Thursday, March 20, 2003

tscrack
TScrack is a dictionary based (rather than bruteforce) password cracker for Microsoft Windows Terminal Services (RDP).
File Signature Database
This database is designed to assist examiners primarily for the process of searching unallocated space. With the ever-growing number of forensic tools being produced I have attempted to create a portable database, allowing examiners to export the data within, for the use on the majority of the leading forensic computing tools.

Wednesday, March 19, 2003

Wireless Security & Hacking
This is the last article in the Wireless series. Just to remind you, the first article introduced the reader to the Wireless world and discussed Wireless devices and protocols. The second article went deeper into Wireless networks, provided general info on WLAN and discussed IEEE standards for them. This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools.

Monday, March 17, 2003

Four basic steps can get hackers into most computers
Every breach of computer security is different, depending on the skills of the attacker and the defenses in your system. But most hackers follow the same four basic steps to perpetrate an attack — profiling, scanning, enumerating and exploiting.

Here's how each step works.
Remote timing attacks are practical
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.