The AC5300 Ultra WiFi router looks “Ultra” and new. Looks interesting right? lots of new specs and capabilities. Now let’s check out security researcher at /dev/TTYS0 So, while Dlink was busy with their marketing campaign and trying to sell more routers with flashy products and images (after a certain engineering effort), the security researcher … Read more
Holy Friday Holy Saturday Christ Has risen – Sunday Lamb and Eggs
Here is a website link that discusses Hydra trying to crack online passwords at websites: http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html The tool can attack (and iterate) through a set amount of dictionary passwords to ssh and ftp server accounts very easily (without any extra configuration) If there are website forms that have usernames and passwords (like WordPress or Joomla … Read more
ISIL is defacing web Sites using WordPress vulnerabilities http://www.ic3.gov/media/2015/150407-1.aspx ic3=Internet Crime Complaint Center recommendation is to update your WordPress website as much as possible when necessary: check the following sites: http://www.securityfocus.com/bid, http://cve.mitre.org/index.html, https://www.us-cert.gov/ for vulnerabilities and update your site as needed. In practicality it means updating your WordPress site as the plugins are updated … Read more
A good tutorial of basic SQL injection (without a tool): http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html Notice the bottom entryuser-id field: ‘ OR 1= 1; /* and in password field: */– As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts. Why is this? because a 1=1 statement … Read more
