Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.
Damn Vulnerable Web App is damn vulnerable! So don’t upload it to your hosting provider’s public html folder or have it up on any working web site as it will be hacked. I recommend downloading and installing Apache, PHP and MySQL onto a local computer inside your LAN which is used solely for testing.
I do not take responsibility for the way in which any one uses this application. I have made the purposes of the application clear and it should not be used maliciously.
To download DVWA click here.
It’s still in BETA version so I’m open to suggestions and criticism, if you download and use it please leave some feedback good or bad.
Gary McKinnon’s final court date has been pushed back to the 20th January 2009 (the same day Obama takes office).
Prosecutors say he shut down thousands of machines and caused up to $700,000 worth of damage, while the 42-year-old claims he was searching for evidence of UFOs.
Over the course of the case, defence lawyers argued that McKinnon will face unduly harsh punishment for his actions and should instead face trial in the UK, since the alleged hacking attacks were conducted from a house in north London.
By the time the decision is made, it will be almost seven years since McKinnon ended his activities. During that time a succession of arguments have been made against his removal – including that he faces up to 60 years in prison or detention at Guantánamo Bay, and that he should receive leniency because he suffers from Asperger’s syndrome.
Let’s start from the top, “$700,000 worth of damage”. As far as I’m aware the American government have not produced any evidence to support the amount of damage caused. From what I’ve read so far Gary broke the Computer Misuse Act 1990 (c.18) point 1, “Unauthorised access to computer material” by logging in to American government, Army, NASA and other American institutions by using a windows null administrator password scanner. He may have broke point 2 of the CMA, “Unauthorised access with intent to commit or facilitate commission of further offences” by using the administrator account to gain further access to other machines or services on the networks. He may also have broke point 3 “Unauthorised modification of computer material”, however I’m not aware of the full details. You could argue that he broke point 3 by viewing some of NASA’s pictures, as by doing this he was changing the metadata unknowingly.
He broke the Computer Misuse Act on British soil. In my opinion he should be punished in Britain. Ive heard about a new European cyber crime bill being discussed at the moment regarding liability, in short it means that if you leave your network wide open for attack then you are partly liable. However as far as I’m aware this is still being discussed and wouldn’t affect Gary’s case anyway as it wasn’t about when he committed his crimes.
Its been 7 years since his crimes were committed and he still hasn’t been sentenced. I bet he just wants to get it over and done with by now. If the British government didn’t see a problem with extraditing him then why is the process taking so long? There must be some disagreement at a higher level.
For now we will just have to wait and see what happens on the 20th of Jan and hope that he wins his case to serve his sentence in Britain.
There’s also a demonstration outside the American embassy in London on Friday the 5th of December 2008.
More info: freegary.org.uk
A COMPUTER expert has been executed in Iran after he confessed to working for Mossad, the Israeli intelligence service. This provides a rare insight into the intense espionage activity inside the Islamic republic.
He was obviously playing a dangerous game and paid for it with his life.
Ali Ashtari, 43, a computer and hi-tech equipment buyer for Iran’s defence industry and nuclear programme, was hanged after admitting he worked for Israel. It is the first known conviction of an alleged Israeli agent in Iran for almost 10 years.
Ashtari was trusted by senior officials to travel overseas to buy the advanced computers and other electronic equipment needed for the regime’s nuclear programme, which is reported to have already produced enough enriched uranium to make an atomic bomb.
Behind their backs he allowed the software he bought to be subtly doctored by Israeli computer engineers before it was imported to Iran. Ashtari confessed: “Mossad’s goal was to sell specialised computer equipment through me to Iranian intelligence organisations.”
You would have thought that Iran would have been more careful as to who they employ and how trustworthy they are. Who knows how many backdoors are still open within Iran’s nuclear facility?!
For the full story click here.