The Mole v0.3 – Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

• Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
• Command line interface. Different commands trigger different actions.
• Auto-completion for commands, command arguments and database, table and columns names.
• Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
• Exploits SQL Injections through GET/POST/Cookie parameters.
• Developed in python 3.
• Exploits SQL Injections that return binary data.
• Powerful command interpreter to simplify its usage.

Disclaimer: Usage of The Mole for attacking web servers without mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

You can download The Mole v0.3 here:

Windows – themole-0.3-win32.zip
Linux – themole-0.3-lin-src.tar.gz

Which is the most popular antivirus software?

In an over-crowded antivirus software market, end and corporate users are often finding it difficult to differentiate between a value-added market proposition, next to the “me too” vendors of solutions. As in every other market segment, any scientific insight into the market share of various vendors offers an invaluable perspective into the market dynamics, what are customers purchasing, and most importantly, are they living in a world of ‘false feeling of security’.

Using a data set consisting of 120,000 data points, researchers from OPSWAT recently released an informative overview of the antivirus market, answering an important question - which is the most popular antivirus vendor?

According to their findings, that’s avast! Free Antivirus, followed by Microsoft Security Essentials and ESET NOD32 Antivirus.

Detailed market share statistics:

Avast - 17.4% worldwide market share
Microsoft - 13.2% worldwide market share
ESET - 11.1% worldwide market share
Symantec - 10.3% worldwide market share
AVG - 10.1% worldwide market share
Avira - 9.6% worldwide market share
Kaspersky - 6.7% worldwide market share
McAfee - 4.9% worldwide market share
Panda - 2.9% worldwide market share
Trend Micro - 2.8% worldwide market share
Other - 11.1% worldwide market share

Microsoft is the market leader in North America, followed by Symantec and AVG. Not surprisingly, the market leading avast! Free Antivirus is relying on the so called “freemium” business model, where the company grows and gains market share by offering a free alternative of their software, and earns revenue thanks to the successful conversion of free users to paid ones. Earlier this year, the company announced that it has 150 million active users worldwide, a clear indication of a working “freemium” business model.

What do you think? Is antivirus software still relevant in the age of Stuxnet, Duqu and Flame, the so called poster kids of the DIY targeted attack toolkits and weaponized malware releases? Do think free antivirus is offering a ‘false feeling of security’ compared to subscription based license models?

NppCrypt: Notepad++ Plugin To Encrypt & Decrypt Selected Text & Files

Notepad++ is a popular text editor and Notepad replacement with many useful features. One of its best features is its support for plug-ins. NppCrypt is a Notepad++ plug-in that lets you encrypt selected text or entire text files. If you don't want to use BitLocker in Windows 7 or TrueCrypt, here's how you can use Notepad++ to encrypt your text files.

Install Notepad++ and NppCrypt plug-in

Step 1: Download and install Notepad++.

Step 2: Launch the plug-in manager by going to Plugins > Plugin Manager > Show Plugin Manager.

Step 3: Select NppCrypt from the plug-in list, then click the Install button. Allow Notepad++ to restart after the NppCrypt finishes installing.



Encrypt text

Step 1: To encrypt selected text, select the text you want to encrypt, then go to Plugins > NppCrypt > Encrypt.

Step 2: Select the cipher you want to use, then type in a password.

To encrypt the entire file, just go to NppCrypt without selecting any text and choose Encrypt. To decrypt text, go back to NppCrypt and choose the Decrypt option.

This is what an encrypted text file will look like.

That's it. Now you can encrypt select data in a text file or the entire file with ease, using Notepad++ and NppCrypt.

How to Check If Your LinkedIn Password Was Stolen

Worried that your LinkedIn password may be a part of the nearly 6.5 million compromised on Wednesday? Password management firm LastPass has released a secure tool to see if your password was among the stolen.

News first surfaced about the security breach after a Russian hacker said he stole 6,458,020 encrypted LinkedIn passwords and posted them online (without usernames) to prove his feat. The breach comes on the heels of news that LinkedIn’s iOS app potentially violates user privacy by sending detailed calendar entries to its servers.

LinkedIn confirmed that some passwords had become compromised and said it would contact affected users with details on how to change their password

Although usernames associated with the passwords were not released, the passwords themselves will surely be used to help reverse-engineer other cryptography systems. We also expect to see these passwords added to dictionary lists of programs that attempt to break into various accounts.

In other words — if you’re a LinkedIn user, no matter how strong your password seemed — it’s a good idea to go ahead and change it.

