Earlier this month I decided to take the scripts for username generation and roll them into an open source project. There were a couple of reasons for doing so. First, I needed source control hosting and SourceForge provides that for free as long as you release the project to the public. Second, I want to [...]
Tags: open source, penetration testing, web app security
I’ve written a couple of posts about a script I wrote to generate usernames. Since then I’ve written another script that uses Yahoo’s XML API and both of them have been included in SamuraiWTF. It’s been pretty cool to see people try out something that I wrote and find it useful to them. The scripts [...]
Tags: penetration testing, username generation, username generator
Mike Patterson on the Pauldotcom mailing list commented that he thought usernameGen.py could use handling for middle names. The template that he suggested was of first initial, middle initial and last name. I think he’s right. Originally I had the script avoid middle names or initials, but I went back and added the format Mike [...]
Tags: penetration testing, social networks, username generator
I wanted to do some testing on access controls to a SQL server recently, but I needed to a decent password list and username list. Password lists are fairly straight forward to find and I used an excellent how to from the Pauldotcom Podcast to create my password list. Next I needed a list of [...]
Tags: social networking, username generation, web security
There have been a few vulnerabilities lately with Adobe Acrobat Reader handing malicious javascript badly and this post is to show how to disable javascript in Acrobat Reader. While disabling an entire piece of functionality seems a bit like over kill, there are a couple of reasons that you may want to do this. Adobe [...]
Tags: adobe acrobat vulnerability, computer security
This is a bit different from what I’ve posted before. I’m forming a group to prepare for the CISSP examination. We will be conducting the sessions via Skype and using some other online resources for sharing information. I expect to get started in late April or early May and it should last about 3 months. [...]
Tags: cissp study group
On March 31st the House of Representatives Subcomittee on Emerging Threats, Cybersecurity, and Science and Technology held a hearing on the effectiveness of the PCI Data Security Standards. Video and documents from the hearing are available here. The question of the day was whether or not PCI DSS actually prevented computer crime. I started watching [...]
Tags: congress pci hearing, pci standards, security standards
Last week I was migrating a client to a new computer and was preparing to configure Outlook. Their email account used POP3 and they didn’t remember their password anymore. I really didn’t want to call the email provider to reset the password, but I had to get this setup too. With a bit of hunting [...]
Tags: email password recovery, pop3 emulator, pop3 password
There is an active attack occuring on a number of popular social networking sites, such as Facebook, MySpace, Friendster and others. Victims receive an invitation to view a video with a link attached to it. When they click on the link, a message is displayed which states that they need an update for Adobe Flash [...]
Tags: computer attacks, malicous software, security warning, worm
Most of my clients and the people I meet with are in some way concerned about the security of their computers. The problem that they have is that they aren’t sure what they should do. Lets face it, not many people out there love figuring out what the bad guys are doing and how to [...]
Tags: computer security, network security, protect your computer