Blog Posts Tagged with "Brute Force"


Exposed Terminal Services Remains High Frequency Threat

September 03, 2012 Added by:Brent Huston

An organization who is using exposed Terminal Services for remote access or management/support, may be experiencing upwards of 48 attacks per day against their exposed remote access tool.

Comments  (1)


LinkedIn: Vulnerability in the Authentication Process

May 22, 2012 Added by:Plagiarist Paganini

This attack is possible due to an error in validating of the security token (CSRF token) that allows an unlimited number of requests using the same token for different users. The only mechanism against the attack is a CAPTCHA challenge-response test after dozens of attempts...

Comments  (1)


Guessable Passwords: The Unpatchable Exploit

May 20, 2012 Added by:f8lerror

During penetration assessments the tester attempts to compromise systems. Many users take short cuts with passwords, this is because they feel they are not a target, not important, or their access doesn’t matter. Penetration testers know this and so do the attackers...

Comments  (0)


ICS-CERT: Koyo Ecom100 Multiple Vulnerabilities

April 16, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of multiple vulnerabilities with proof-of-concept exploit code affecting the Koyo ECOM100 Ethernet Module. A brute force password cracking tool has been released that targets a weak authentication vulnerability in the ECOM series modules...

Comments  (0)


ICS-CERT: Siemens Scalence S Multiple Vulnerabilities

April 12, 2012 Added by:Infosec Island Admin

Siemens has reported two security vulnerabilities in the Scalance S Security Module firewall - a brute-force credential guessing vulnerability in the web configuration and a stack-based buffer overflow vulnerability in the Profinet DCP protocol stack...

Comments  (0)


Assessment of Visual Voicemail Security

March 19, 2012 Added by:Enno Rey

After activation of the VVM feature, the configuration file is stored containing the username, protocol, state of the account and the server IP. Having the username and server IP an attacker can run brute force attacks against the email server which is exposed to the Internet...

Comments  (6)


ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)


ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)


Wireless Security Tool Update: New EAPScan Features Check for WPS

January 12, 2012 Added by:Spencer McIntyre

Recently, WPS has been given a lot of attention due to research by Stefan Viehböck that exposed a vulnerability that allowed the PIN of WPS enabled devices to be brute-forced in an efficient manner.This is a major concern because it can ultimately expose the WPA passphrase used to join the network...

Comments  (0)


Top Ten Password Cracking Methods

December 05, 2011 Added by:Headlines

"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."

Comments  (2)


Duqu Servers Included Hacked Linux Systems

December 01, 2011 Added by:Dan Dieterle

Be it brute force password hacking or another Stuxnet 0-Day, Duqu shows that Linux is vulnerable to hackers. With a growing install base, supplanting Windows in many facilities, expect it to become even more of a target...

Comments  (0)


Sony Networks Compromised with Brute-Force Attack

October 12, 2011 Added by:Headlines

Sony Corporation have yet again been breached, compromising 60,000 PlayStation and 33,000 Online Entertainment accounts. The source of the attack is unknown, but reports in indicate that the infiltrators used login credentials from an unnamed third-party to gain access to the systems...

Comments  (0)


Introducing WPScan – A WordPress Security Scanner

June 16, 2011 Added by:Ryan Dewhurst

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses in WordPress installations. Its intended use is for security professionals or WordPress administrators, and the code base is Open Source and licensed under GPLv3...

Comments  (1)


Interesting DNS Stuff - SRV Records

March 26, 2011 Added by:Rob Fuller

The following are good adds to your DNS brute force list. These are all SRV records so make sure your type is set correctly. SRV records tell you the port in the answer. I don't know of any DNS tools that utilize SRV as part of their process, but scripting dig to do so isn't tough...

Comments  (1)


Increase in SSH Brute Force Username Guessing

March 23, 2011 Added by:Ted LeRoy

The crackers are using automated tools that scan for valid ssh logins using a username list. The sites and names that come up can be processed again, checking for weak passwords or brute force vulnerabilities. The tools and method are not new, but the number of attacks seems much higher lately...

Comments  (15)


Brute Forcing Passwords and Word List Resources

February 20, 2011 Added by:Rob Fuller

Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..

Comments  (1)

Page « < 1 - 2 > »