• Subscribe to the low volume list for updates.

Blog

Security Breaches

SQL Injection Demystified

Darkreading has a great article up on SQL Injection. This form of attack has been around for a long time, and happens because of poor dynamic website coding practices. A simple SQL injection vulnerability can often be exploited to gain full access to the database and / or full control of the database server. Several […]
Read More
14 years ago
Tools

Guide to OpenVPN on Ubuntu 904 Jaunty Jackalope

If you want a simple VPN this is a quick and easy guide for OpenVPN on Ubuntu that will get you up and running with minimal configs. Note that with some persistance this is not hard to do and opens up a world of possibilities. Eg, Full encrypted access from remote locations to your home […]
Read More
14 years ago
Tools

Guide to Nessus 4 on Ubuntu 9.04

How to install Nessus on Ubuntu Nessus Essentials can scan up to 16 IPs. If you need to scan more, a license for Nessus Professional is required. The following steps are for a 64bit install. It should be the same for a 32bit installation apart from the different install files. Download Nessus Download from Nessus […]
Read More
14 years ago
Site Updates

SSH failed logins for past month

This graph shows the failed logins into one of our servers for the past month. As you can see they get hammered - just like most servers on the Internet. As you can see 122.3.9.40 is a busy little server, whois reveals the system is based in the Philippines. A google of the IP shows […]
Read More
14 years ago
Security Breaches

‘Golden Cash’ botnet-leasing network uncovered

Sometimes reading the news is like reading science fiction. However, this is real and shows how far the criminal underground is progressing when it comes to monetisation of compromised machines. It all starts with malicious scripts being injected into poorly secured and managed web servers. Researchers at security firm Finjan said on Wednesday that they […]
Read More
14 years ago
Security Breaches

Amazon Cloud Service Brute Force

OSSEC is an excellent open source host based intrusion detection system. Works on Windows and Linux and detects security anomalies within the system. Such as brute force ssh attacks from the Amazon Cloud. It seems that like any web hosting service the Amazon Cloud Web Services are open to exploitation. Of course in this post […]
Read More
14 years ago
Tools

Open Source Technology

The scanning platform at HackerTarget.com is comprised of a number of geographically diverse hosts at world class Data Centers in Europe and the USA. The tools we use are cutting edge open source security tools that are comparable, if not better, than any of the current commercial offerings. Here is a list of open source […]
Read More
14 years ago
Security Breaches

Offsite backups – Are your backups secure?

Real security is made up of a number of different processes, policies, and technologies. If one part of the security picture is missing then the data is vulnerable. Where are backups kept? Are they in a secure location? While the following example is a fairly rare occurrence, it is a good reminder about backup security. […]
Read More
15 years ago
Security Breaches

SQL Injection to compromise 10000 web sites

A tool, discovered by Sans Security Handlers, has shed light on how 10000 web sites were compromised earlier this year. An automated SQL injection attack that utilized google searches against ASP pages that contained potential sql injection points is at the core of the attack. While we had a general idea about what they do […]
Read More
15 years ago