Security

Web Application Security Testing Cheat Sheet

Introduction This cheat sheet provides a checklist of tasks to be performed during blackbox security testing of a web application. Purpose This checklist is intended to be used as an aide memoire for experienced pentesters and should be used in conjunction with the OWASP Testing Guide. It will be updated as the Testing Guide v4… Continue reading Web Application Security Testing Cheat Sheet

Security

[Havij 1.17] Automated and Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from… Continue reading [Havij 1.17] Automated and Advanced SQL Injection

Security

Malformed FileZilla FTP Client With Login Stealer

Beware of malformed FileZilla FTP client versions 3.7.3 and 3.5.3. We have noticed an increased presence of these malware versions of famous open source FTP clients.The first suspicious signs are bogus download URLs. As you can see, the installer is mostly hosted on hacked websites with fake content (for example texts and user comments are… Continue reading Malformed FileZilla FTP Client With Login Stealer

Windows 7

How to Check Your Software Status Update Using Secunia Personal Software Inspector(PSI) on Windows 7

The Secunia Personal Software Inspector (PSI) is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can leave your PC open to attacks. Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your PC against cybercriminals. It then supplies your computer with… Continue reading How to Check Your Software Status Update Using Secunia Personal Software Inspector(PSI) on Windows 7

Article

SKMM : Denda Sehingga RM500,000 Bagi Mereka Yang Mengodam Sambungan WiFi

Umum mungkin sedia maklum akan yang mana mencuri sambungan WiFi daripada pemilik lain adalah suatu kesalahan, dan kini pihak SKMM dilihat menekankan perkara berkenaan. Mengikut apa yang dikongsikan oleh SKMM, kedua-dua pihak, iaitu mereka yang mengodam sambungan WiFi, dan mereka yang menyediakan peralatan untuknya adalah bersalah dibawah Seksyen 236 dan 239 (Akta Komunikasi dan Multimedia… Continue reading SKMM : Denda Sehingga RM500,000 Bagi Mereka Yang Mengodam Sambungan WiFi

Security

Monthly Malware Statistics: February 2012

The following statistics were compiled in February using data collected from computers running Kaspersky Lab products: 143,574,335 web-borne infections were prevented; 298,807,610 malicious programs were detected and neutralized; 30,036,004 malicious URLs were detected; 261,830,529 network attacks were blocked. http://www.securelist.com/en/analysis/204792223/Monthly_Malware_Statistics_February_2012

Security

Microsoft Internet Explorer Multiple Vulnerabilities

Description Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a user's system. 1) Certain input passed via EUC-JP encoded characters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML… Continue reading Microsoft Internet Explorer Multiple Vulnerabilities

Security

Microsoft Windows TCP/IP Stack Denial of Service Vulnerabilities

Description Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the TCP/IP stack (Tcpip.sys) when parsing received ICMP messages can be exploited to cause a system to stop responding or restart via a sequence of specially crafted ICMP… Continue reading Microsoft Windows TCP/IP Stack Denial of Service Vulnerabilities

Security

Microsoft Windows DNS Service Two Vulnerabilities

Description Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) A sign-extension error in the Windows DNS server when processing a query for a NAPTR (Name Authority Pointer) resource record can be exploited to cause a… Continue reading Microsoft Windows DNS Service Two Vulnerabilities