backdoor | GNUCITIZEN:

"The other day I was performing some CITRIX poking, so I had a lot of fun with breaking GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate many things about ICA (Independent Computing Architecture). For example, when querying Google and Yahoo for public .ICA files, I was presented with tones of wide open services, some of which were located on .gov and .mil domains."

Two convicted for refusal to decrypt data • The Register

2009-08-12T06:57:00.000-07:00

Two convicted for refusal to decrypt data • The Register:

"Two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years."

Chinese Spying Claimed in Purchases of NSA Crypto Gear | Threat Level | Wired.com

2009-07-10T12:32:00.000-07:00

Chinese Spying Claimed in Purchases of NSA Crypto Gear | Threat Level | Wired.com:

"A Chinese national was indicted this week for conspiring to violate U.S. export law, following a nearly three-year investigation into his alleged efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources."

Microsoft knew of nasty IE bug a year before attacks • The Register

2009-07-09T06:20:00.000-07:00

Microsoft knew of nasty IE bug a year before attacks • The Register: "Microsoft was aware of a critical vulnerability in an Internet Explorer component at least 12 months before attackers started targeting it in lethal exploits that take full control of end-users' PCs, a member of its security team said Wednesday."

Online attack hits US government Web sites

2009-07-09T06:15:00.000-07:00

Online attack hits US government Web sites:

"A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.

The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission's (FTC's) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT)."

RIAA lawsuit throws good money after bad - Computerworld Blogs

2009-07-09T06:14:00.000-07:00

RIAA lawsuit throws good money after bad - Computerworld Blogs:
"It is hard to understand what possible good can come from the Recording Industry Association of America's continuing lawsuit against Jammie Thomas-Rasset. Earlier this year the single mother was hit by a $1.92 millon judgement for sharing 1,072 copyrighted songs on a home computer on which the Kazaa file sharing software was running. She continues to appeal."

spammimic - hide a message in spam

2009-07-01T23:38:00.000-07:00

spammimic - hide a message in spam

One Hacker's Audacious Plan to Rule the Black Market in Stolen Credit Cards

2009-06-30T07:01:00.000-07:00

One Hacker's Audacious Plan to Rule the Black Market in Stolen Credit Cards:

"One Hacker's Audacious Plan to Rule the Black Market in Stolen Credit Cards"

Superhacker Max Butler Pleads Guilty | Threat Level | Wired.com

2009-06-30T06:56:00.000-07:00

Superhacker Max Butler Pleads Guilty | Threat Level | Wired.com: "PITTSBURGH — A skilled San Francisco-based computer hacker who once sought to unite the cyber underworld under his benign rule pleaded guilty to federal wire fraud charges here Monday, admitting he stole nearly 2 million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges."

Pentagon signs off on Cyber Command

2009-06-30T06:46:00.000-07:00

Pentagon signs off on Cyber Command:

"The U.S. Secretary of Defense ordered the military to create a unified command to act as the nation's central hub for cyber capabilities and commanded the Pentagon to develop a policy framework for cyberspace operations."

Lifehacker - Geek to Live: Encrypt your data - Downloads

2009-06-08T19:59:00.000-07:00

Lifehacker - Geek to Live: Encrypt your data - Downloads:

"Everyone's got files they'd like to keep out the the hands of intruders or casual passerby. Ever concerned you'll lose the thumb drive where you backed up four years of post-graduate research? Every worried your 5-year-old will accidentally open the um, grownup files just meant for Mommy and Daddy? Worry no more. Today we'll go over a simple way to encrypt sensitive files or entire external disk drives to protect them from prying eyes."