How This Works

If you’re a cynical web user when it comes to privacy and security — of course you are, right? — then you’re probably asking yourself whether or not a site where you type in your password to see if it’s been compromised could possibly be legit. But the folks at LastPass ensure that the tool is safe and does not store passwords.

Here’s how it works: After typing your LinkedIn password into LastPass’s tool, the service computes its SHA-1 hash and sends the result to LastPass.com. It then searches the list of 6.5 million leaked password hashes.

“All that’s communicated to LastPass is the hash ‚Äî the result of the one-way function performed on the password that a user enters in that box,” a LastPass spokesperson said. “So let’s say you enter ‘password1.’ You enter it and the tool performs the hashing algorithm. The hash is then sent to LastPass, and if a match is found in the database (of the 6.46 million leaked hashes) on our end, we report back a message saying that your password was compromised.”

The spokesperson also noted that the hashes are not stored on its servers: “We don’t store the hash on our end. We only perform the check and then delete it.”

Change Your Password

If your password is among the millions stolen, you should not only change it as soon as possible but also update other accounts you have that use the same password.

If you aren’t already using a password management tool — it’s time to start considering one. Tools such as LastPass and 1Password are invaluable in helping users create and manage unique, secure passwords.

Has your password been compromised? Let us know in the comments.

Linkedin hacked; 6.46 million Passwords Leaked Online

A user on a Russian forum has claimed to have downloaded 6.46 million user hashed passwords from LinkedIn.

It looks as though some of the weaker passwords — around 300,000 of them — may have been cracked already. Other users have been seen reaching out to fellow hackers in an apparent bid to seek help in cracking the encryption.

Finnish security firm CERT-FI is warning that the hackers may have access to user email addresses also, though they appear encrypted and unreadable.

A source said they had searched and discovered their password in the cache. It has been reported that the passwords were encrypted using the SHA-1 algorithm — which is known for its flaws — but unless a password is weak, it may take a while to decrypt the remaining cache.

LinkedIn has more than 150 million users worldwide. This apparent hack could affect less than 10 percent of its user base, but it will strike a damaging blow to the ‘professional’ social network’s reputation.

It is advised users change their passwords as a precautionary measure.

LinkedIn said it was “looking into reports of stolen passwords” on its official Twitter account.

How to Download and Install the Microsoft Windows 8 Release Preview

Get ready, beta testers. Microsoft debuted Windows 8 Release Preview, which is one of the last steps before a final release of Windows 8 this fall. Versions of the operating system are available for both 32-bit and 64-bit systems.

Here's what Microsoft says is new or enhanced over previous beta releases:

• New Bing-powered apps, including ones for travel, news, and sports
• Improvements to Mail, Photos, and People apps
• Increased Start personalization
• Better multiple-monitor support
• Better Windows Store navigation
• New family safety and security functionality
• Enhanced touch support for Internet Explorer 10

Warning

As with past betas of Windows 8, Microsoft advises users to not install the operating system on a computer used for day-to-day work. There's also no going back without wiping your hard drive.

You can't downgrade from Windows 8 since it cannot access the recovery partition of your hard drive. If you need to downgrade, ensure you have recovery disks readily available.

f you are already running Windows 8 Consumer Preview or Developer Preview, Microsoft says you can upgrade to Release Preview. There's a downside to upgrading, though: you cannot keep any of your files.

To run Windows 8 Release Preview, your test computer will need a processor with a clock speed of 1GHz or greater, 1GB (32-bit version), or 2GB (64-bit version) of RAM, at least 16GB (32-bit) or 20GB (64-bit) of available hard drive space, and a graphics card that supports DirectX 9 with a WDDM driver.

For select features, you will also need multitouch support, Internet access, and a screen resolution of at least 1024 pixels by 768 pixels.

Where to Download Windows 8 Release Preview

If you meet these requirements, head over to the download page on Microsoft's site and enter your email and country. Since the free Release Preview is available in 14 languages, chances are you'll find a version of the software available for your region.

Clicking 'Download' will start the download of the "Windows 8 Release Preview Setup." Running this application automates most of the set-up process, and selects the appropriate version of the preview for your machine. If you're a bit more daring and technologically savvy, Microsoft has provided direct links to ISO files.

These must be turned into installation media that are burned to a DVD drive or copied to a USB flash drive in order to complete the install. That's the installation process in a nutshell, but again--be wary. This is preview software, so keep mission critical work off your test PC.

Have you installed Windows 8 Release Preview? Did you previously install the Consumer Preview? Let us know your thoughts on this latest release and anything you notice that needs a little work.