The Natwest Phishing attack

Since I moved to UK, the number of phishing emails cluttering my inbox have dramatically increased. Some of them are pretty obvious to look and laugh upon, but this one was pretty interesting. The email looked like below. The interesting thing is that i WAS having problems signing in to my account since a couple [...]

Tor Controller

Vidalia is a cross-platform controller for Tor (The Onion Router) for network anonymity, built using the Qt toolkit. It allows the user to start, stop, and view the status of Tor, monitor bandwidth usage, view, filter, and search log messages, and configure some aspects of Tor. The most feature of Vidalia is its Tor network [...]

A talk on Open Source on Software Freedom Day

The world celebrated the Software Freedom Day on 15th September 2007. We had some 100+ countries and more than 300 groups covering the free software world in different form of activities, presentations and events. The webmasters of FAST-NU Karachi also organized an event and talk series on the day and I felt really honored and [...]

Network Traffic Visualization

Rumint is a network and security visualization tool. It allows you to load packet capture files as well as perform live packet capture and visualize the results using a variety of visualization techniques. You can then filter the dataset and play back the data using a PVR interface. Version 1.92 adds the ability to directly [...]

Defeating anonymity by monitoring clock skew ?

A Cambridge University researcher Steven J Murdoch has a devised a novel attack on online anonymity systems in which he literally takes a computer’s temperature over the internet. The attack uses a phenomenon called “clock skew” the tendency for the precise clocks in modern computers to drift off of the correct time at slightly different [...]

Top 10 Web Hacks of 2006

RSnake, Robert Auger, and Jeremiah of WhiteHatSecurity collected a list of the new 2006 web hacks. The term “hacks” loosely describe some of the more creative, useful, and interesting techniques/discoveries/compromises. Top 10 1. Web Browser Intranet Hacking / Port Scanning – (with JavaScript and with HTML-only and the improved model) 2. Internet Explorer 7 “mhtml:” [...]

Torrified

Some time ago i wrote about internet privacy and some steps to hide your online presence. I have been an aggressive user of Tor lately running a Tor server myself. Lately i was asked by quite a many (not so technical people) to have an instance of Tor running on there systems (whatever purpose they [...]

Merging .NET DLLs with one another

Microsoft just released a utility (ILMerge) merge multiple .NET assemblies into a single assembly. ILMerge takes a set of input assemblies and merges them into one target assembly. The first assembly in the list of input assemblies is the primary assembly. When the primary assembly is an executable, then the target assembly is created as [...]

Runtime Unmanaged Code Analysis for Software and Security Testing (Part I)

One of the biggest challenges faced by programmers, architects, testers, and security consultants is to understand the consequences of their applications when deployed into production. Even with access to source code, it is difficult to understand everything that will occur during execution due to a variety of dependencies (for example. Different OS platforms, multiple patch [...]

file hunting with Google

Im my last weeks blog i mentioned about google indexing binary files and some tricks for searching malware. Playing around with different queries on google i realized how large the count is for open directory browsing enabled servers. By default on apache based servers if the Option directive in directory tag is not set to [...]