Home | Projects | Library | Blog

Archive for May, 2009

l0phtcrack is back

Thursday, May 28th, 2009

This is the best news I’ve heard this week. L0phtcrack, the original Windows password cracker is back. L0phtcrack was original developed by an independent group of hackers known as l0pht. Through a series of mergers and buyouts, it was owned by Symantec, which decided to unceremoniously drop the product as it didn’t fit into Symantec’s line of offerings. Although old versions and cracks could be found on the internet, it’s good to see that the tool is back with new features. You can get it from http://www.l0phtcrack.com.

Tags: ,
Posted in news | Comments Off

error handling

Tuesday, May 19th, 2009

SQL_infoError handling is one of the most often overlooked areas of application security. If you have a public-facing application, you don’t want the public to know too much about how the application works, even if you’re convinced they should never see errors. Case in point is demonstrated in the image presented here. I was just surfing the web, reading about one of my other innocuous hobbies (in this case baseball) when I came across the following page. As a user, I shouldn’t be able to see any of that. As an attacker, I just found a goldmine if information which I can use to try and exploit the site.

Tags: , ,
Posted in application security | Comments Off

  
Pi is exactly 3!