L0phtCrack - Windows & Unix Password Auditing & Recovery

2009-06-08T14:49:00.000-07:00

L0phtCrack - Windows & Unix Password Auditing & Recovery

L3DGEWorld 2.3

2009-06-08T14:43:00.000-07:00

L3DGEWorld 2.3:

"L3DGEWorld 2.3 is a data visualisation utility based on Open Arena, a GPL'd game that makes use of the Quake III Arena (Q3A) game engine. It was initially designed to be a network monitoring and control application, but can be easily used for other purposes by developing other input and output daemons [1]. The daemons provided with L3DGEWorld 2.3 allow monitoring and control of a live network to take place from within a virtual world created by the L3DGEWorld engine."

IT Security - The Industry's Web Resource

2009-06-08T14:23:00.000-07:00

IT Security - The Industry's Web Resource

Home | Learn Security Online

2009-06-08T14:20:00.000-07:00

Home | Learn Security Online

Top Five (5) Best Criminal Computer Hackers of All Time | Marvquin, LLC

2009-06-08T14:13:00.000-07:00

Top Five (5) Best Criminal Computer Hackers of All Time | Marvquin, LLC:

"These hackers are the ones that you've seen in shackles arrested for cybercrimes when they were just getting out of puberty. Some have done it for financial gain others just for fun."

5 Best Pen-Test Linux Distributions | LinuxHaxor.net

2009-06-08T14:11:00.000-07:00

5 Best Pen-Test Linux Distributions | LinuxHaxor.net:

"Linux distributions are often customized to perform many specialized tasks cater to a particular industry, hobby or business. Security Penetration testing is one such niche where professional (and hobbyists) use customized Linux distributions with the whole purpose of doing security tests on networks and personal computer (hopefully with permission). Most of these distribution are live CDs which can be used without having to install them to your computer. Today we will take a look at some of best Pen-test distributions out there."

Hacker penetrates T-Mobile systems

2009-06-08T10:58:00.000-07:00

Hacker penetrates T-Mobile systems:
"A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned"

Swedish courts find The Pirate Bay guilty

2009-04-17T23:46:00.000-07:00

Swedish courts find The Pirate Bay guilty:
"A Swedish court sentenced on Friday four operators of the well-known file-sharing site The Pirate Bay to a year each in prison, a landmark victory for the music and movie industries."

Electricity Grid in U.S. Penetrated By Spies - WSJ.com

2009-04-15T18:24:00.000-07:00

Electricity Grid in U.S. Penetrated By Spies - WSJ.com:

"WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials."

Behind GhostNet - F-Secure Weblog : News from the Lab

2009-04-15T18:22:00.000-07:00

Behind GhostNet - F-Secure Weblog : News from the Lab:

"The GhostNet spy network was built by infecting sensitive computers with backdoor/Remote Administration Tools (RAT). Most of these are modified and obfuscated versions of Poison Ivy (description) or Gh0st RAT.

These tools are open source backdoors, maintained by loose gangs of hackers.

And these gangs operate openly."

I-Hacked.com Taking Advantage Of Technology - Inside Programmable Road Signs

2009-04-15T18:21:00.000-07:00

I-Hacked.com Taking Advantage Of Technology - Inside Programmable Road Signs:
"How many times have you driven by an electronic road sign like one of these?"

I-Hacked.com Taking Advantage Of Technology - Twitter Security Cam

2009-04-15T18:20:00.000-07:00

I-Hacked.com Taking Advantage Of Technology - Twitter Security Cam:

"The following will walk you through setting up a video-surveillance system that will detect motion, enable your webcam, take pictures of the intruder, and upload the pics online and notify your cell phone via an twitter SMS message."

FOXNews.com - Cyberspies Penetrate U.S. Electrical Grid, Leave Software That Could Disrupt System - Cybersecurity

2009-04-07T20:42:00.000-07:00

FOXNews.com - Cyberspies Penetrate U.S. Electrical Grid, Leave Software That Could Disrupt System - Cybersecurity:

"WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."

