Collaborate Disseminate
The FTC has just settled a case with Vizio, saying that the company has been quietly capturing pixels from their smart TVs, matching those pixels to databases of content, and selling that information (and corresponding IP add… Continue reading Block outgoing network traffic from "Smart" TV
I’m setting up test machine for my engineer work, to check GSM security and SMS interception.
I already have an N210 and read a lot of documentation. There are some questions I have but can’t find on internet:
Kraken works… Continue reading Airprobe and kraken related questions
SQL injection attacks work by the attacker putting valid SQL into the text that goes back from the page to the server; something like Delete * from tblAccounts where 1=1.
What I cannot understand is why this cannot be defeated by giving th… Continue reading SQL Injection Attack – Why not just adjust permissions?
I am aware of DCHP tables, and apps that can scan your network to see who is “currently” on your wifi network, but I am more interested in how to tell if someone has been on my wifi network at some point in the “past”. Or if… Continue reading How can I find out if someone has been on my home wifi network?
While browsing PasteBin today, I noticed a new Paste that outlined approaches to compromising TrueCrypt protected data, as well as full Keys, Encryption Schemes, Plain-text Files, and Volume Names (and metadata). It was terr… Continue reading Mitigating TrueCrypt Attack Vectors in Memory and System Cache
I know the real answer to the auditor.
We are a smaller company under 40 total employees that is also PCI level 1 compliant. We’ve always used ssh keys on internal servers. You can’t ssh in from the outside and have 2 factor… Continue reading PCI DSS 2.0 and ssh keys
Since using www.dnsleaktest.com I have found that any VPN service using Open VPN will leak my DNS through the tunnel.
I have tried and tested several VPN providers, even those who say that they have a solution to the DNS lea… Continue reading Open VPN has DNS leak
Suppose I am doing a penetration test on a network that has a firewall that blocks all ports except 80, 110, and 443. I want to use a metasploit reverse-TCP backdoor executable written in msfpayload to initiate a connection w… Continue reading can a backdoor executable be used on an occupied port?
I have a bunch of Linux machines that I wish to administer over the Internet. I currently use SSH keys, but have been advised to use 2-factor authentication. SSH Keys are something you know. Is an IP address something you have? (Yes, IP ca… Continue reading Can IP address be a component of 2-factor authentication?