pentesting, pci, red team

Heart Bleed SSL Bug

April 8th, 2014 by admin in Browsers, cracking, News

A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs).
Essentially, that means a lot of Internet users are affected. And potentially, passwords, private communications and even credit card information could be available to hackers courtesy of this newly-discovered bug.
A few people have been checking major websites to check if they’re vulnerable

Reveal Saved Browser Passwords without special software

May 22nd, 2012 by admin in Browsers, Password Info

When you type a password into your webbrowsers, they are often hidden behind bullets or asterisks, which is fine when you know the password, but if you can’t remember and it’s being filled in automatically, you have to look in the browser options or use a 3rd party utility to reveal it. We covered a way to use it using a simple javascript back in 2008. Here’s a simple way to reveal the password using built-in functionality of the browser developer tools. We’re going to show you how to do it on Firefox 12 and Internet Explorer 9. This is also tested and working in Google Chrome 18 and Opera 11.

Faceniff – Session Jacker for Android

June 2nd, 2011 by admin in Browsers, Life, Mobile

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.
It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK)
It’s kind of like Firesheep for android. Your phone must be rooted to use this program.
Originally it started off for just Facebook but the author has added support for these other sites: FaceBook,Twitter,Youtube,Amazon,Nasza-Klasa

Copy Opera9 passwords to Beta 10

June 3rd, 2009 by admin in Browsers

For those of you trying out the new beta version of Opera,the all new opera 10 BETA 2 does not detect previous versions of opera and does not offer upgrading from previous versions.If you want all your passwords copied just do this from a command prompt:

copy "%userprofile%\AppData\Roaming\Opera\Opera\profile\wand.dat" “%userprofile%\AppData\Roaming\Opera\Opera 10 Beta\wand.dat”

Enable 1Password in Safari 4 beta

February 25th, 2009 by admin in Apple, Browsers

Apple just released a beta version of Safari 4 with lots of new features. Users of 1Password might notice that it doesn’t work in the new version. To fix this, close Safari and 1Password and edit the following file:


Find the Key named Safari and look for MaxBundleVersion underneath. You will see 5528.1 as the maximum version. Change that to 5528.16, save and quit. Now you can reenable Safari from the 1Password preferences and then start Safari 4 and add the button to the toolbar. Voila!