Search:

Type: Posts; User: SittingDuck; Keyword(s):

Page 1 of 8 1 2 3 4

Search: Search took 0.03 seconds.

  1. Replies
    3
    Views
    7,181

    looks like a plugin to google news to me

    looks like a plugin to google news to me
  2. Replies
    19
    Views
    4,960

    Count me in

    Count me in
  3. Replies
    19
    Views
    4,960

    The answer is very simple. A vulnerabilty...

    The answer is very simple. A vulnerabilty scanner is unable to identify logical flaws within the application that cause security risks.

    Further to that a most app scanners have problems in...
  4. Replies
    4
    Views
    5,402

    sorry mate, that came out a little harsh, I guess...

    sorry mate, that came out a little harsh, I guess I could of written that a little better.

    Sittingduck
  5. Replies
    4
    Views
    5,402

    Personally I find http://www.antiphishing.org/ ...

    Personally I find http://www.antiphishing.org/ far better.

    SittingDuck
  6. Replies
    14
    Views
    16,069

    I would also say Nessus, but I wonder how long it...

    I would also say Nessus, but I wonder how long it will stay completely free? They are already charging for getting plugin updates, before anyone else! I know the people at nessus are fed up with...
  7. Replies
    13
    Views
    9,788

    maybie sepultura, you could explain in more...

    maybie sepultura, you could explain in more detail the situation you need to hide your meta tags? I am finding it hard to find a reason why imitating meta tags would be a security issue (or do you...
  8. Replies
    13
    Views
    9,788

    If you wish to hide META tags, dont send them in...

    If you wish to hide META tags, dont send them in the first place! As far as doing it in falsh, or even java applets, it only tags 2 minuates to decompile either.

    Follow a simple rule if you do...
  9. Thread: Phish?

    by SittingDuck
    Replies
    23
    Views
    22,879

    The fact this kind of information came via email...

    The fact this kind of information came via email is the real give away. It is very simple no bank, web email, ebay, pay pal etc etc will very send you any request asking you to varify your user and...
  10. Replies
    18
    Views
    12,330

    sounds like DDoS to me :eek: SittingDuck

    sounds like DDoS to me :eek:

    SittingDuck
  11. Replies
    18
    Views
    12,330

    Did you replay to the wrong thread or something ...

    Did you replay to the wrong thread or something :confused: , or possible you work for cisco?

    Back to the matter in hand

    Even the vulnerability did allow an attacker to steal money, where would...
  12. Replies
    2
    Views
    7,852

    some interesting stuff, but would you realy...

    some interesting stuff, but would you realy submit your passwords to http://securitystats.com/tools/password.php to see how strong it is.

    What a great way to build up a list of passwords that...
  13. Replies
    5
    Views
    6,470

    Well were do I start with that article? ...

    Well were do I start with that article?



    hackers have been getting paided for years, they have just put their white hats on :) .

    but also on that note spamers are playing a key part in...
  14. Replies
    21
    Views
    6,698

    If you are running any kind of admin section, all...

    If you are running any kind of admin section, all the traffic to that area should be done over ssl, you never know who might be listening ;).



    That is how ssl client side certificate...
  15. Replies
    21
    Views
    6,698

    Have you considered the idea of using client side...

    Have you considered the idea of using client side certificates? I assume that you are running your admin area over and an SSL connection.

    With client side certificates in place any user with one,...
  16. Replies
    11
    Views
    7,999

    You should not be able to view the source of a...

    You should not be able to view the source of a cgi script, as normally the cgi script is held outside of the web root. Thus the only way to actually view the source of a cgi script is to expolit a...
  17. Replies
    27
    Views
    27,362

    Well I cant speak for what goes on in the US, but...

    Well I cant speak for what goes on in the US, but over here in the UK the police do have and require full time Computer Forensics experts. However in that line of work for the police over 60% of...
  18. Replies
    16
    Views
    8,938

    Is your web site hosted by hostrocket in an...

    Is your web site hosted by hostrocket in an shared enviroment. I.e more than one customer is hosted from the same server? And do you have access to cgi-bin?

    SittingDuck
  19. Replies
    13
    Views
    47,496

    Actually java can handle raw socket requests,...

    Actually java can handle raw socket requests, there are a couple of projects out there that plug into libpcap and libnet, useing a java native interface.

    Have a look at...
  20. Replies
    10
    Views
    16,700

    Metasploit is nothing like core Impact. ...

    Metasploit is nothing like core Impact. Metasploit is a frame work for expolits, and it well worth having (DCOM on NT4 for example). Core Impact is a whole package (port scanning, service finger...
  21. Well there are 3 main ways 1) Use some kind of...

    Well there are 3 main ways

    1) Use some kind of "bounce" attack (already covered by slarty)

    2) Do it very slowly, to the point where IDS will not trigger as for somthing to show up as a port...
  22. Thread: Osstmm

    by SittingDuck
    Replies
    1
    Views
    3,470

    Well for more network based testing it's fairly...

    Well for more network based testing it's fairly good, well worth a read. But it's not so hot when it comes to web application security testing. But still worth a read.

    SittingDuck
  23. Replies
    2
    Views
    5,001

    Introduction to APR (Arp Poison Routing)

    I found this very good introduction to arp and arp poisoning

    http://www.oxid.it/downloads/apr-intro.swf

    It's written in flash so it has moving diagrams to explain things :D

    enjoy
    ...
  24. Replies
    7
    Views
    7,308

    There are a lot of factors that will determine if...

    There are a lot of factors that will determine if you login is secture things like

    1) Whats your password policy?

    2) Do you have a time delayed lockout features, when the password is entered...
  25. Replies
    2
    Views
    5,461

    just found http://www.spidynamics.com/ it has...

    just found http://www.spidynamics.com/ it has some very good papers. There is a new one on the security of SOAP, which is well worth a read.

    SittingDuck
Results 1 to 25 of 187
Page 1 of 8 1 2 3 4