Wednesday, 16 November 2011

FreeFloat FTP Server - Buffer Overflow Vulnerability


Ashfaq Ansari Reported FreeFloat FTP Server - Buffer Overflow Vulnerability. In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, whilewriting data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case ofviolation of memory safety.Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates.This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach ofsystem security.

This Exploit helps to gain remote access on FreeFloat FTP using FEAT command. Download Proof of Concept from Here and Exploit is Available here.
Posted by at No comments:
Labels:

UCLA psychology department database hacked by Inj3ctor



Inj3ctor team of Hackers take responsibility for the release of information from the psychology department’s database which included the names, home addresses and dates of birth of 26 applicants to the university. The attacker also published some information that helped him access the database. He highlighted the open ports and the versions of the services he relied on to hack the site.

This is not the first time that the department database has been dumped on Pastebin. In July 2011, another hacker posted psychology department faculty’s phone number, first and last name, e-mail address, street address, and UCLA ID number. Webmasters from UCLA IT are still investigating the hacking, but Bollens said it is likely the result of a SQL injection, which makes programs give more information than intended for release.

The psychology department’s outdated database may have made it more susceptible to the SQL injection, where the hacker puts in a code that the program doesn’t recognize. That can cause the program to give up information that the programmer did not intend to release. SQL injections are responsible for more than 90 percent of hacks.
Posted by at No comments:
Labels:

Sky News Twitter account Hacked

Hackers yesterday accessed the Twitter account for Sky News business desk and posted a tweet claiming that James Murdoch had been arrested by London police. It has also lately been used by hacker groups to simply raise their profile and make the public aware of their existence.

Soon re-twitted by many followers, the fake news created quite a stir.The false tweet was erased within minutes, but not before other Twitter users had shared it across the network. Sky News is likely to find out soon whether the hack was executed by an insider - possibly as a joke - or by hackers.
Posted by at No comments:
Labels:

Tuesday, 15 November 2011

BackTrack 4: Assuring Security by Penetration Testing


Details:

Paperback: 392 pages
Publisher: Packt Publishing (May 11, 2011)
Language: English
ISBN-10: 1849513945


Description:

Written as an interactive tutorial, this book covers the core of BackTrack with real-world examples and step-by-step instructions to provide professional guidelines and recommendations to you. The book is designed in a simple and intuitive manner, which allows you to explore the whole BackTrack testing process or study parts of it individually. If you are an IT security professional or network administrator who has a basic knowledge of Unix/Linux operating systems including awareness of information security factors, and you want to use BackTrack for penetration testing, then this book is for you.

About the Authors:

Shakeel Ali

Shakeel Ali is a main founder and CTO of Cipher Storm Ltd, UK. His expertise in the security industry markedly exceeds the standard number of security assessments, compliance, governance, and forensic projects that he carries in day-to-day operations. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses and government institutions globally. He is an active independent researcher who writes various articles, whitepapers, and manages a blog at Ethical-Hacker.net. He regularly participates in BugCon Security Conferences, Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures.

Tedi Heriyanto

Tedi Heriyanto currently works as a Senior Technical Consultant in an Indonesian information technology company. He has worked with several well-known institutions in Indonesia and overseas, in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, doing information security audit and assessment, and giving information security awareness training. In his spare times, he manages to research, write various articles, participate in Indonesian Security Community activities, and maintain a blog site. He has shared his knowledge in information security by writing several information security and computer programming books.




BUY : BackTrack 4: Assuring Security by Penetration Testing


Free Download : BackTrack 4: Assuring Security by Penetration Testing


If u want learn Ethical hacking ...U will download ethical hacking ebooks..
Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)