Blog.HappyPacket.net

Security Notes, News, and Thoughts

Chris Gates New School Information Gathering

Chris Gates presentation from ToorconX has been posted on his blog: http://carnal0wnage.blogspot.com/2008/10/new-school-information-gathering.html . This is a great slide-deck. His presentation covers quite a few things from using Maltego through looking at meta data from published documents to discover user names, userids, and file paths. Much of this stuff is stuff you would never have to touch one of your client/target's website in order to discover.

Fyodor Speaks on Internet DOS Attack

Fyodor has a great writeup on what's going on with the TCP Resource Exhaustion DOS attack. You can read about it here: http://insecure.org/stf/tcp-dos-attack-explained.html . This makes sense based on what has been talked about. This seems to be a problem that has been around for a while, but as there has been confirmation that these packets can't be forged, this attack becomes blockable.