I spent some time today and fixed some seriously messed up regular expressions in Reconnoiter. Basically, Google made a bunch of changes to their search results and added AJAX all over the place. To deal with this, I changed the submitted user agent to Lynx and then updated the regex accordingly. Changes with regex were [...]
Tags: recon, Reconnoiter, username generation, web penetration testing, web security
When I first saw this fly by on Twitter (ironic) I thought it was Rsnake joking around. I followed his comment about it over to Vantage Credit Union‘s web site and saw that sure enough, their customers can do limited banking via Twitter. Before I go further, let me state this openly. I like and [...]
Tags: bad idea, banking online, twitter, web security
I wanted to do some testing on access controls to a SQL server recently, but I needed to a decent password list and username list. Password lists are fairly straight forward to find and I used an excellent how to from the Pauldotcom Podcast to create my password list. Next I needed a list of [...]
Tags: social networking, username generation, web security
