netsec
224 views | +0 today
Follow
netsec
信息和网络安全
Curated by Ludaohong
Your new post is loading...
Your new post is loading...
Scooped by Ludaohong
Scoop.it!

思明警方装上“天眼” 海量监控十秒锁定嫌疑人 - 社会 - 东南网厦门频道

思明警方装上“天眼” 海量监控十秒锁定嫌疑人 - 社会 - 东南网厦门频道 | netsec | Scoop.it
思明警方装上“天眼” 海量监控十秒锁定嫌疑人
more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”

Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” | netsec | Scoop.it
For Ars, three crackers have at 16,000+ hashed passcodes—with 90 percent success.
Ludaohong's insight:

In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

短信平台相关常见问题整理- FreebuF.COM

在近期的渗透测试项目中,在短信平台相关功能都出现了一些问题,现对渗透过程中发现,及wooyun上出现的相关短信平台的几类问题做个整理。



一、短信发送无频率限制


通过wooyun上搜索可见,该类漏洞是最为…
more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

SkullSecurity » Blog Archive » Everything you need to know about hash length extension attacks

Now I'm gonna release the tool, and hope I didn't totally miss a good tool that does the same thing! It's called hash_extender, and implements a length extension attack against every algorithm I could think of:

MD4
MD5
RIPEMD-160
SHA-0
SHA-1
SHA-256
SHA-512
WHIRLPOOL

more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

Fiddler and Windows 8 Metro-style applications - Fiddler Web Debugger - Site Home - MSDN Blogs

Fiddler and Windows 8 Metro-style applications - Fiddler Web Debugger - Site Home - MSDN Blogs | netsec | Scoop.it

Over on StackOverflow, a new Windows 8 user asked how to get Fiddler working with new Windows 8 Metro-style applications. These applications work somewhat differently than classic desktop applications, and require a bit of special configuration work to get Fiddler to work properly.

more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

基站定位-http://minigps.net

基站定位-http://minigps.net | netsec | Scoop.it
基站查询,基站位置查询,基站定位,手机定位,手机基站定位,基站定位网,基站定位技术研究分享,lac,ci,cell id,lbs查询,geo查询
more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

Errata Security: Common misconceptions of password cracking

Errata Security: Common misconceptions of password cracking | netsec | Scoop.it

After this great article on passwords at Ars Technica, I've seen some common misconceptions pop up. I thought I'd clarify them (even though that article adequately covers many of this, people seem to have missed them).

MD5 is broken, use SHA1 instead

MD5 isn’t broken as far as passwords are concerned. Sure, it has “collision” problems, making it unsuitable for signing things (such as certificates), but that really has nothing to do with passwords. Thus, MD4, MD5, SHA1, SHA2, SHA3 are all roughly equally secure as far as passwords are concerned.

more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

The Invisible Things Lab's blog: Introducing Qubes 1.0!

Unfortunately, contrary to common belief, there are no general purpose, desktop OSes, that would be formally proven to be secure. At the very best, there are some parts that are formally verified, such as some microkernels, but not whole OSes. And what good is saying that our microkernel is formally verified, if we continue to use a bloated and buggy X server as our GUI subsystem? After all, a GUI subsystem has access to all the user inputs and output, thus it is as much security sensitive, as is the the microkernel! Or power management subsystem, or filesystem server, or trusted boot scheme, or ...

more...
No comment yet.
Scooped by Ludaohong
Scoop.it!

Pwn Plug Elite | Pwnie Express

Pwn Plug Elite | Pwnie Express | netsec | Scoop.it
The industry's first enterprise-class penetration testing drop box.

Includes all release 1.1 features
Includes 3G, Wireless, & USB-Ethernet adapters
Fully-automated NAC/802.1x/RADIUS bypass!
Out-of-band SSH access over 3G/GSM cell networks!
Text-to-Bash: text in bash commands via SMS!
Simple web-based administration with "Plug UI"
One-click Evil AP, stealth mode, & passive recon
Maintains persistent, covert, encrypted SSH access to your target network [Details]
Tunnels through application-aware firewalls & IPS
Supports HTTP proxies, SSH-VPN, & OpenVPN
Sends email/SMS alerts when SSH tunnels are activated
Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more!
Unpingable and no listening ports in stealth mode
Includes 16GB SDHC card for extra storage
Includes stealthy decal stickers

more...
No comment yet.