http://www.offensive-security.com/movies/bt3teaser/bt3teaser.html
Tuesday, September 30, 2008
Backtrack 3 Teaser PWNS all
http://www.offensive-security.com/movies/bt3teaser/bt3teaser.html
Skype 4.0 fixes it's self
Skype 4.0 beta 2 gives you more say | Software news, tips and opinions from Download.com editors - Download.com
Updates to Process Monitor and Zoomit. Sweet
Sysinternals Site Discussion : Updates: Process Monitor v2.0, ZoomIt v2.11, Sigcheck v1.54, Contig v1.55 | A new Mark's Blog post: The Case of the Sloooow System | New Vista Springboard webcast
Process Monitor v2.0:
This major update to Process Monitor adds real-time TCP and UDP
monitoring to its existing process, thread, DLL, file system and
registry monitoring. You can now see the TCP and UDP activity processes
performed, including the operation (e.g. connect, send, receive), local
and remote IP addresses and DNS names, and operation transfer lengths.
On Windows Vista, Process Monitor also collects thread stacks for
network operations.
Shmoo Mailing Lists
https://lists.shmoo.com/mailman/listinfo
Clickjacking
Snipped from:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&intsrc=hm_ts_head
What is clickjacking? Good question. Getting to an answer, though, is a little tough, since Hansen and Grossman are keeping virtually all details confidential, at least for now. Here's how Grossman put it to Computerworld last Friday:
"Think of any button on any Web site that you can get to appear between the browser walls. Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue.... The list is virtually endless, and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to."
Yet another saved password location
http://blog.didierstevens.com/2008/09/29/quickpost-sql-server-2005-management-studio-and-password-management/
Monday, September 29, 2008
Make an video avatar
http://www.vtubetools.com/gifmaker/
Apple Ultracompact USB Power Adapter Exchange Program
https://supportform.apple.com/200809/
MobaLiveCD - Portable LiveCD Virtualization
http://mobalivecd.mobatek.net/en/index.php
Step by step - Make your own Wordpress theme
http://themetation.com/2008/07/14/how-to-create-wordpress-themes-from-scratch-part-1/
RSnake's XSS Cheatsheet
also, definitely check out CAL9000 OWASP Project: http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
Useful Wallpaper
http://www.gnome-look.org/content/preview.php?preview=1&id=88383&file1=88383-1.png&file2=&file3=&name=Linux-Unix+command+guide
Virus Total
http://www.virustotal.com/
Youtube now allowing 1GB files. Woot
http://lifehacker.com/5056485/youtube-bumps-video-clip-upload-size-to-1gb
(IN)SECURE Magazine Issue 18 is out
http://www.net-security.org/insecuremag.php
Automated? SQL Injection Framework
http://www.darknet.org.uk/2008/09/bsql-hacker-automated-sql-injection-framework/
IP Address Regular Expression
https?://[1-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.[0-9][0-9]?[0-9]?.*
Pyrit
http://code.google.com/p/pyrit/
Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK,
the protocol that today de-facto protects public WIFI-airspace. The
project's goal is to estimate the real-world security provided by these
protocols. Pyrit does not provide binary files or wordlists and does
not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.Pyrit's implementation allows to create massive databases,
pre-computing part of the WPA/WPA2-PSK authentication phase in a
space-time-tradeoff. The performance gain for real-world-attacks is in
the range of three orders of magnitude which urges for re-consideration
of the protocol's security. Exploiting the computational power of GPUs,
Pyrit is currently by far the most powerful attack against one of the world's most used security-protocols.