Category Archives: News

NotSoSecure joins the Claranet Group

The acquisition puts the NotSoSecure business in a position of significantly greater strength, with a broader portfolio of services now available to our customers. NotSoSecure has been acquired by Claranet, one of Europe‚Äôs leading managed IT services providers, to add our ethical hacking training and penetration testing services to its… Read More

Troopers 09

I attended troopers 09 in munich and it was a wonderful event. There were some very interesting talks. With regards to web application security, Sandro Gauci & Wendel Guglielmetti Henrique gave a talk on Web Application Firewalls. They also demoed a tool which could passively fingerprint around 10 different WAF.… Read More

Bsqlbf v2.2

I finally managed to fix a few bugs and release a new version. Other than the bug fixing, the new version also supports blind sql injection in “order by”, “group by” clause. There are currently a few issues with threaded perl. I have tested this under windows using activeperl. As… Read More

WordPress Unauthorized Comment Disclosure

By Enumerating, the name and email address of a comment author, an attacker can read the comment submitted by the author while the comment still waits an administrator to approve it and publish it. This again points to the need for a better session management in WordPress. Read the full… Read More

WordPress 2.1.2 xmlrpc Security Issues

WordPress 2.1.2 xmlrpc Multiple Vulnerabilities: Affected Versions: These issues were reported in version 2.1.2,(current stable version) and its very likely that previous versions may also be vulnerable. 1. Privilidge Escalation: Under normal circumstances (through web interface) a user in contributor role only has access to following functions: a. read b.… Read More