Security Stuff - 0223

Featured, Tools 2 Responses »
Feb 232009

stickemup

Tools and Projects

jeriko – a set of scripts which help with the automation of common penetration testing tasks. (gnucitizen)

osg2 – OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project.

Webshag – multi-threaded, multi-platform web server audit tool written in Python.

SEAT 0.3 – uses search engine databases and other public resources to scan a site for vulnerabilities.

Bonsai – Andres Riancho (of w3af fame) provides professional information security services and training.

MMM… FUD

SSL Screwed
Twitter Twitdown

Recently Hacked

Hotmail
Paypal
Zone-h
F-Secure
Gears
You?

Posted by nukeit at 9:47 pm Tagged with: , , , , , , , , , , , , , , ,

Twitter using MD5 signed SSL certificates

Featured 2 Responses »
Jan 212009

Today, I found yet another Twitter security issue using the SSL Blacklist Firefox addon. The problem? Essentially, any certificate signed using MD5 may be counterfeit as shown by the highly publicized methods demonstrated at 25C3. Watch the video or download an audio recording here. Search for 3023 Making the theoretical possible. Other high profile sites that also use MD5 signed certs can be found here.

Posted by nukeit at 6:35 pm Tagged with: , , , , , , ,
Older Entries
© 2010 nukeitdotorg Suffusion WordPress theme by Sayontan Sinha