Wednesday, December 15, 2010

More WikiLeaks News

Pro WikiLeaks hacker group’s DDoS tool downloads top 40,000 (12/13/10)
Imperva, the web security specialist, has reported that the tool released by the Anonymous Hacker Group for would-be WikiLeaks protesters has been downloaded over 40 000 times, with the majority of downloads occurring in the US. Imperva said there were three versions of the denial of service tool that members have been able to use:
http://www.infosecurity-magazine.com/view/14611/pro-wikileaks-hacker-groups-ddos-tool-downloads-top-40000/

Anonymous attacks more websites, as second Dutch teenager is arrested in WikiLeaks saga (12/13/10)
http://www.infosecurity-us.com/view/14621/anonymous-attacks-more-websites-as-second-dutch-teenager-is-arrested-in-wikileaks-saga/

WikiLeaks Imbroglio Renews Focus on Risk Management (12/13/10)
http://www.information-management.com/news/risk_management_data_storage_security_WikiLeaks-10019275-1.html

WikiLeaks-Related Spam Spotted (12/13/10)
http://blog.trendmicro.com/wikileaks-related-spam-spotted/

UK.gov braces for possible Wikileaks hacklash (12/14/10)
http://www.theregister.co.uk/2010/12/14/wikileaks_hacklash/

The Hacka Man

Tuesday, December 14, 2010

WikiLeaks

So Wikileaks recently made the news headlines on all major media. Companies with dirty secrets needs to be on extra vigilant and watch out for attacks. The next attack target, BAC??? Are controls and processes in place?? What mitigation techniques are effective? Let's monitor and watch for now. :)

Attacking BAC

The Hacka Man

Wednesday, November 3, 2010

XSS without Browser

To all Sec guys, I had been cracking my brain over these past 2 weeks thinking on how do i verify successful XSS attacks without using the browser. I know it sound absurd, but that's the way it is. All i have is pcap files available. From those pcap files, we can obviously search for those "script" word or other variants of XSS attacks by using regular expression. However, how do we know if an attempt is successfully executed or just false positive. Looking at the HTTP 200 response code, that will tell me that the attempt went through, but how do we know if we are truly exploited. Javascript maybe?

The Hacka Man