Security Hero Rotating Header Image


out of box scanner

Re: out of box scanner

Posted by Nathan Grandbois on Dec 04

John Bennett wrote:


You might want to take a look at the WASC list here:

The thread is still under discussion on the webappsec mailing list.



insecure elements in https protected pages

insecure elements in https protected pages

Posted by Mohammad Hosein on Oct 18

in a certain web application e.g gmail there are times the whole

communication is secured by ssl and sometimes "there are insecure elements"

that raise questions . i’m not a web professional . how to find these

insecure elements ? and how to evaluate if these elements are the results of

a successful man in the middle attack or not ?



3339 (email_and_web_security_appliance)

CVE-2009-3339 (email_and_web_security_appliance)

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.


computer crime statistics

RE: computer crime statistics

Envelope-to: email@address
Delivery-date: Mon, 27 Jul 2009 22:22:29 +0100
Received: from ([]
by with esmtp (Exim 4.43)
id 1MVXeP-0004ru-8D
for email@address; Mon, 27 Jul 2009 22:22:29 +0100
Received: from ( [])
by (Postfix) with QMQP
id 7CBE42371F8; Mon, 27 Jul 2009 15:19:13 -0600 (MDT)
Mailing-List: contact <a
href=””>; run by ezmlm
Precedence: bulk
List-Id: &lt;;
List-Post: &lt;;
List-Help: &lt;;
List-Unsubscribe: &lt;;
List-Subscribe: &lt;;
Delivered-To: mailing list <a
Delivered-To: moderator for <a
Received: (qmail 10596 invoked from network); 27 Jul 2009 21:15:21 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: computer crime statistics
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 27 Jul 2009 15:15:13 -0600
Content-Type: multipart/signed;
Message-ID: &lt;;
In-Reply-To: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
X-MS-Has-Attach: yes
Thread-Topic: computer crime statistics
Thread-Index: AcoN+oX+xKj011IHRImdAYPfW8fNdQAADRdwAEEC6NA=
References: &lt;001a01ca0dfa$d7dde8b0$8799ba10$@com&gt;
From: &quot;McDonnell, Michael&quot; &lt;;
To: &quot;Choon Ming&quot; &lt;;,
X-IMAPbase: 1176125385 9714
Status: O
X-UID: 9714
Content-Length: 5925

SQLi Vulnerability Scanners

Re: SQLi Vulnerability Scanners

Posted by Taras on Jul 26

On Fri, 17 Jul 2009 13:17:10 -0300

Ulises2k <> wrote:

> Try this:




W3AF has also perfect console UI and furthermore it has SQLmap integration.


n3td3v honored at blackhat 2009 USA – best security intrusion specialist

n3td3v honored at blackhat 2009 USA – best security intrusion specialist

Posted by on Jul 26


Thank you for all your help with the antisec movement.

We hope your grant with the intelligence community goes well!

This is Alex Jones, from Infowars,

Over and out.


antisec and n3td3v responsible for Matasano hacking

Breaking: antisec and n3td3v responsible for Matasano hacking

Posted by on Jul 25

GREAT BRITAIN – n3td3v/antisec is proud to announce official

partnership with antisec ("the scene")

In England, we care about intelligence. There is no better way to

do intelligence then to compromise computers. We are clearly

superior at security.

We eat up the competition….


IXXO Cart! Standalone and Joomla Component SQL Injection

Re: IXXO Cart! Standalone and Joomla Component SQL Injection

Posted by YEHG Group on Jul 26

Thanks, I’ll update the database of

On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<> wrote:

> Original advisory at:

> …


AntiSec is DEAD

Re: AntiSec is DEAD

Posted by on Jul 25

You are an idiot.

anti-sec never threatened to show any 0day, it is against the point

you moron.. unless you believe anyone that signs his email with


We are still online, we are still auditing and hacking your code on

a daily basis, you just won’t know about it anymore until you…


Adobe Reader / Acrobat and Flash Remote Code Execution

Adobe Reader / Acrobat and Flash Remote Code Execution


Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in multiple Adobe products through SWF.