Tenable Network Security

2009-04-07T15:45:00.000-07:00

Tenable Network Security

Using NMAP to detect Conficker infected hosts | The Edge of I-Hacked

2009-04-02T16:18:00.000-07:00

Using NMAP to detect Conficker infected hosts | The Edge of I-Hacked

##########################################################
Scanning for Conficker Vulnerability & Infection
##########################################################

=================
**Disclaimer**
This is all pretty ugly, but should help those who find themselves in a pinch.  This little guide comes with no warranties or guarantees effectiveness. 
=================

---------------
Pre-requisites
---------------

This method has been tested using nmap version 5.85BETA5 on Mac OS X.  This should work on any *nix system.

Open the terminal and input the following commands:

svn co --username=guest --password='' svn://svn.insecure.org/nmap
cd nmap
./configure && make
sudo make install

---------------
Running the Scan
---------------

*note that if you already have a version of nmap installed on your machine from another source (Fink for example) you must type ./nmap from within the directory you compiled.  For example, I created a folder on my desktop called svn_nmap where I placed the source and compiled.  Launching from other locations will open an older version.

Type the following from within the nmap directory:

nmap -PN -d -p445 --script=smb-check-vulns --script-args=safe=1 xxx.xxx.xxx.zzz-zzz >> conficker_scan.txt

This will execute the scan on a range of ports and outputs the results to  conficker_scan.txt.  You may want to do small ranges so you keep track of how well the scan is proceeding.  Feel free to use the same output file as >> designates that output will be appended.

--------------
Wading Through the Results
--------------

You should now have a number of text files containing the results of your scan.  In order to pull out information on the infected machines, run the following:

grep -B 7 -A 4 INFECTED  conficker_scan.txt >> infected_machines.txt

To determine if any machines are vulnerable but not yet infected run the following:

grep -B 8 -A 3 VULNERABLE  conficker_scan.txt >> vulnerable_machines.txt

------------
Dealing With the Consequences
------------

At this point I leave you to determine the best course of action once you have identified all the vulnerable/infected machines.

+++++++++++++++++++++++++++
Author:  jur1st - CCCKC
Credit to:  Fyodor, Dan Kaminsky, Felix Leder, Tillmann Werner, Rich Mogull and the Conficker Working Group for the hard work.  All I did was make the info a little more accessible.
+++++++++++++++++++++++++++

PaulDotCom

2009-04-02T16:01:00.001-07:00

PaulDotCom

ha.ckers.org web application security lab

2009-04-02T16:01:00.000-07:00

ha.ckers.org web application security lab

Conficker - Wikipedia, the free encyclopedia

2009-04-02T15:58:00.002-07:00

Conficker - Wikipedia, the free encyclopedia

An Analysis of Conficker C

2009-04-02T15:58:00.001-07:00

An Analysis of Conficker C: "Introduction

This addendum provides an evolving snapshot of our understanding of the latest Conficker variant, referred to as Conficker C. The variant was brought to the attention of the Conficker Working Group when one member reported that a compromised Conficker B honeypot was updated with a new dynamically linked library (DLL). Although a network trace for this infection is not available, we suspect that this DLL may have propagated via Conficker's Internet rendezvous point mechanism (Global Network Impact). The infection was found on the morning of Friday, 6 March 2009 (PST), and it was later reported that other working group members had received other DLL reinfections throughout the same day. Since that point, multiple members have reported upgrades of previously infected machines to this latest variant via HTTP-based Internet rendezvous points. We believe this latest outbreak of Conficker variant C began first spreading at roughly 6 p.m. PST, 4 March 2009 (5 March UTC)."

Passwords used by the Conficker worm | Graham Cluley's blog

2009-04-02T15:58:00.000-07:00

Passwords used by the Conficker worm | Graham Cluley's blog:

"It's not possible to emphasise enough the importance of using sensible passwords on your network.

Not just on the areas of your network that you don't want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003.

One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords.

