Hacker News: Backtrack 4 Beta, Web Services Testing, Monster Hacked and More
Backtrack 4 BETA released
The guys at Backtrack have released Backtrack 4 BETA. Cool changes include Kernel 2.6.28.1 with better hardware support, Pico e12, e16 support, better wireless injection support, RFID support and a bunch of new tools.
Fasttrack security tool gets spotlight
David Kennedy’s Fasttrack tool got high reviews after Shmoocon. It provides CLI and a cool web frontend. You can automate Metasploit, brute force weak sa passwords on MS SQL serve IP ranges, find SQL injection vulnerabilities with an INJECTME placeholder and more more. The tool is only available in Backtrack. A nice demo here.
SQL Map 0.6.4 released
Bernardo Damele releases Sqlmap version 0.6.4. New features include a better string comparison engine and some major bug fixes.
Monster gets hacked
Monster got hacked and had millions of hob seeker data stolen. Would hate to be the infosec manager. I don’t think data has been released about how the hack occured, however, contact and account details were lost, including user IDs, passwords, email addresses, names, phone numbers, and basic demographic data.
Next-Gen WordPress Vulnerability Scanner released
BlogSecurity releases next-gen WordPress scanner. The tool is still BETA but has some cool new features like an XML driven test engine allowing anyone to contribute tests. We hope to split this project off to other open source apps. as resources permit.
DNS DDoS Saga Continues
For those who haven’t heard, a few weeks ago reports started coming in of odd (.) DNS queries. It has since been found to be a distributed denial of service vulnerability targetting the Internet ROOT nameserver. The attack was actually working and the ROOT nameservers began to slow… SANS have released a tool to test your DNS server and include some config advice to fix it.
There are rumours that this attack may have been part of some mass DNS poisoning attack inspired by Dan Kaminsky’s DNS vulnerability research released last year.
Laramies Corner’s gives some nice links to web services pentesting
Christian Martorella over at Laramies Corner has put together some nice links for web services testing. Definately a page to keep bookmarked for quick reference.
Automated Web Vulnerability Scanner Comparison
anantasec posted a scanner comparison to the web security mailing list. I found it quite an interesting read. Its really useful if anyone is planning on forking out for one of these tools. A copy of the report is here.
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
No comments yet.
Leave a comment