• Subscribe to the low volume list for updates.

Blog

Tools

rkhunter & chkrootkit: wise crackers only

A good summary of the two top root kit hunters for linux hosts. Rkhunter and chkrootkit are tools to check for signs of a rootkit. They will inspect the system they’re running on and report anomalies either through the shell or via email. Although an attacker able to install a rootkit is likely also able […]
Read More
14 years ago
Site Updates

Security from the Cloud – Whitepaper

A new release from HackerTarget.com a whitepaper "Security from the Cloud" focusing on the reasons why vulnerability scanning out of the cloud makes so much sense. Check it out. This white paper describes advantages of using a remote Vulnerability Scanning Service that is contained within the  "Cloud”. A service that is available from anywhere by […]
Read More
14 years ago
Tools

Automated Web Application Scanners

I stumbled across some interesting reading around open source vs commercial and the future of web application scanning. From the Watchfire blog there is a good discussion with an interesting post and some good comments. A near perfect web application security site testing tool is a difficult thing to achieve, I liken it to the […]
Read More
14 years ago
Tools

Nessus Scanning – Command Line

Now that we have outlined the basics of the command line Nmap scan (remember that when it comes to security tools the GUI is for chumps) I will now go on and build on that knowledge with some Nessus command line ninja moves. Firstly you need to install your Nessus Server onto your linux box. […]
Read More
14 years ago
Security Breaches

United Nations Compromised

2021 The United Nations Office of Information and Communications technology has a Vulnerability Disclosure Program. A Security Research Group made up of independent security experts - Sakura Samurai - was running tests and was able to find 100K+ Employee Records of the United Nations Environmental Programme (UNEP). A misconfigured Apache webserver exposed files linked to […]
Read More
14 years ago
Security Breaches

Mpack Author Interview

This article over at SecurityFocus has some eye opening comments from the authors of the Mpack exploitation kit. The increasing popularity of compromised websites being used as an exploitation platform against end users is becoming a worrying trend. There are a couple of tongue in cheek comments like these - Do you feel sorry for […]
Read More
15 years ago
Security Breaches

Stopbadware.org – Security Tips

There is some good information to be found at Stopbadware.org on securing a web site and ongoing efforts to eliminate the threat of malware being served up by compromised hosts and rogue web hosting companies. Basic security tips and tricks 5 steps to make your site more secure: Use strong passwords. Use SSH and SFTP […]
Read More
15 years ago
Security Breaches

Network Computing | Vulnerability Assessment Scanners

The first paragraph of this Network Computing Feature should be a wake up call for anyone on the internet who does not take security of their servers seriously. Following on from the first alarming paragraph is a lengthy 9 page feature on various vulnerability scanners. The article clearly demonstrates that while vulnerability assessment is not […]
Read More
15 years ago
Security Breaches

The June07 Mpack attack

Located in Russian underground forums and built as a commercial package, the MPack Exploit kit was the first documented type of its kind. On 18th of June 2007, a large scale attack was uncovered at an Italian based Web Hosting company. First discovered by Panda Software in May 2007, reports are stating over 10'000 sites […]
Read More
15 years ago