""Your business’s private information may not be as safe as you think — especially when you take into account how many people pass through your office’s revolving door on a daily basis. That’s why many companies hire TraceSecurity employees to test the security of their systems
The Spy in Your Server Room
November 6th, 2007 · Comments Off
Yet Another Way to Evade NIDS
November 6th, 2007 · Comments Off
Anonymous proxy services are online applications that enable users to surf the Web with enhanced privacy. These applications act as an SSL proxy between the user and the Web site to be visited, thus masking the IP address and providing additional privacy features, such as referrer hiding, script removal, cookies removal, and URL encoding. Proxify [...]
Security Training: Whose Responsibility Is It
November 6th, 2007 · Comments Off
Who else other than the CIO? So why aren’t CIOs doing more about it? Mark Twain is reported to have famously remarked: "Everybody talks about the weather. But nobody does anything about it." I was reminded of that quip when I read a news story posted by my colleague K.C. Jones about the increased awareness [...]
Password policy Length vs. Complexity
November 3rd, 2007 · Comments Off
One of the many topics I like to cover in detail when teaching Essentials of Hacking and Ultimate Hacking is password brute forcing and cracking. I usually start off by letting the students come up with what they think is a strong password policy and later, we analyze common implementations &\1 attacks against them. Inevitably, [...]
Free Beta Anti XSS Tool from Microsoft
November 2nd, 2007 · Comments Off
Not long ago, Microsoft was the chief butt of security jokes in the IT world. It’s safe to say that they no longer wear the crown - in fact they’ve moved to being a company often pointed to as ‘getting it right.’ And that’s coming from someone typing this post from his Ubuntu Linux laptop.
Website Security Seals Get a Boost
November 2nd, 2007 · Comments Off
Some security experts have dismissed Website seals such as Hacker Safe and ControlScan as more marketing ploy than security, and hackers have fueled the debate by exposing cross-site scripting vulnerabilities on sites proudly emblazoned with seals from Hacker Safe and other security seal providers. (See Hackers Reveal Vulnerable Websites and Are ‘Sealed’ Websites Any Safer?.)
Why VoIP is the next target for spammers
November 2nd, 2007 · Comments Off
Industry experts believe that attacks over services such as Skype are moving from proof of concept to becoming a real threat In what looks like a highly developed piece of irony, hackers have proven that Voice over internet Telephony (VoIP) accounts are prone to the nuisance of voice spam - by attacking the university where [...]
Catching up with a famous fraudster
November 2nd, 2007 · Comments Off
Played by Leonardo DeCaprio in the Steven Spielberg-directed film Catch Me If You Can, one-time fraudster Frank Abagnale knows a thing or two about security systems. During his time on the wrong side of the law, Abagnale posed as an airline pilot, a lawyer and a doctor. These days Abagnale is firmly on the right [...]
Metagoofil 1.2 Metadata Extractor Tool
November 2nd, 2007 · Comments Off
Metagoofil is a tool for written in Python for extracting the metadata from public documents (pdf,doc,xls,ppt) available in the target websites. This information could be useful because you can get valid usernames, or people names, for using later in brute force password attacks (vpn, ftp, webapps etc.)
What Not to Do After a Security Breach
November 2nd, 2007 · Comments Off
Step number one after a security breach: Don’t immediately bring in the outside forensics team — get your attorney up to speed on the attack first. And don’t assume just because you had a break-in that you have to disclose it publicly — it all depends on whether data covered under regulatory mandates was exposed. [...]