|
features post news
(SMS/Articles)
Recent News
Still relying on Google to snoop on your friends?
@ Dec 01 2008, 12:54 (UTC+0) | From: gr00ve :
If you are still relying on Google to snoop on your friends, you are behind the curve. Armed with new and established Web sites, people are uncovering surprising details about colleagues, lovers and strangers that often don't turn up in a simple Internet search. Though none of these sites can reveal anything that isn't already available publicly, they can make it much easier to find. And most of them are free.
Continued... |
|
Nightmare Before Christmas: Researchers Warn Of Holiday Shopping Threats
@ Nov 28 2008, 18:05 (UTC+0) | From: gr00ve :
Move over, Ebenezer -- there's a whole new class of holiday gloom in town. During the past several weeks, security vendors and researchers have been predicting a wide range of attacks and threats for the holiday shopping season that begins Friday. This year's warnings include malware, phishing, insider threats, lost laptops.
Continued... |
|
Symantec: Underground cybercrime economy booming
@ Nov 28 2008, 15:22 (UTC+0) | From: gr00ve :
The underground cybercrime economy is a self-sustaining market that is thriving despite the current economic downturn, according to security company Symantec. The company published an extensive 99-page whitepaper on its findings yesterday; it discusses activity on underground economy servers between July of 2007 and the end of June 2008. Symantec estimates that the total value of advertised goods in this economy added up to $276 million over the 12-month period.
Continued... |
|
Estonian ISP cuts off control servers for Srizbi botnet
@ Nov 28 2008, 15:18 (UTC+0) | From: gr00ve :
An Estonian ISP that temporarily hosted the command-and-control servers for the Srizbi botnet, responsible for a large portion of the world's spam, has cut off those servers, according to computer security analysts. Starline Web Services, based in Estonia's capital Tallinn, had hosted four domain names identified as the control points for Srizbi, according to researchers from computer security firm FireEye.
Continued... |
|
Browser Rider a hacking framework to build payloads
@ Nov 27 2008, 17:11 (UTC+0) | From: gr00ve :
Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.
Continued... |
|
MultiInjector - Automated Stealth SQL Injection Tool
@ Nov 27 2008, 17:09 (UTC+0) | From: gr00ve :
MultiInjector claims to the first configurable automatic website defacement software.
Continued... |
|
|
Shoulder Surfing a Malicious PDF Author
@ Articles -> Link
Nov 30 2008, 00:01 (UTC+0) | Ever since I read about the incremental updates feature of the PDF file format, I’ve been patiently waiting for a malicious PDF document with incremental updates to come my way. Thanks to Bojan, that day has finally arrived.
The 2 malicious PDF documents I received (data.pdf and info.pdf) both exploit the same Acrobat JavaScript util.printf vulnerability.
data.pdf is very interesting to me: it’s one PDF file containing 5 incremental updates, essentially bringing us an archeological record of the malware author’s trial-and-error session. So let’s start uncovering what the malware writer has been up to.
Continued... |
|
Designing A Fully Functional Keylogger In VB (Part II)
@ Articles -> Programming
Nov 29 2008, 00:32 (UTC+0) | lone_REBEL writes: Now that we have made a basic keylogger, its time to improve it. Today, we shall learn about key repitition and the implementation of the ASCII scheme.
If you recall, we used the GetAsyncKeyState() (we shall refer to it as GAKS) function to know if a key is being pressed or not. Now, the basic structure of our program was like this: We used a Timer control to repeat our function and we logged the information we received. At this point, our logging was limited to alpabetic characters and we were only able to log in uppercase. Now first of all, we shall devise a method to log all the keys.
continued... |
|
.NET Framework Rootkits
@ Articles -> Link
Nov 27 2008, 17:04 (UTC+0) | An interesting read about hiding rootkits in .NET or rather setting up .NET as a rootkit is here folks.
The whitepaper .NET Framework rootkits - backdoors inside your framework covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it's supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper. A Presentation on this topic is also available. This paper also introduces .NET-Sploit 1.0 beta - a new tool for building MSIL rootkits that will enable the user to inject preloaded/custom payload to the Framework core DLL.
Continued... |
|
Responds to Plaintext Recovery Attack Against SSH
@ Articles -> Security
Nov 27 2008, 02:43 (UTC+0) | bulibuta writes:
There's been some fuss about this CPNI issue and many seemed pretty scared (hello furunk3l!). The problem with it was that it was vague, didn't have any actual technical information and pretty much lied about telling all the SSH vendors about it.
It was a real treat when they just changed the text in their advisory to adjust to the community responses in order to make it look less foolish and actually say something. Security marketing ftw!
Anyway, the guys at undeadly summed up a nice article about everything so anyone that wants to get a general idea of what happened and what steps have been taken in this direction can look it up there.
`` OpenSSH Security Advisory: cbc.adv
Regarding the "Plaintext Recovery Attack Against SSH" reported as CPNI-957037:
The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, we are unable to properly assess its impact.''
Continued...
|
|
the older posts:
Neworder File and Link Archive Anonymity - How to stay hidden.
Archive Sites - Archives full of a broad range of information.
Books and Guides - The literature. Books, Guides, Papers, Tutorials and Ezines.
CGI/Web Security - Web based attacks.
Coding - Sorted by language.
Cracking - Literature about cracking and the programs you need.
Cryptography - Resources on encryption and decryption.
Culture - Literature about hackers and what they like to do.
E-Commerce and Internet Banking - Information related to E-Commerce and Internet banking.
E-Mail Security & Utilities - Literature and software.
Emulation - Various emulators for your games and applications.
Exploits and Vulnerabilities - For various operating systems.
Freedom of Speech and Rights - Sites that deal with sharing knowledge in speaking form.
General Computing - General information about computers.
Hacking Challenges - Educational hacking/sites specially made for hacking.
Hardware - Processors, motherboards, video cards... It's all in here.
Information Security Presentations - Links to Information Security Presentations. From gatherings such as BlackHat, Defcon, and others.
IRC - Internet Relay Chat texts, scripts, and clients.
Law - Links covering topics such as computer crime law and free speech.
Members' Sites - The web presence of fellow neworder boxters.
Miscellaneous - All other topics.
Networking - Links and information related to networking.
Open Source Operating systems. - Linux/BSD/Others.
Phreaking - Telephony hacking.
Security - Security in general, portals, news sites, directories, commercial.
Security Certification - Links to security certifications, and study help.
Shell Accounts - Shell accounts for learning Unix commands, etc.
Teams and Advisories - The scene, groups, own tools production, security research, etc.
Unix/Linux/BSD - Unix/Linux/BSD related information, articles, exploits, and tools.
Utilities - Tools and miscellaneous programs.
Virii - Sites dedicated to inform about viruses and trojans, and antiviral software.
suggest a link Top of page
|
random article
featured download
Event log monitoring and management
of Windows event logs, W3C,
Syslog and SNMP Traps. Download
a free 30-day trial!
featured article Pod slurping:
an easy technique of stealing data
read here
poll
What is the first protocol you used to administer a remote system?
|
linking & backends Information about how to link to NewOrder.
New Order news rss feed,
a sms rss feed or a complete list. |
