Today I am releasing my Simple Log File Analyzer 1.0. [Download here] Description The Simple Log File Analyzer helps you to detect possible hack attempts within the log files of your webserver. Features – Error handling – Scan a log file for four different attack types – Display a short scan report – Write scan [...]

What if there was a project which checks all available extensions for popular CMS (such as Joomla or WordPress) for vulnerabilities and therefore creates a list of “trusted” and secure plugins on which ppl can rely on? During the last weeks I spent much time thinking about the security of websites in general. While many [...]

On the 6th May 2010 a new version of Google Skipfish (penetration testing tool/vulnerability scanner) was released. View the changelog here. Download it here. According to the changelog not many things were changed.

I want to take the opportunity and share an interesting IT security blog with you: “Ack Ack – Go beyond the impossible!“. Four authors write very interesting blog posts, do some vulnerability research and publish tools && exploits. I especially love the article about performing DNS queries through MySQL (theory), the very funny RAM exhaustion [...]

I recently had the time to test Google’s Skipfish. It is a fully automated penetration testing tool and was just published some weeks ago. This little tutorial will show Debian/Ubuntu users how to install it and perform the first test. I. Introduction Tools like Nessus and Nmap are indispensable when it comes down to security [...]

Please view the original advisory here. The very popular download manager dl_stats suffers from various vulnerabilities. #1 SQL Injection #2 XSS #3 Unprotected Admin Panel The vendor seems to have rewritten the software, since version 2.0 dl_stats is no longer vulnerable to SQLI and XSS. But… 90 percent of the websites using dl_stats did NOT upgrade [...]

Since 2009, Milw0rm seems to be “dead” and no longer up2date. But there is hope During the last months other websites have emerged and other ones have attracted more attention than before. I want to show you 17 ways to obtain your latest Vulnerabilities && Exploits && Advisories elsewhere: http://nvd.nist.gov http://secunia.com http://inj3ct0r.com http://www.expbase.com http://www.exploit-db.com http://www.sebug.net [...]

During the last days lots of stuff was going on. Facebook was hacked but nobody seems to take this serious, at least that is my impression here in Germany. Although the media are aware of the issue, they completely ignore it. Not even the data privacy websites picked that topic up. This leaves the impression [...]