http://www.ddosed.com Sat, 05 Apr 2008 13:32:14 +0000 http://backend.userland.com/rss092 en Below is a list of US governmental websites which were defaced by crackers - or elite hackers as the media would say - since 26th of June 07 until late February 2008. It is quite interesting to know that most of the security vulnerabilities affecting the following *.gov websites are ... http://www.ddosed.com/2008/04/05/jun-2007-to-feb-2008-us-gov-website-defacements-commentary/ I know I haven't posted on this blog for a long time, you can tell that! :) Other important projects in digital and real life kept me really busy. Soon enough will join the navy for a 9 months period, though will keep on blogging whenever I have free ... http://www.ddosed.com/2007/10/31/regarding-new-updates-on-this-blog-and-contribution-matters/ Arley Silveira has released the 1 year anniversary version of TXDNS. Very soon he will release the version 2.2 of TXDNS. This release implements DNS queries against multiple DNS servers, a more efficient threading algorithm and some minor bug fixes. Quoting from the tool's official website: TXDNS main goal is to expose ... http://www.ddosed.com/2007/08/21/txdns-v215-a-multithreaded-digger-and-brute-forcer-for-dns/ Tim Brown from Nth Dimension has coded a cool password brute forcer for SSH called SSHatter. It is multi threaded and can audit more than one system and account in a given session. Download SSHatter-0.2 http://www.ddosed.com/2007/08/21/sshatter-a-password-brute-forcer-for-ssh/ Through the following post I am not purposing to influence you to start defacing, but to briefly give you a better understanding of how and why it is done. Almost everyday I visit Zone-H's archive of special digital attacks, I find that at least 1 or 2 attacks were done against US governmental web ... http://www.ddosed.com/2007/08/09/how-crackers-deface-websites-why-they-do-it/ Have you heard of cross-site framing? The past few days I saw listed on our archive, several websites vulnerable to cross-site framing - listed as frame redirection. I will briefly describe a possible exploitation scenario, concluding with more emphasis on the negative impact that this type of vulnerability can have ... http://www.ddosed.com/2007/03/28/cross-site-framed/ My friend SuRGeoN from Greece wrote a very interesting pen-test paper which explains how easy is to convert an internal network into an external with the port redirection technique. He demonstrates the attack scenarios - including network architecture diagrams - and goes into great technical details about them. Furthermore, ... http://www.ddosed.com/2007/03/17/pen-test-paper-how-an-internal-network-becomes-external/ Aviv Raff has published on his blog an interesting proof of concept of the vulnerability affecting Internet Explorer v7: a cross-site scripting in the navcancl.htm local resource. This resource is called when the navigation to a page has been canceled, it displays an error message with a link to reload the ... http://www.ddosed.com/2007/03/15/internet-explorer-7-phishing-using-local-resource-vulnerability/ The goals of XSSed.com are to provide informative resources on cross-site scripting(XSS) vulnerabilities and exploitation methodologies, and to archive XSS vulnerable websites for statistic purposes. Mirroring websites is a way to prove to vendors and webmasters that the vulnerability really existed - in case of denial. Users will become more ... http://www.ddosed.com/2007/03/06/xssedcom-what-who-why/ Everyday, the security of many high-profiled governmental, military, educational and corporate websites, is broken into by crackers who deface them. Although some defacers protest against wars and other just send greets to their cyberdudes, I believe that their true motive is to get to the top of the lead in ... http://www.ddosed.com/2007/02/22/high-profiled-websites-getting-hacked-and-defaced/