blogs

I just come to know about a new service which supports the blogging by email.you only needs to send a mail containing a blog post and then this service will create a blog for you.No doubt it makes life much simple but then it can be misused easily.consider a case when someone want to spam the site as there are no login required some one can easily sent tons of spam from different ips,emails and the result will be dangerous.  read more »

If your one of those administrators who hardly try to keep their networks clean and prevent the next malware from infecting their systems, this is definitely for you…

Spending thousands of dollars on security solutions to protect the enterprise from the outside alone is an outdated concept. If you want to ask anyone works in the security arena? What are the main sources of malwares today? He’ll probably answer this: e-mail spam, websites, and removable drives.

Continue Reading ...

http://extremesecurity.blogspot.com/2008/06/stop-malwares-using-device-control-real.html

As the title says, use default password on your wireless/wired routers and wait for the new variant of the "Zlob" trojan to infect some machines, then try every default router username/password combinations from www.routerpassword.com. Or even check this text file, search for your current user/pass to make sure they are not in the list. http://blog.washingtonpost.com/securityfix/zlobpass.txt

Zlob (or as known DNSChanger) will modify the DNS settings to use other rogue DNS servers.

Continue reading ...

http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html

i am quite busy these days and not getting time to manage secgeeks from last few months.things are changing now and hopefully i can get some free time to work on secgeeks now :)

Today i come to know about Hex Ray decompiler
i think it only works with the IDA pro and can generate pseudo code from the assembly.i think this what makes RE easier.consider a case of diffing two dlls,i know there is halvar flaks bindiff but that requires you to understand and digg through the assembly code while hex ray makes it easy to genrate the pseudo code and then you can easily determine the changes.  read more »

Dear Users,
update:i have removed tht due to some functionality problem.
I have added the support for voting down the stories which you don't like.I hope it will help to identify what you like and what you don't and then i can take proper actions.

Regards,
SecGeek

you can check the various presentations for BlackHat 2008 here
Personally i will recommend the DTrace and GSM hacking paper.
have fun in reading....

Dear Users,

As many users requested,I have added the support for searching using google on this site.Now you can search on this site for your favorite topics and keywords.

Cheers,
SecGeek

Today while surfing youtube.com a thought comes in mind.Spammers are deriving new ways to spam the users on the internet like audio spam,pdf spam etc. what if they started using video spamming?
Imagine that you visit youtube.com and found a video that has some hot and sexy chicks photos,videos which endorse some viagra or other products.at the last they display a url from where you can purchase them.these URLs are classic old urls which you daily receives in your spam.for once many novice and even experiance users will open that URL?  read more »

Looks like the script support in orkut scraps and profile is causing devasting effects to its users.daily there are new worms coming up which scraps everyones scrap book and send some stupid message.this messages are either contains some pornographic image or some trick to view others locked profile.  read more »

This is not related to security but i thought it would be nice to share with my readers.check out the story bellow(from http://consumerist.com):-  read more »

recently i was reading the shellcoder's handbook.its a nice book which contains the indepth chapters for buffer overflow,shell code,format string and other stuff.if you are starting to write your own exploits then this book is a must read.check it out.

I was reading about heap sprying techniques and i found one good presenatation which explains everything.it from determina and presented at blackhat.
you can download it's PDF here

I just received this from a friend of mine.here is the description:-
"Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as via iframes but I'm sure it protects you from casual attackers."

you can get it here:-
Click Here to Download

image courtesy of http://eatliver.com/i.php?n=2801

Dude Vanwinkle was a nice friend of mine and i enjoyed reading his posts over funsec list.I was shocked to know that he is no more with us.
i never met him personally but i had frequent chats with him over IM.He is very knowledgeable and helpful person and i enjoyed talking to him.i will surely miss him :(
"he who shall be missed, rest in peace."
RIP Dude Vanwinkle.

-SecGeek

There has been a under sea cable cut in egypt due to which asian people are having lots of problem getting internet.they are having slow download speed,sites are loading very slow.its affecting the work of many organization and people.
officials says it will be fixed in 2 weeks but that too much time :-p
http://www.telegraph.co.uk/connected/main.jhtml?xml=/connected/2008/01/31/dlblackout131.xml

Hi All,

In our effort to offer several benefits to our advertisers, we would like to offer a Free Pass for BlackHat 2008 Amsterdam Briefings if you advertise on secgeeks.com
Please let us know if you are interested in Advertising on this site.For the available advt. options please check this

Cheers,
SecGeek

Hi All,

We have created two widgets for SecGeeks by which you can access secgeek.com from anywhere from your mobile or from your PC or Laptop.If you want to get it on Mobile then simply use the widget bellow:-

if you want to use it on your Site/Blog/Forums/Etc. then use the widget bellow:-  read more »