A+ R A-

Legacy Security Articles

Welcome, my name is b0iler and I will be your guide throughout this paper.  I hope you are ready and willing as this next hour or so may get pretty ugly.  With introductions out of the way I would like to state that this is not meant to be a full guide to teaching people about perl security.  There is just too many different ways to exploit perl for one paper to cover.  This paper is meant to help people secure their perl when it is

By Seth Fogie, Cyrus Peikari OCT 18, 2002 By Seth Fogie, Cyrus Peikari. Article is provided courtesy of Prentice Hall PTR.

If you think the only thing between you and the Internet is a bunch of networking equipment, think again! Using ARP spoofing attacks, a hacker can see everything you send and receive from your computer. Cyrus Peikari and Seth Fogie discuss the theory of ARP spoofing and demonstrate how this type of attack is accomplished.

By Scott C. Nevins

Bankers would be considered negligent if they locked a bank's outer doors and left the vault's doors open at night. Likewise, it doesn't make sense for an enterprise to lock down the network and leave databases vulnerable. Selectively protecting the most sensitive data that is at rest in databases from unauthorized access is critical, since that is where 90 percent of sensitive information resides.

by meathive

++| CVE-2008-1247
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions viaa direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri,(13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri.NOTE: the Security.tri vector is already covered by CVE-2006-5202.

First of all, I do not deface, I never have (besides friends sites as jokes and all in good fun), and never will. So how do I know how to deface? I guess I just picked it up on the way, so I am no expert in this. If I get a thing or two wrong I apoligize. It is pretty simple when you think that defacing is just replacing a file on acomputer. Now, finding the exploit in the first place, that takes skill, that

takes knowledge, that is what real hackers are made of. I don't encourage that you deface any sites, as this can be used get credit cards, get passwords, get source code, billing info, email databases, etc.. (it is only right to put up some kind of warning. now go have fun ;)

By mailto: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Technorati Tag: Windows Registry
What is the Registry?

The Registry is the central core registrar for Windows NT. Each NT workstation for server has its own Registry, and each one contains info on the hardware and software of the computer it resides on. For example, com port definitions, Ethernet card settings, desktop setting and profiles, and what a particular user can and cannot do are stored in the Registry. Remember those ugly system INI files in Windows 3.1? Well, they are all included with even more fun stuff into one big database called the Registry in NT.


This step-by-step guide describes how to view, configure, and analyze local security policy and local security settings using various components of the Security Configuration Tool Set included with the Windows® 2000 operating system.

Well, howdi folks... I guess you are all wondering who's this guy (me) that's trying to show you a bit of everything... ? Well, I ain't telling you anything of that...

Copyright, and other stuff like this (below).

Copyright and stuff...

Welcome to the 2nd issue of Hacking Techniques.  If you read the first one I am glad to see you liked it enough to want to read this one.  This issue will focus on how hackers bounce their attacks so that they do not get caught and so they use the power of a *nix shell.  As with the first one this tutorial can both be used by hackers and admins.  Hackers will learn how to mount an attack and use proxies to help stay anonymous.  Admins will learn how to prevent themselves from being used in an attack as a proxy and prevent stress.  If you don't know what a proxy is or how to use a wingate you need to read this tutorial.  People who run wingates, proxies, or give shells out also should go over this tutorial as to scare them into securing it.  I'll go over a few other random things such as using routers as wingates, and using wingates to bounce your irc sessions.

Page 12 of 14

Get email updates