Last 0day security news

 

Tue, 05 April 2011: Certification

I am now study for a security certification, that's why I am not updating the site as much as I would like.
The 0DaySecurity Tool will be disabled for an undefined time until I clear some legal issues about it.

 

Mon, 06 Dic 2010: Tool again Online!

The 0DS Web Security Tool is again online and will be updated soon.

 

Sat, 30 Oct 2010: Tool Offline

The tool will be offline for a while since I am moving to another city. Sorry for the inconvenience.

 

Tue, 28 Sep 2010: Booting from a USB stick the ISO Backtrack4.1

In this article I will show you how to make a USB booteable with our preferred Live CD Distribution - Backtrack4.1.
Read it here

 

Wed, 07 Jul 2010: Backdoor on Pam module pam_unix.so

In this article I will show you how to modify the PAM module pam_unix.so to let us log on a system (Via SSH per example) using a master password, which can be used with every login on the box.
Read it here

 

Mon, 05 Jul 2010: Testing firewall rules with Hping3 - examples

A serie of examples of usage of the famous tool Hping3. Diverse Scan types and Dos attacks
Check it here

 

Tue, 04 May 2010: Video - HITB Malaysia 2009-Ed Skoudis - The Bad Guys Are Winning.So Now What

The first of the videos of the HITB 2009 Conference in Malaysia. I really liked it.
Download

 

Tue, 07 Apr 2010: Creating a warning banner at Windows logon

A warning banner at Windows logon (or another system's logon) is very important since they limit a user's ability for legal recourse because they are warned upon accessing the SO.
Read it here.

 

Tue, 23 Mar 2010: Articles section

Added an Article(Howto) about showing the loaded modules in Apache
You can read it here.

 

Mon, 22 Mar 2010: Articles section

Created new section just to post some little howto's about interesting topics.
The first topic is: Send SMS with AT Commands

 

Mon, 22 Feb 2010: Tool Update

The complete DB was updated. When you see the symbol (*) on a DNS, it means that this DNS is vulnerable to DNS Snooping.
Which means, that you could do a zonetransfer for that domain and see wich other subdomains it contains.

 

Mon, 8 Feb 2010: Tool Update

Now the tool tell you if the domains's DNS server allows a zone transfer (DNS snooping).
The database will be updated this week. Take a look.

 

Fri, 8 Jan 2010: Tool ONLINE

The security tool is again available to you.

 

Mon, 4 Jan 2010: Tool Offline

The tool isn´t working. I will try to repair it in the next days.

 

Sun, 13 Dec 2009: Methodology updated

The Penetration test Methodology has been updated.
Take a look.

 

Mon, 16 Nov 2009: Security Tool Updated

Some CMS Systems have been added

Hijacked accounts in Twitter because a vuln in SSL

A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer protocol.

The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. When the flaw surfaced last week, many researchers dismissed it as an esoteric curiosity with little practical effect.

For one thing, the critics said, the protocol bug was hard to exploit. And for another, they said, even when it could be targeted, it achieved extremely limited results. The skepticism was understandable: While attackers could inject a small amount of text at the beginning of an authenticated SSL session, they were unable to read encrypted data that flowed between the two parties

Mon, 09 Nov 2009: Tool Updated

The tool is being updated to check out for more CMS Systems.

 

Sat, 17 Oct 2009: New module added to the Security Tool

The new module will be to identify Web Applications running on the target server.
Right now it's in Beta testing and just return if the target is running Typo3 as CMS
Check it out HERE

 

12 October 2009: Tool

The tool was updated.
Now it returns the webserver header of the target.
Check it out HERE

 

4 October 2009: Tool

The tool now returns the Nameservers of the target domain.
Let's try the new functions ;).

 

17 September 2009: Tool

The Security Tool has been updated, but i will stay working on it until it gives proper information.
Hope you can try it with your favourite domain to see (for a while) which domains are shared with yours.

 

11, 12 September 2009: Validators

Updated and checked with W3C validators

 

10 September 2009: Ajax

The tool got updated with Ajax.
Please check it out and comment me all you wanted to see there.
Be g00d!

 

09 September 2009: Design

Just little changes in the design of the website.

 

08 September 2009: Google AdSense

0daysecurity.com just got supported by Google AdSense Program.
I thank them to help this noble cause ;)
Be g00d!

 

07 September 2009: Added more info in Penetration Test Section

I have got some new info from Internet about Penetration testings.
I will organize it and add new more info in the next days.

 

06 September 2009: New 0daysecurity.com design

After all the time i have been holding this web, i have decided to change the design.
This is going to be the first step in this Website's history.
I will change everyday something in order to do it better. I hope you like it.

Valid XHTML 1.0 Transitional ˇCSS Valid!