What are cryptographic attacks?
25.08.08  |  SecurityTeam

Cryptographic attacks are methods of evading the security of a cryptographic system by finding weaknesses in such areas as the code, cipher, cryptographic protocol or key management scheme in the cryptographic algorithm. The following are the cryptographic attacks usually performed by an attacker:
* Known plaintext attack: In a known plaintext attack, [...]

How does the form-based authentication scheme work?
19.08.08  |  SecurityTeam

The form-based authentication scheme works in the following manner:
* A client generates a request for a protected resource (e.g. a transaction details page). * The Internet Information Server (IIS) receives the request. If the requesting client is authenticated by IIS, the user/client is passed on to the Web [...]

IP spoofing
13.08.08  |  Hacking

IP spoofing is about the most advanced attack that can be executed on a computer system. IP spoofing, if done correctly, is one of the smoothest and hardest attacks on the internet. But IP spoofing attacks are actually very complicated.
IP spoofing happens when an attacker tricks or bluffs the target system into believing that data [...]

XSS Stealing Cookies
13.08.08  |  Hacking

This method (XSS attacks) is for get the cookies users, so, for get information of users… and then, login into the account of the victim user…u will have to give one adress to the admin or the user u want to enter in his account…
What is cooke?
In computing, a cookie (also tracking cookie, browser cookie, [...]

How does a cross site scripting (XSS) attack work?
11.08.08  |  SecurityTeam

A cross site scripting attack works in the following manner:
* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring. * The attacker crafts a special URL that includes a malformed and malicious [...]

Misconfigured security features or Incorrect use of security
11.08.08  |  SecurityTeam

Session cookie is not randomized enoughNumerous applications use a session cookie to maintain the state of a logged in user. The use of authentication to validate the user that has logged in is very common and most testers would focus on that aspect of the security. But a malicious user will look towards the session [...]

FEMA Phones Get Hacked
08.08.08  |  Hacking, News, SecurityTeam

If you are going to hack a phone system, do you really want to hack the Department of Homeland Security?

That’s what happened this weekend when someone made hundreds of illegal calls from a FEMA PBX to theMiddle East and Asia.
It appears that it was the usual culprits of poor change control and misconfigurations left [...]