Membership, Roles and Tasks – Why don't people use membership provider

29 בדצמבר 2006

Membership, Roles and Tasks It is common knowledge that passwords should not be kept in a database. Too many Databases had been stolen and with them many usernames and passwords. In some countries it is against the low to save passwords in a database. Still a huge percentage of Identity systems still store passwords.  Why ?Well, Some people just do not know that passwords should not be kept persistent.Some are just lazy, They do not have the time to implement a system that creates a good random number (Salt) and hashes the salt concatenated to the password etc. It uses this...
6 comments

Security Testing tools & links

5 בדצמבר 2006

Security Testing tools & links http://www.OWASP.org http://www.Webappsec.org Discovery: SamSpade : http://www.samspade.org/ Manual Testing: WebScrab : http://www.owasp.org/software/webscrab.html Fiddler: http://www.fiddlertool.com/Fiddler/ Paros: http://parosproxy.org/download.shtml Crackers: ObiWaN:  http://www.phenoelit.de/obiwan/ Brutus: http://www.hoobie.net/brutus/ Crowbar: http://www.sensepost.com/research/crowbar/ Lcrack: http://www.nestonline.com/lcrack MD5 Online Crackers: http://gdataonline.com/seekhash.php                    Rainbow : http://www.antsight.com/zsl/rainbowcrack/                                    http://www.rainbowcrack-online.com/ Buffer Overflow: NTOMax: http://www.foundstone.com/resources/proddesc/ntomax.htm Scanners: E-Or: (support input from paros) http://www.sensepost.com/research/eor/ Suru:  http://www.sensepost.com/research/suru/ Wikto: http://sensepost.com/research/wikto/ WebServices WSChess:  http://net-square.com/wschess/index.html WSDigger: http://foundstone.com/resources/freetooldownload.htm?file=wsdigger.zip     Known Vulnerabilities List: http://www.guninski.com http://www.milw0rm.com http://www.securityfocus.com http://www.hackerscenter.com http://www.eeye.com/html/research/advisories/index.html http://www.osvdb.org http://cve.mitre.org http://nvd.nist.gov http://www.metasploit.com http://www.xfocus.org                
3 comments

Buffer Overflow / Overrun examples

4 בדצמבר 2006

Buffer Overflow / Overrun examples Everybody knows the buffer overrun problem but many people asked me to see a real life example. So I bring here 5 examples of different kinds of buffer overrun. By the way these example do not work on vista as vista protects the stack. So Vista is a secure environment … Enjoy. Manu Classic Buffer Overrun Example. The classic problem: a buffer is copied in to a bigger buffer and override the stack and with it the return address. 1.      Compile the code 2.      Run the code using a perl script. The code: /* Example of how a stack-based buffer overrun can be used to execute...
no comments