As you can see in the list below, it relies upon computers using poorly chosen passwords such as dictionary words, 'password', 'qwerty' or sequences of letters or repeated numbers:"

Open Source Honeypots: Learning with Honeyd

2009-04-02T15:53:00.001-07:00

Open Source Honeypots: Learning with Honeyd:

"Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys, we can take the initiative. In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities. We will begin by discussing what a honeypot is and how it works, then go into detail using the OpenSource solution Honeyd."

IDS Logbook [OS3 Website]

2009-04-02T15:53:00.000-07:00

IDS Logbook [OS3 Website]:
"1. For information about honeyd the first website to look at would be http://www.honeyd.org. On this website a FAQ can be found which supplies example configurations and scripts. Another useful link is http://www.citi.umich.edu/u/provos/honeyd/honeyd-man.pdf This is the OpenBSD man page. The best source of information on installing honeyd might be the README which is included in the source package."

Main Page - Business Continuity Management (BCM) and Disaster Recovery (DR) Wiki Glossary

2009-03-17T11:07:00.000-07:00

Main Page - Business Continuity Management (BCM) and Disaster Recovery (DR) Wiki Glossary:

"BCM Institute Glossary in Wiki (Version 1.0) or BCMpedia provides Business Continuity and Disaster Recovery Professional with definitions that help to reduce confusion, thus promoting a common understanding and interpretation when implementing the BCM planning process."

The 20 Best Job Search Web Sites - Features by PC Magazine

2009-03-16T13:07:00.001-07:00

The 20 Best Job Search Web Sites - Features by PC Magazine:

"Unemployment numbers are sky high, but there is a silver lining: there are lots of great online resources to help job seekers find work."

California Virtual Campus » Students » CVC Course Catalog

2009-03-16T13:07:00.000-07:00

California Virtual Campus » Students » CVC Course Catalog:

"The Course Catalog allows you to find online classes offered by colleges across California."

PayPal Security Key - PayPal

2009-03-12T19:01:00.000-07:00

PayPal Security Key - PayPal:

"Get an extra layer of protection with the PayPal Security Key - it's easy to use and portable, so you can access your account with confidence from just about anywhere."

The Ethical Hacker Network - EC-Council validity

2009-03-09T16:11:00.000-07:00

The Ethical Hacker Network - EC-Council validity:

"Having been sold a C|EH boot camp on the basis that I would be learning the theory & skills to become a Penetration Tester at considerable cost to myself (~$4,500) I am now somewhat bemused"

READ ON!

Run Away From The CEH Certification

2009-03-09T16:10:00.001-07:00

Run Away From The CEH Certification: "Sharp-eyed reader DigitalDolphin forwarded me snippets of an email thread on the CEH (Certified Ethical Hacker) certification from EC-Council or International Council of E-Commerce Consultants."

InformIT: On the EC-Council's Certified Ethical Hacker (CEH) Certification

2009-03-09T16:10:00.000-07:00

InformIT: On the EC-Council's Certified Ethical Hacker (CEH) Certification:
"You might notice that the International Council of Electronic Commerce Consultants' (EC-Council's) Certified Ethical Hacker (CEH) certification is conspicuously absent from the list of approved vendor-neutral certification programs that qualify an individual for DoD Directive 8570 compliance. In my humble or not-so-humble opinion, the U.S. Department of Defense was wise to overlook the CEH; let me explain why."

GIAC Certifications

2009-03-09T16:09:00.000-07:00

GIAC Certifications

Top 5 open source security tools in the enterprise - LinuxWorld

2009-03-09T15:20:00.000-07:00

Top 5 open source security tools in the enterprise - LinuxWorld:

"In the late 1990s, organizations began looking seriously at open source network management and security products. Although some had previously been installed without corporate approval, a fundamental shift occurred within the enterprise as organizations began searching for alternative solutions to commercial network management and security products."

Hack-off contestant dubs Apple Safari 'easy pickins' • The Register

2009-03-04T16:22:00.000-08:00

Hack-off contestant dubs Apple Safari 'easy pickins' • The Register: "Apple's Safari browser is likely to be compromised multiple times at an annual hacking contest being held later this month because it's 'easy pickins as usual,' a researcher specializing in Apple security says."

