Firesheep Makes wifi Hacking Facebook, Twitter, Google, Flickr a Breeze

Firesheep Quickstart – windows xp: Click here to download firesheep-0.1-1.xpi straight from github.. Install latest version of winpcap Update your Firefox to at least 3.6.12 FAQ

Q: How do i fix Couldn’t open device x: Error opening adapter: the system cannot find the device specified?

A: Select a different interface and restart firefox (see screenshot . . . → Read More: Firesheep Makes wifi Hacking Facebook, Twitter, Google, Flickr a Breeze

News: MS Patch Submission Response Spurs Anti Collective

From http://www.theregister.co.uk/2010/07/06/ms_spurned_research_collective/

Updated Security researchers irked by how Microsoft responded to Google engineer Tavis Ormany’s public disclosure of a zero-day Windows XP Help Center security bug have banded together to form a group called the Microsoft Spurned Researcher Collective*.

The group is forming a “union” in the belief that together they will be better placed . . . → Read More: News: MS Patch Submission Response Spurs Anti Collective

HowTO: Fix Vulnerability “SSLv2 Enabled”

Add the following lines to your httpd.conf:

SSLProtocol ALL -SSLv2 SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL

To Test the Fix (replace 127.0.0.1 with whatever ip you need to test on):

openssl s_client -port 443 -host “127.0.0.1″ -ssl2

Tools: Fport Process to Port Mapper

Fport is a very handy tool to determine which ports are mapped to which process.

You can download it here

From Foundstone (creators of tool):

“fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the ‘netstat -an’ command, but it . . . → Read More: Tools: Fport Process to Port Mapper

Howto: Web Application Exploits and Defenses

Want to learn how to hack a website?

This tutorial -> http://jarlsberg.appspot.com/#0__hackers explains how to attack and defend against:

Cross-Site Scripting (XSS) Client-State Manipulation Cross-Site Request Forgery (XSRF) Cross Site Script Inclusion (XSSI) Denial of Service Code Execution Configuration Vulnerabilities AJAX vulnerabilities Other Vulnerabilities (Buffer Overflow, Integer Overflow. SQL Injection)