Archive for October, 2006

0

Client Side Port Scanning

Posted by dk
October 5, 2006

Current JavaScript or other Client Side Scanning Techniques:
1. IMG Scanner – using (img src=)
http://www.gnucitizen.org/projects/javascript-port-scanner/
http://www.spidynamics.com/spilabs/js-port-scan/
Limitations:
This is a nice technique for scanning but can be easily mitigated by disallowing external images. This effectively breaks both scanners (tested in Firefox). This includes SPI Dynamics PING feature. You can turn off external images as follows (instructions for Firefox):
> Tools
> [...]

4

JSWebPing – JavaScript Web Ping

Posted by dk
October 5, 2006

JavaScript Web Ping
Author: david.kierznowski_at_gmail.com
http://michaeldaw.org

The Idea:
1. We setup an Iframe
2. We dynamically load our target address with a timeout
3. If the document is loaded, we flag the host as being up.
4. If the host is down, the timeout is reached and we flag the host as down.

This concept can also be extended to perform port scanning [...]

0

Hacker, Cracker Power Shift?

Posted by dk
October 3, 2006

Interesting news the last few weeks…..
ScanAlert customers get hacked:
http://jeremiahgrossman.blogspot.com/2006/10/just-when-you-think-its-over-scanalert.html

Accunetix and F5 are caught with their pants down:
http://www.darkreading.com/document.asp?doc_id=104815

Is a hacker, cracker power shift finally happening?
Let us examine a few areas:

1. Out of date security prodecures and tools vs cutting-edge exploitation
Jeremiah mentioned ScanAlert being PCI certified. Part of the PCI standard is to test [...]

Previous Page