LET'S GEEK

The fundamental problem with screenshots as evidence lies in their reliability. Questions about reliability arises both because the process of creating screenshots is governed by the user and the user being able to alter the image post production. As a consequence, all methods in which the user has control of the process are afflicted by the fundamental problem.

Read more »

Just now I received an e-mail from GOMTV.net confirming that the site has been hacked and information has been compromised.

We regretfully inform you that approximately at 2 AM KST yesterday, there has been an attack against our web site, GOMTV.net.

We have found that some of the user information from GOMTV.net has been compromised from the attack. We suspect that the following information might have been exposed: name, location (country), e-mail address, GOMTV.net nickname and password.

Now, I normally dont get all excited when hearing about these kinds of information leaks. They happen. However, in this case GOMTV.net actually stored the passwords in paintext. Really, GomTV?

No amount of funny characters and randomness in your password will save you from an hacking attempt. Nor will you have a few days before they have bruteforced the password hashes.

Working in a team when making vulnerability assessments really stresses the need for communication. You need to keep yourself updated with your colleagues progress, thoughts and, most importantly, results.

While looking for a way to effectively coordinate the work between my colleagues and me, I stumbled upon a tool called Dradis. It is an open source framework which aims to share security information in an effective and simple way.

The idea behind Dradis is to have a flexible platform which is customized and made useful by adding extensions. It’s an interesting concept and it fills a space that has long been empty.

It is currently in development and it has a lot of work in front of it but I would still like to pitch in the idea of trying it.

Check it out at dradisframework.org