Tuesday, June 27, 2006
Firefox annoyance 3
When pen testing web applications I use an interception proxy, however when I use Firefox as the client I get all these annoying requests for favicon.ico in the logs. To stop Firefox requesting the favicon.ico for every page, type about:config into the URL, scroll down and change the following entries to false
browser.chrome.site_icons
browser.chrome.favicons
If the entries don't exist, create them as new Boolean entries.
browser.chrome.site_icons
browser.chrome.favicons
If the entries don't exist, create them as new Boolean entries.
Multi-tabbed SSH client for Windows
And its free! Poderosa is a nice multi-tabbed SSH client for Windows. It isn't perfect - don't mess with the default settings too much and it works fine. Much prefer it to Putty.
I did have to slightly modify my sshd_config file under Gentoo to get it to work. Worked out of the box for other Linux versions though.
I did have to slightly modify my sshd_config file under Gentoo to get it to work. Worked out of the box for other Linux versions though.
PGP use a crime?
I stumbled on this story recently about a child abuse case. The guy was probably guilty etc etc BUT the court ruled that "evidence of appellant’s internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state’s case against him"
Nothing was found on the guys computer except an encryption program.
Nothing was found on the guys computer except an encryption program.
Google everywhere
Google has released a few nice application of late, under "beta" as always.
I have been using Browser Sync to keep my bookmarks synchronised across multiple machines. You have the option of synchronising cookies, passwords and history as well, but do so at your own peril. Do you really want your history of job hunting searches showing up on your work PC (or worse pr0n)? Will make computer forensics interesting.... the digital "evidence" will be on your PC. But I digress... Browser Sync rocks.
Google Notepad is also awesome, set up multiple online notepads that you can access from anywhere, plus there is a nice add-in for Firefox which lets you right click on text on a web page and add the text and the location to your notepad. Great research tool.
And for the Microsoft killer - Google spreadsheets. Full functioning spreadsheet in a browser, access data from anywhere and export to csv or xls files.
I find these are great apps as I use 5 computers and 3 OS's on a daily basis. Its nice to have access to these apps regarless of the machine I am on. Although it will have some interesting implications for security, using Google Notepad or Spreadsheets to smuggle data out of a company - i.e. take "note" of corporate intranet data and publish your Google Notepad as public.
I have been using Browser Sync to keep my bookmarks synchronised across multiple machines. You have the option of synchronising cookies, passwords and history as well, but do so at your own peril. Do you really want your history of job hunting searches showing up on your work PC (or worse pr0n)? Will make computer forensics interesting.... the digital "evidence" will be on your PC. But I digress... Browser Sync rocks.
Google Notepad is also awesome, set up multiple online notepads that you can access from anywhere, plus there is a nice add-in for Firefox which lets you right click on text on a web page and add the text and the location to your notepad. Great research tool.
And for the Microsoft killer - Google spreadsheets. Full functioning spreadsheet in a browser, access data from anywhere and export to csv or xls files.
I find these are great apps as I use 5 computers and 3 OS's on a daily basis. Its nice to have access to these apps regarless of the machine I am on. Although it will have some interesting implications for security, using Google Notepad or Spreadsheets to smuggle data out of a company - i.e. take "note" of corporate intranet data and publish your Google Notepad as public.
Monday, June 19, 2006
Free virtual disk encryption
I needed to use folder or disk encryption that used "real" encryption algorithms, found TrueCrypt, a FREE Open Source on the fly encryption program. It can create a virtual encrypted disk or encrypt an entire partition or device.
TrueCrypt supports real encryption - 256 bit AES, 448 bit Blowfish, 3DES and a couple of other algorithms.
Best of all it is available for both Windows and Linux.
TrueCrypt supports real encryption - 256 bit AES, 448 bit Blowfish, 3DES and a couple of other algorithms.
Best of all it is available for both Windows and Linux.
Re-install IE
If you ever need to reinstall Microsoft Internet Explorer in Windows 2000, XP or 2003 - click on Start->Run and paste the following code in
rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\Inf\ie.inf
Make sure you have a copy of your installation media handy.
rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\Inf\ie.inf
Make sure you have a copy of your installation media handy.
Thursday, June 15, 2006
Pentester household overflowing...
with computers, thanks to a donation from a good friend. The count currently stands at 5 laptops, 5 desktops and 10 servers. I am trying to find a legitimate use for the the spare 7 servers - current plan is a OpenMosix password cracking cluster or dedicated Rainbow Table machines. I can see most of them ending up on eBay as Mrs Pentester wants some space back.
