You can search for malware using Google, right down to infected sites inadvertantly sharing out malware code (executables). Damn cool stuff, and damn cool site. Search for “Bagle” for a good example.
Month: August 2006
vnc auth vulnerability
This is an awesome tutorial for examining and finding and exploiting the latest RealVNC Auth Vulnerability. I have a link to a scan tool that scans for this, and I have to find it. I suppose Metasploit will have this packaged already or soon. The fun thing about this is that I imagine most IT shops do not upgrade all their old VNC instances very much and either just use the same executable stored locally or always download a new one. I would bet many admins are still blissfully ignorant of this issue, and thus still have many vulnerable installs still sitting around. I consider this a must-have scan for any VNC instances found on a target network.
Update: the scanner
using ubuntu to crack wep
Tutorial on how to crack WEP using Ubuntu.
php security tools and tips
PHP has its share of issues and vulnerabilities. Honestly, it is the weak point of the LAMP architecture because of the potential for misconfigurations and insecure issues. The follow links go into an entry in the SANS Top 20 and the top 5 PHP security settings.
Since I use PHP I wanted to post this site with some PHP security tips from SANS.
And this is another nice list of php security issues and configurations.
Spike is a php auditing tool that I totally have to try out sometime soon.