//
archives

software

This tag is associated with 8 posts

Port 4567 on Centurylink and Verizon

Little disturbed buzz about 4567 over the last day or two as a few newfags realized that 4567 is open to the world. Well how exactly did you expect that your DSL tech support can tell whether or not your modem is working properly and run speed tests on the link? MAGIC?? 4567 is registered … Continue reading

Mass Social Network Ease of Use Vulnerability: Pt 5 Monster

Disclosure of usernames has long been considered a security vulnerability of equal importance as a password. Security experts recommend avoiding the use of admin and root as usernames, and we can even see that practice taken to heart with leaks like Gawker. Administrators and users especially consider the password the only part that of the … Continue reading

Mass Social Network Ease of Use Vulnerability: Pt 4 MySpace

Disclosure of usernames has long been considered a security vulnerability of equal importance as a password. Security experts recommend avoiding the use of admin and root as usernames, and we can even see that practice taken to heart with leaks like Gawker. Administrators and users especially consider the password the only part that of the … Continue reading

Detecting Steganography in JPG Images

If you read my article on using MITM attacks on Tor you might be wondering about practical purposes other than stealing passwords and personal information. The fact is that I have no interest whatsoever in targeting specific people. I do what I do for 2 reason, I find the synergy and flow of data sexy, … Continue reading

An Introduction to Steganography aka Stenography

What is Steganography Steganography is the art and science of hiding that communication is happening. Classical steganography systems depend on keeping the encoding system secret, but modern steganography is detectable only if secret information is known, e.g. a secret key. Because of their invasive nature, steganography systems leave detectable traces within a medium’s characteristics. This … Continue reading

Handling unique images in SQL

I am working on a deep packet analysis problem right now and came back to an oldie but goodie that I thought I would share. A common security vulnerability with most web applications is their handling of images. Inexperienced developers will write uploaded images to disk instead of to a database. This design style allows … Continue reading

Anomalous JavaScript Pt2

And finally something useful http://96.126.107.154/cb/getClickbank.php found in this decoded block(after decode) returns Now we make a quick stop off to ARIN.net to find out some more information about this particular IP address. What do we find? It is a static IP from inside the United States(wouldn’t be in ARIN otherwise). You can read more of … Continue reading

Anomalous JavaScript Pt 1

While examining the image and page source of the page the FBI put up on MegaUpload.com I found this anomalous JavaScript. I am having difficulties reproducing the content on other browsers. I am hoping this is not a bad sign. I am going to de-obfuscate this JavaScript so I can get a better idea of … Continue reading