New Features in Nmap

In Fyodor’s talk at Blackhat he talked about the research he’s been doing, and the ways that research has helped him to improve Nmap with lot many enhancements. Let's have a look at the most interesting one.Abstract:One of Fyodor’s main focuses was improving Nmap’s speed through improvedefficiency. One of the best ways to do this is to allow for scans of fewerports, but this requires that you choose those ports carefully so as to miss aslittle as possible

Force Gmail to Always Use Secure Connection

On 24th July 2008, Google rolled out an option which you can use to force your communication with Gmail server over secure channel (read HTTPS).If you go to the Settings and select "always use https", Gmail will automatically redirect to the secure version. Until now, you had to manually type https://mail.google.com/ in the address bar or bookmark the address.As per Google"If you sign in to Gmail via a non-secure Internet connection, like a publicwireless

Watch who is accessing your Gmail account

New feature from google allows you to monitor and control login activity. Now you can see from where all you (or someone else) logged in and which IPs are online at this moment You migh have accessed gmail from a cybercafe or a public internet terminal and forgot to log out. Now you can do a remote logout also.“With this information, I can quickly verify that all the Gmail activity was indeed mine,” a Gmail developer at the official Gmail blog writes.UPDAT

Phishing using Google Calendar

Few days ago an interesting attempt to phish for Google account credentials made it to my friend's inbox. As you may know, phishing emails are sent out by abusers to make the recipient in some way reply with their password or click through to enter their password, but the more official looking they are, the more easily they’re believed. This particular mail, shown in the screenshot, had the following attributes:It was sent by “customer care”. OK, could be

CSRF attack, Gmail and Adsense Hacked. How to be safe??

We all noticed a lot of noise on the CSRF attack recently unearthed in Gmail which is really dangerous & can cause harm to many other websites also. [1] [2]So the question arises, What to do to be SAFE?Here are few alternatives, select one as per your convenience.1) POP your mails: I'll again emphasis on POPing the mail over SSL, this way you are not logging on the webmail so you are safe from such attacks, moreover you are on a complete encrypted cha

Responsible Vulnerability Disclosure Policy

[The Policy I follow]This policy outlines how I try to handle responsible disclosure of a vulnerabilityto the product vendors, security vendors and the general public. Step 1: Vulnerability detectedStep 2: Inform the vendor of the product or the servce formally through email to following mail accounts/aliasessecurity@VENDOR,support@VENDOR,info@VENDOR,secure@VENDOR,admin@VENDOR,sysadmin@VENDORStep 3: Wait for vendor's acknowledgement for 5 working daysStep

steganography, the easy way… No steganography software required

Yes you read it right - No steganography softwareSo here is a quick howto on doing image steganography with common tools, no specialized software.1: Compress the file you want to secure( I tried both rar & zip), say secure.zip2: Take the image file which you want to use, say image.jpg3: run the following command copy /b image.jpg + secure.zip hidden.jpg4: Double click hidden.jpg & you'll see the original image5: Open the file in archiving utility (I tried

Software piracy through belarc

I just got my office scanned for software inventory using a tool called belarc advisor.While going through reports I wondered how easy it can be for anyone to get license key of any software using belark report & googleJust try this search & you'll get to know by yourselfhttp://www.google.com/search?hl=en&q=intitle%3A%E2%80%9DBelarc+Advisor+Current+Profile%E2%80%9DScary, very scary...