Clickjacking is a relatively new term in the web hacking area. Although, the original paper by Robert Hansen and Jeremiah Grossman was published in September of 2008, clickjacking has become fairly “normal” and common. It’s a visual trick that gets users to click on something they weren’t intending to click on – like that “buy now” link or the “follow me” link that the marketer wants you to click on. Granted, it has limited use in the purchasing area, since most online stores require you to give them your credit card number before you can buy anything. However, an attacker can use it to get more “impressions” and click-throughs and fraudulent ad money for example – or increase their popularity.[…]
Category: Technology & Tool Thursday
Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions.
Nessus is a nice tool, but some people have complained and revolted against it because it went closed source in version 3.0. I’m sure there were good reasons for that, but if – for whatever reason – you don’t want to use Nessus, what can you use? Enter OpenVAS. I’ve mentioned OpenVAS before, but version 3.0.0 came out in December, so I figured I’d give more details on it. It’s a fork of Nessus 2.0, so if you used Nessus while it was still open source, it’ll be somewhat familiar to you. It still uses NASL for tests, so you can use some of those ancient vulnerability tests if you need to. It also has the same basic client/server architecture.[…]
It’s the news the penetration testers have all been long awaiting; Backtrack 4 final is here and now. Though many people, myself included, have been using various pre-release, beta release, and pre-final release flavors for almost a year now ever since first standing in line to hand over my usb stick to a group of elite hackers at Shmoocon 5, now there is no excuse. The final release is just in time for Hack or Halo at Shmoocon 6, saving me the trouble of making sure to update every tool I might possibly need before the big event. So why does Backtrack rock in general? It’s basically most of the tools you will need for your pentest all rolled into[…]
Seems the new year has brought out a few new findings. One being the newly discovered “God Mode” feature in Microsoft’s Windows 7 based operating systems. At its core, it’s basically a glorified control panel. It takes all the hard to get to, or annoying multiple right click -> properties -> options -> submenu -> etc. -> etc. parts out of some of the common administrative tasks. So, how do you get this miracle “God Mode”?
I don’t think it’s possible to have too many network security toolkits. Netwox is probably not as common some of the other toolsets included in some security-oriented live CD distros. However, it can certainly hold its own when it comes to capability and flexibility. Netwox stands for the Network Toolbox and the software includes over 222 different tools/functions that it can perform to help you do whatever it is you want to do on a network. This includes everything from spoofing arp packets, to becoming a telnet server, to running port scans and sniffing traffic. Even though some of the “tools” aren’t done with efficiency in mind, they get the job done just fine. And with so many features to[…]
Today is the day. Whether you pre-ordered Windows 7, received a free upgrade voucher, or are purchasing it from your local retailer, one thing is for sure. It’s been a long wait. If you haven’t had the chance to play with the beta, RC, or RTM versions of Windows 7, then you’ve truly been missing out (assuming you’re a Windows user to begin with). It truly is a great step up, regardless of all the negative hype Vista had, Win7 holds its own on quality.