HI All
“Attackers are exploiting a known vulnerability in Yahoo’s network to
launch brute force attacks against users’ Yahoo mail accounts. The
attackers are using hijacked mail accounts to send spam. The main Yahoo login page has mechanisms in place that protect accounts from brute force attacks, but the recent attacks have been exploiting a web
application (services) that automates the authentication process and does not have the attack protection in place.”
Users should choose strong password to stay SAFE.
Read more »
I am happy to anounce the release of crack.pl version 2 it can be downloaded in a zip file :
http://code.google.com/p/kalgecin/downloads/list
or svn :
http://kalgecin.googlecode.com/svn/crack/
Enjoy 
Here’s an extract from their site
July 16, 2009 — Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this.
Considering all the changes, we consider this the most important Nmap release since 1997, and we recommend that all current users upgrade.
Read more »
Alright..I agree this is no big news. But the reason, I thought would mention the thing here is the full disclosure by the attacker (anti-sec group). For those who are new to infosec world can have an idea how attackers can tear you (your site) apart. Luckily, astalavista was not any financial institution. So other webmasters out there, keep vulnerabilities (atleast known) a-bay from your application/OS/webserver etc….
Full disclosure here.
Hula All!
Back to blogging after a long time. Well, as the saying goes “Be late then never”
Back to Security world there are quite an important news around.
1. Gumblar.cn : This trojan is reported to be spreading rapidly using mainly the adobe vulnerability and other techniques. It captures your key logs, web traffic etc for any sensitive login credentials. Reportedly it mainly targets for FTP credentials. Then it infects the hosted site by injecting the malware download link into its html content. Scansafe has suggested a way of checking if your system is infected?? Good Read.
2. HPP: A subcategory of variable manipulation attack vector. Well, this is technique is not a new face to most of the security testers. Two researchers presented the details at OWASP, Poland. As per the presentation, HPP can be used to
Read more »
Application Security, Evil particles, Information Security, Network Security, Vulnerability Assessment | w0lf | May 28, 2009 | 
Comments (3)
adobe, gumblar.cn, HPP, http parameter pollution, IIS webdav, microsoft
Blogged here recommentions and security tips for file upload module which is commonly targetted by hackers.
Any feedbacks/suggestions would be of great help
Well this is an article written by me for Palaside -magazine. This is just a brief article (good for begineers) about basic stages of malware and virtual keyboard fight.
In an interview with GMZ, the 18 year old confessed that he had access to Twitter’s admin console. He also helped himself gain access to few high profile requests.
Check this out.
Read more »
Firewalls block hackers from directly connecting to your network shares. Windows administrators keep their systems up-to-date with the latest software patches to thwart worms such as Nimda and Code Red. And user passwords are stronger than ever. But are we secure yet? While the situation is much better than it was just a couple years ago, many companies are still quite vulnerable to a number of attacks. Blocking ports and installing patches has not stopped hackers, it has just forced them to find new ways to break in. And chances are, the first place they are going to look is your Web application.
Read more »
Firefox has released new version 3.0.4. Well functionality is nearly the same but they have patched the security fixes.
Read more »
