Search:
Type: Posts; User: SittingDuck; Keyword(s):
Search:
Search took 0.03 seconds.
-
March 20th, 2005, 05:08 PM
looks like a plugin to google news to me
-
January 26th, 2005, 08:21 PM
-
January 25th, 2005, 06:07 PM
The answer is very simple. A vulnerabilty scanner is unable to identify logical flaws within the application that cause security risks.
Further to that a most app scanners have problems in...
-
December 13th, 2004, 05:07 PM
sorry mate, that came out a little harsh, I guess I could of written that a little better.
Sittingduck
-
December 13th, 2004, 12:50 PM
Personally I find http://www.antiphishing.org/ far better.
SittingDuck
-
December 8th, 2004, 04:00 PM
I would also say Nessus, but I wonder how long it will stay completely free? They are already charging for getting plugin updates, before anyone else! I know the people at nessus are fed up with...
-
November 25th, 2004, 05:57 PM
maybie sepultura, you could explain in more detail the situation you need to hide your meta tags? I am finding it hard to find a reason why imitating meta tags would be a security issue (or do you...
-
November 25th, 2004, 04:56 PM
If you wish to hide META tags, dont send them in the first place! As far as doing it in falsh, or even java applets, it only tags 2 minuates to decompile either.
Follow a simple rule if you do...
-
November 25th, 2004, 04:51 PM
The fact this kind of information came via email is the real give away. It is very simple no bank, web email, ebay, pay pal etc etc will very send you any request asking you to varify your user and...
-
November 10th, 2004, 10:15 AM
sounds like DDoS to me :eek:
SittingDuck
-
November 7th, 2004, 10:41 PM
Did you replay to the wrong thread or something :confused: , or possible you work for cisco?
Back to the matter in hand
Even the vulnerability did allow an attacker to steal money, where would...
-
November 1st, 2004, 10:30 AM
some interesting stuff, but would you realy submit your passwords to http://securitystats.com/tools/password.php to see how strong it is.
What a great way to build up a list of passwords that...
-
October 30th, 2004, 09:02 PM
Well were do I start with that article?
hackers have been getting paided for years, they have just put their white hats on :) .
but also on that note spamers are playing a key part in...
-
October 14th, 2004, 04:25 PM
If you are running any kind of admin section, all the traffic to that area should be done over ssl, you never know who might be listening ;).
That is how ssl client side certificate...
-
October 12th, 2004, 11:06 AM
Have you considered the idea of using client side certificates? I assume that you are running your admin area over and an SSL connection.
With client side certificates in place any user with one,...
-
October 5th, 2004, 10:44 AM
You should not be able to view the source of a cgi script, as normally the cgi script is held outside of the web root. Thus the only way to actually view the source of a cgi script is to expolit a...
-
September 30th, 2004, 05:26 PM
Well I cant speak for what goes on in the US, but over here in the UK the police do have and require full time Computer Forensics experts. However in that line of work for the police over 60% of...
-
Is your web site hosted by hostrocket in an shared enviroment. I.e more than one customer is hosted from the same server? And do you have access to cgi-bin?
SittingDuck
-
Actually java can handle raw socket requests, there are a couple of projects out there that plug into libpcap and libnet, useing a java native interface.
Have a look at...
-
Metasploit is nothing like core Impact. Metasploit is a frame work for expolits, and it well worth having (DCOM on NT4 for example). Core Impact is a whole package (port scanning, service finger...
-
February 9th, 2004, 03:08 PM
Well there are 3 main ways
1) Use some kind of "bounce" attack (already covered by slarty)
2) Do it very slowly, to the point where IDS will not trigger as for somthing to show up as a port...
-
January 27th, 2004, 10:19 AM
Well for more network based testing it's fairly good, well worth a read. But it's not so hot when it comes to web application security testing. But still worth a read.
SittingDuck
-
December 18th, 2003, 12:00 AM
I found this very good introduction to arp and arp poisoning
http://www.oxid.it/downloads/apr-intro.swf
It's written in flash so it has moving diagrams to explain things :D
enjoy
...
-
December 2nd, 2003, 01:23 PM
There are a lot of factors that will determine if you login is secture things like
1) Whats your password policy?
2) Do you have a time delayed lockout features, when the password is entered...
-
November 25th, 2003, 11:39 AM
just found http://www.spidynamics.com/ it has some very good papers. There is a new one on the security of SOAP, which is well worth a read.
SittingDuck
|
|