GData: An Online MD5 Hash Database
I've been looking for a good site to get password dictionaries from for ages. Don't know why this one doesn't seem to show well on google searches, but the dictionaries for download there look good to me
DNS: Spoofing and Pinning.
SPI Dynamics Article on Javascript system enumeration
A Couple of interesting articles on the dangers of javascript/XSS attacks...
PSS > Tools > Nessj" href="http://www.pss.intekras.com/tools/nessj/">Intekras > PSS > Tools > Nessj
Handy. A java based nessus client.
Windows_Vista_Security_Model_Analysis.pdf (application/pdf Object)
Symantec's analysis of the Vista Security Model. Another one to read when I get some time.
A Process for Performing Security Code Reviews
Article on Performing security code reviews, one to read when I get a chance.
Sztywny Blog - Stiff asks, great programmers answer
Very interesting answers...
Oracle Exploits
Location with some good explanations and exploit code for various Oracle versions. Also some links to other locations with exploit code.
- VMTN Virtual Appliances Directory
The vmware virtual appliances directory looks very very cool to me. It's a collection of pre-installed pre-configured virtual machines setup for specific purposes... need a media-wiki server... no problem... need a network security scannng server ... no problem...
just download and go...
And if you combine it with the release of vmware server FOR FREE then you really have something cool...
One thing I did notice is that, unsurprisingly, all the VM's I looked at are based on Linux, and I expect this kind of thing will really drive the takeup of linux. If you think about it.. you're asked to demo a say e-mail security server to handle your burgeoning Virus/SPAM problems...
you could pay for a windows server license, buy it, configure it, get some software to do the filtering, install it, configure it, etc etc
or you could download a pre-configured Linux VM using Pre-configured Open source software ...
If you were a small overworked IT department... which would you choose?
Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)
Post about a MITM attack on Citibanks two-factor authentication system. The relaying of error messages from Citi by the attacker is a nice touch as it makes it seem a lot more legitimate...
Well not really a surprise that the attackers have worked this out. Of course it's slightly easier to detect/shut down as they have to do the attack in real-time as opposed to gathering the credentials and then using them at their leisure, which can happen with standard phishing.
Still, goes to show that there's more work neeeded to be done on this.
