| |
| Current Topic: Computer Security |
|
Billy Hoffman: 'Would you like a destoyed Internet with your JavaScript?' |
|
|
|---|
| Topic: Computer Security |
1:29 pm EDT, Mar 26, 2007 |
A security researcher at ShmooCon on Saturday demonstrated, but did not release, a tool that turns the PCs of unknowing Web surfers into hacker help. As expected, SPI Dynamics researcher Billy Hoffman demonstrated a Web application vulnerability scanner written in JavaScript. The tool, called Jikto, can make an unsuspecting Web user's PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said. "The whole point was to show how scary cross-site scripting has become." "Once one person has talked about the ability to do it, it doesn't take that long for somebody else to come up with it," said one ShmooCon attendee who asked to remain anonymous. "It will come out."
There are already 50k hits for a Google search on "Jitko". A few comments from around the web: Jeremiah Grossman, of Whitehat Security, and "Pascal". Anurag Agarwal offered a Reflection on Billy Hoffman, along with a photo: This week on Reflection we have a very young guy from the webappsec field. Billy’s knowledge on Ajax is tremendous ... his ability to think differently has helped him achieve so much in such a short time. I got a chance to meet with him in the WASC meetup at RSA. He is a very lively character. Let me put it this way, if billy is a part of a conversation, you won’t get bored even if you just stand there and listen.
Billy got an amazing amount of press out of this one. Google is up to 74,000! Billy Hoffman: 'Would you like a destoyed Internet with your JavaScript?' |
|
|
|---|
| Topic: Computer Security |
11:36 pm EDT, Oct 5, 2005 |
Some Linux SCADA/PLC Links Linux in Control |
|
|
|---|
| Topic: Computer Security |
11:34 pm EDT, Oct 5, 2005 |
Modbus - SCADA protocol information Modbus-IDA |
|
knock - a port-knocking implementation |
|
|
|---|
| Topic: Computer Security |
4:31 am EDT, Apr 15, 2004 |
knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server. This port need not be open -- since knockd listens at the link-layer level, it sees all traffic even if it's destined for a closed port. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access. knock - a port-knocking implementation |
|
|
|---|
| Topic: Computer Security |
12:06 am EST, Mar 21, 2004 |
Interesting sec blog.. good links Security Blog |
|
CampusWide Information Mirror (Socialfreedom) |
|
|
|---|
| Topic: Computer Security |
12:58 am EDT, Apr 15, 2003 |
From Read_Me.txt in dir:
] These files mirror, brought to you courtesy of V1ru5,
] TheVoidAKABoB, and SystemFailure, seem to go well
] with the presentation that Acidus was to give at
] Interz0ne. Lots of information on the Blackboard CampusWide system. CampusWide Information Mirror (Socialfreedom) |
|
