GNUCITIZEN Products
The GNUCITIZEN work goes beyond our public research projects and speaking engagements. The following section contains some of our in-house developed products.
» Blogsecurify
The Blogsecurify initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
» Netsecurify
The Netsecurify initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta. We are working very hard to make it a reality.
» Websecurify
The Websecurify initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta and the testing engine will be avalable for download soon.
» Secapps
Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
» Securls
Securls serves as an information security intelligence gathering tool, combining news and articles from the best information security resources on-line.
Popular Papers and Presentations
The GNUCITIZEN team has authored several industry-recognized information security papers and presentations.
» Client-side Security
This paper was presented in Black Hat Europe 2008, Hack in the Box Dubai 2008, Black Hat USA 2008 and Hack in the Box KL 2008. This paper describes numerous techniques for attacking Clients-side technologies. The content of the paper is based on the research that has been conducted over the past year, before publication, by the GNUCITIZEN team.
» Cracking into Embedded Devices
The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device. The presentation is focused on vulnerabilities that can be exploited remotely.
» For my next trick... hacking Web2.0
This paper outlines some of the dangers of Web2.0 by combining fictional stories with real technology. Each story begins with a prologue, which introduces the problem, and finishes with a conclusion, which summarizes the attack techniques that are described within the story's context.
» Exegesis of Virtual Hosts Hacking
This is the first paper written on the topic of virtual hosts hacking. It covers basic skills such as passive discovery techniques and (almost) stealth active discovery techniques. It also presents possible scenarios of exploitation.
Popular Blog Entries and Vulnerability Findings
Our blog is one of the leading information security resources on the Web today. There we have published a large chunk of our public research.
- Cracking into ZyXEL Broadband Routers
- Taking Over Google Blogger Blogs
- Password-theft Vulnerability in Google Urchin
- Compromising Axis IP cameras
- Social Networks Evil Twin Attacks
- WiFi Infestations - Viral Wardriving
- Social Networks, Evil Twins and Puppet Masters
- What is Black PR
- QuickTime vulnerability affecting Windows XP and Vista
- Exploitation Scenarios for CITRIX
- VoIP hijacking Vulnerability in the BT Home Hub
- Wireless Encryption Key Predictability Vulnerability in the BT Home Hub
- Password Leakage Vulnerability in BT Home Hub
- Critical Vulnerabilities in British Telecom (BT) Home Hub
- Web Mayhem: Firefox’s JAR: Protocol issues
- Total surveillance made easy with VoIP phones
- Vulnerabilities in CITRIX
- Critical Issues in the UPnP Protocol Stack Design
- Critical Vulnerability in QuickTime affecting Mozilla Firefox
- Critical Vulnerability in Google GMail Software
- Critical Vulnerability in Adobe PDF affecting Windows XP
Printed Publications
The GNUCITIZEN group has been involved in the publication of several industry-recognized information security books.
» Google Hacking for Penetration Testers Second Edition
Google Hacking for Penetration Testers, Volume 2 shows the art of torquing Google used by security professionals and system administrators to find sensitive information and self-police their own organizations.
» Cross Site Scripting Attacks: XSS Exploits and Defense
The book provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses.
Conferences and Public Speaking Engagements
GNUCITIZEN members are frequent speakers at some of the world's largest information security events, including Black Hat, Hack in The Box, OWASP, CONFidence and others.
Media Coverage
GNUCITIZEN's work has been featured in many popular electronic and printed media outlets.
- [BBC] BT want customer help with new mobile wi-fi network
- [British Computer Society] Broadband router connected to hacker attack
- [CNet] Hacking Big Brother
- [Computerworld] Skype pulls features in face of critical flaw
- [Computerworld] Automated application security tools - useful, but not a replacement for human eyes and brains
- [Computerworld] Gmail zero-day flaw allows attackers to steal messages
- [Computerworld] Skype leaves security door open, say researchers
- [Computerworld] Wi-Fi security warning for BT Home Hub users
- [Computing] BT hamstrings Home Hub hackers
- [CrunchGear] PDF Files Can Steal All Your Base
- [Dark Reading] Details of Clickjacking Attack Revealed With Online Spying Demo
- [Dark Reading] New VOIP 'Call-Jacking' Hack Unleashed
- [Dark Reading] Turning the Surveillance Camera Around
- [eWEEK] eWEEK Presents: Greatest Hits of Summer 2007 - Blitzkrieg Bop
- [eWEEK] Google Downplays Talk of Security Vulnerabilities
- [eWEEK] How Many Monocultures Make Up a Polyculture?