Remote Code Execution.

Affected Software:

  • Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
  • Adobe Flash Player and and earlier 9.x and 10.x versions


  • The FortiGuard Global Security Research Team released a signature “Adobe.Products.SWF.Remote.Code.Execution”, which covers this specific vulnerability.
  • Apply the suggested workaround from Adobe

The FortiGuard Global Security Research Team continues to monitor attacks against this vulnerability.

Fortinet customers who subscribe to Fortinet¡¦s intrusion prevention (IPS) service should be protected against this remote code execution vulnerability. Fortinet¡¦s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat’s lifecycle.



Major spam campaign abusing Yahoo Groups

Major spam campaign abusing Yahoo Groups

About one million spam emails per hour are being sent to Yahoo Groups and other free web services, including Google Groups and LiveJournal, containing bogus pharmaceutical advertising content.


Troll exploit of mailing lists and newsgroups

Re: [Mailing list Vulnerability] Troll exploit of mailing lists and newsgroups

Posted by Stephen Menard on Jul 22

Your Clock’s off

DOH! time for a beer

Received: from (localhost [])

        by (Postfix) with ESMTP id CB44E1CB;

        Wed, 22 Jul 2009 15:45:17 +0100 (BST)


Oral arguments in FISA Amendments Act lawsuit

Oral arguments in FISA Amendments Act lawsuit

The American Civil Liberties Union was in court today for oral arguments in its landmark challenge to the unconstitutional FISA Amendments Act (FAA), which gives the government virtually unchecked power to intercept Americans’ international e-mails and telephone calls. The ACLU filed a lawsuit to stop the government from spying under …



Re: – hacked by anti-sec

Posted by Kema Druma on Jul 21

OMG, WTF is this.

ANTI-SEC has successfully pwnd a useless website using lulzy sql

injection from

u assholes, get a name like "SHITHOLE" and post ur shit somewhere else

and stop polluting anti-sec and the anti-sec movement and

security mailing list FFS.





PDF/Exploit.Pidief.ONG, VBS/TrojanDownloader.Small.L (6), Win32/Adware.BHO.GBP (2), Win32/Adware.BHO.NCG (2), Win32/Adware.GooochiBiz (4), Win32/Adware.WSearch, Win32/Agent.NXT (2), Win32/AutoRun.Agent.NP, Win32/AutoRun.Delf.BY, Win32/Delf.PFS, Win32/FlyStudio.NML, Win32/FlyStudio.NMM (5), Win32/Hupigon, Win32/Hupigon.NPE, Win32/KillAV.NDV (2), Win32/Koutodoor.AF (3), Win32/Koutodoor.G, Win32/Peerfrag.AG, Win32/Poison.NBC (2), Win32/PSW.Agent.NLP (2), Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NMY (3), Win32/PSW.OnLineGames.NNM, Win32/PSW.OnLineGames.NSU (2), Win32/PSW.OnLineGames.OKE, Win32/PSW.WOW.DZI, Win32/PSWTool.MailPassView.151 (4), Win32/Rootkit.Agent.NLY, Win32/Rustock.NIH, Win32/Rustock.NIK (3), Win32/Spy.Banker.AFFJ, Win32/Spy.Banker.QLG (4), Win32/TrojanDownloader.Bredolab.AA (2), Win32/TrojanDownloader.FakeAlert.AAX, Win32/TrojanDownloader.FakeAlert.ABV, Win32/TrojanDownloader.FakeAlert.ACU, Win32/TrojanDownloader.FakeAlert.ACV (2), Win32/TrojanDownloader.Zlob.CZJ, Win32/TrojanDropperDelf.NNM (2), Win32/TrojanDropper.VB.NHZ (2), Win32/Wigon.KU (2), Win32/Wigon.KY