The Register: Sci/Tech News for the World

2009-03-04T16:13:00.000-08:00

The Register: Sci/Tech News for the World

Tech news galore

Been away!

2009-03-04T16:10:00.000-08:00

It's been a while. for some reason my google toolbar has been crappy.. but now seems to work lol.. so ill be back to posting in no time

The Very Angry Toad

2008-10-22T03:03:00.000-07:00

The Very Angry Toad

Anonymator - offshore VPN service

2008-10-22T02:59:00.000-07:00

Anonymator - offshore VPN service:

"As an Anonymator customer, you will create a secure tunnel from your computer to our servers using OpenVPN. Once connected, all of your network traffic will be encrypted and transported to our network, where it is then decrypted and re-routed through the Internet. Your traffic will then appear to originate from our network."

Cryptool - CrypTool Introduction

2008-10-22T02:56:00.000-07:00

Cryptool - CrypTool Introduction

Beware of hotel Internet connections

2008-10-07T02:54:00.000-07:00

Beware of hotel Internet connections:

"Jetsetting federal workers should be careful about how they use the Internet connections supplied by hotels, as most are not secured properly, according to a new study from the Cornell University School of Hotel Administration."

Maltego » Home

2008-09-23T00:29:00.000-07:00

Maltego » Home:

"What Is Maltego?

Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.

Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields!

Maltego offers the user with unprecedented information. Information is leverage."

More Known Unknowns in NSA Spy Controversy: Secret Appeals Courts, Tea Leaves and the Mineshaft Gap | Threat Level from Wired.com

2008-09-18T05:00:00.000-07:00

More Known Unknowns in NSA Spy Controversy: Secret Appeals Courts, Tea Leaves and the Mineshaft Gap Threat Level from Wired.com

Analysis: New Law Gives Government Six Months to Turn Internet and Phone Systems into Permanent Spying Architecture - UPDATED | Threat Level from Wired.com

2008-09-18T04:59:00.000-07:00

Analysis: New Law Gives Government Six Months to Turn Internet and Phone Systems into Permanent Spying Architecture - UPDATED Threat Level from Wired.com:

"A new law expanding the government's spying powers gives the Bush Administration a six-month window to install possibly permanent back doors in the nation's communication networks. The legislation was passed hurriedly by Congress over the weekend and signed into law Sunday by President Bush."

NSA to Become America's Firewall | Threat Level from Wired.com

2008-09-18T04:56:00.001-07:00

NSA to Become America's Firewall Threat Level from Wired.com:

"The National Security Agency is preparing to take over the job of monitoring the Internet and other domestic communication networks, a massive expansion of the agency's defense duties into networks used routinely by American citizens, according to a story by Siobhan Gorman of the Baltimore Sun."

NSA Must Examine All Internet Traffic to Prevent Cyber Nine-Eleven, Top Spy Says | Threat Level from Wired.com

2008-09-18T04:56:00.000-07:00

NSA Must Examine All Internet Traffic to Prevent Cyber Nine-Eleven, Top Spy Says Threat Level from Wired.com:

"The nation's top spy, Michael McConnell, thinks the threat of cyberarmageddon! is so great that the U.S. government should have unfettered and warrantless access to U.S. citizens' Google search histories, private e-mails and file transfers, in order to spot the cyberterrorists in our midst."

Justice Department Moving to Immunize Snooping Telcos | Threat Level from Wired.com

2008-09-18T01:02:00.000-07:00

Justice Department Moving to Immunize Snooping Telcos Threat Level from Wired.com:

"Two months ago, President Bush won congressional approval to immunize the nation's telecommunications companies from lawsuits accusing them of helping Bush funnel Americans' electronic communications to the National Security Agency without warrants -- all in the name of national security following the Sept. 11 terror attacks."