spamversand

Beef

scooba — Fri, 07 May 2010 22:49:23 +0000

On the last meeting of the AK Sicherheit (ECO Verband) we could see a live demo
of the tool Beef (Browser Exploitation Framework). Nice to see that XSS-attacks
(cross-site-scripting) is not only a nice POP-UP window, but is indeed a real attack
vector for anyone.
Try yourself, the software can be downloaded from www.bindshell.net

own rbl started

scooba — Fri, 07 May 2010 22:44:17 +0000

I finally managed to create my own RBL (realtime blocklist) feeded by my honeypot.
All verified IPs which successfully attacked the honeypot are put into a database, which
provides a rbl for our MXes. The IPs are held for 24 hours except those which have more than 50
successful attacks within the last day. I was wondering if there were any mail-hits to be seen
at all; at least these are totally different attack vectors. But strangely enough I could see
blocked emails because of the entries made by the honeypot. We will see how well this
performs.

Judges drop ipaddress-collection

scooba — Tue, 02 Mar 2010 10:04:06 +0000

Today the Bundesverfassungsgericht judged about the 6 months collection
of ip addresses and email-data. Result: The current laws are not satisfying the german
Grundgesetz (constitution). All saved data are to be deleted.

Press information

On the other hand are these kinds of collection not impossible at all, as long as the
laws are made right. We will see if we can use our boxes for binary-news storage
instead

Fun with your neighbour

scooba — Wed, 03 Feb 2010 11:48:15 +0000

Do you believe your neighbour is using your WLAN without your permission?
Here is a funny solution what to do with him:
(found in “Full Disclosure”)

http://www.ex-parrot.com/pete/upside-down-ternet.html

new honeypot ips

scooba — Fri, 18 Dec 2009 15:25:43 +0000

I’ve added quite a lot of target ips to the honeypot. The number of successfully analyzed attacks per hour
raised to more than 750. Each attack generates an automatic complaint or results in blocking our own customer.
Must have a look if the honeypot and the following systems are powerful enough..

mondo: new version

scooba — Wed, 02 Dec 2009 16:42:34 +0000

The famous backup-software Mondo has been released with a new version:

Project mondorescue version 2.2.9.1 is now available Now available at ftp://ftp.mondorescue.org

Thanks to Bruno Cornec for this flexible image-generating tool.

New Nessus Version

scooba — Wed, 02 Dec 2009 15:26:11 +0000

Nessus, the popular Security-Scanner has been released in a new version:
30th November, 2009: Nessus 4.2.0 released
You don’t need a client anymore to use Nessus – a normal webbrowser is now sufficient enough.
Several other changes make the tool even more interesting. Homepage is here.

str0ke dead?

scooba — Wed, 04 Nov 2009 13:56:55 +0000

Rumors say that str0ke, the maintainer of milw0rm has
died. There has been a lag recently in publishing new exploits on this website, so it might be true?

— Update —

Seems it was a fake: http://twitter.com/str0ke says he’*s alive and kicking.

FD: Wireshark Plugin for Mariposa Botnet

scooba — Thu, 29 Oct 2009 12:55:01 +0000

Yamata Li from the Palo Alto Networks threat research team has developed a plugin for wireshark that allows you to view the obfuscated traffic generated by a Mariposa (Botnet) infected client.
This info was published on Full Disclosure today. The website mariposa-tool shows the detailed usage of this tool.

Nikto

scooba — Wed, 21 Oct 2009 15:33:59 +0000

A post in Full Disclosure reminded me of Nikto,
a security tool for webservices. Based on libwhisker it tests a whole lot of possible bugs
in a webserver/application. Works nice .. just wondering why it says spamversand.de runs on Microsoft IIS 5/0 ..?