- [eWEEK] Mozilla to Fix 9-Month-Old JAR URL Handling Bug
- [eWEEK] Swarm of QuickTime Bugs Found
- [eWEEK] Using a Browser, Hackers Can Hijack Wi-Fi Routers
- [Guardian] Google's Gmail insecure, and other Google security holes
- [Heise Security] Systems disclose sensitive data via SNMP
- [Heise Security] Unwanted remote configuration for home routers
- [Heise Security] WiFi routers have predictable SSID and WPA keys
- [Information Week] Adobe Confirms Critical Bug Affecting Windows XP
- [Information Week] Apple Patches Year-Old Windows QuickTime Vulnerability
- [Information Week] Google Hacking Database Tool Updated
- [Information Week] Firefox 2 Security Update Coming
- [Information Week] How Dumb Is Too Dumb To Operate a Computer?
- [Information Week] Mozilla Updates Firefox To Patch QuickTime Bug
- [Information Week] Security Researcher Warns About Citrix Vulnerability
- [Information Week] Security Star Shares Top 5 Most Popular Web 2.0 Services Sure To Be A Hit With Hackers
- [Information Week] Unpatched QuickTime Bug Threatens Firefox
- [Information Week] Google Gmail, Other Apps, Vulnerable To Attack
- [InformationWeek] Google-Powered Hacking Makes Search A Threat
- [InformationWeek] Severe UPnP Flaw Allows Router Hijacking
- [InformationWeek] Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista
- [InformIT] Identity 2.0: How Attackers Break into Identity-centric Services
- [InformIT] Information as a Weapon of Mass Destruction
- [InfoWorld] Flash attack could take over your router
- [InfoWorld] Skype flaw turns videos into weapons
- [InfoWorld] Worm fears shut down Skype video feature
- [ITP] Crack the hackers
- [IT World] Flash attack could take over your router
- [Mashable] Firefox 2.0.0.7 is Live; Eliminates QuickTime Security Flaw
- [Metro] Google mail users 'at risk' of being duped
- [Network World] Group points to VOIP flaw in DSL home gateway
- [Network World] VoIP phone phreaked by security hole
- [News.com] Security Bites Podcast: Hacking via security cameras
- [News.com] Security Bites Podcast: Hacking via security cameras
- [PC Magazine] Slipping On SOAP Into Your Router
- [PC Pro] BT fixes Home Hub hole
- [PC Pro] BT investigates major security flaw in Home Hub
- [PC Pro] Spammers target PDF exploit again
- [PC World] A Rash of Middleware Bugs Popping Up
- [PC World] Hackers Claim Flaw in British DSL Service
- [PC World] Year-old QuickTime Hole May Leave You at Risk
- [SC Magazine] Adobe Flash plug-and-play interface can be used to modify router settings
- [SC Magazine] Apple patches QuickTime for Windows flaw
- [SC Magazine] Another Apple QuickTime bug reported
- [SC Magazine] Frame injection exploits Google flaw
- [SC Magazine] Gmail can be easily spoofed
- [SC Magazine] Google working to patch Gmail message-forwarding flaw
- [SC Magazine] Mozilla fixes three Firefox bugs
- [SC Magazine] Mozilla patches QuickTime bug in Firefox
- [SC Magazine] VMware and Adobe vulnerabilities disclosed
- [SecurityFocus] Hacking group alleges attack via PDF
- [Slashdot] Gmail Vulnerability May Expose User Information
- [Slashdot] Most Home Routers Vulnerable to Flash UPnP Attack
- [Slashdot] Zero-day Exploit in PDF With Adobe Reade
- [Symantec] Flashing Home Routers
- [Techworld] Simple SNMP scans yield network data
- [Techworld] VoIP phone phreaked by security hole
- [Telecompaper] Hacker group finds flaw with BT DSL home gateway
- [The Inquirer] BT Home Hubs are wide open
- [The Register] BT battens down Home Hub backdoor
- [The Register] BT home router wide open to hijackers
- [The Register] BT launches Home Hub backdoor investigation
- [The Register] Firefox broken Jar vuln. menaces Gmail
- [The Register] Most home routers 'vulnerable to remote take-over'
- [The Register] Networks left open to SNMP scans
- [The Register] New cracks in Google mail
- [The Register] New Google bugs empower phishermen
- [The Register] Security maven: QuickTime flaw threatens PCs, Macs
- [The Register] UK's number one router open to VoIP hijacking
- [The Register] UK's most popular Wi-Fi router defaults to insecurity
- [The Tech Herald] SNMP scanning - GNUCitizen locates thousands of at risk devices
- [Vnunet] Adobe Reader hit by cross-site scripting flaw
- [Vnunet] BT hamstrings Home Hub hackers
- [Vnunet] Initiative aims to bolster Web 2.0 defences but threats continue to evolve
- [Washington Post] Firefox plans bugfix release for next week
- [Washington Post] Firefox Update Fixes Apple QuickTime Flaw
- [Washington Post] Flash Attack Could Take Over Your Router
- [Washington Post] Hacker bears bad news about PDF
- [Washington Post] Mozilla fixes QuickTime flaw in Firefox
- [Washington Post] QuickTime Security Update for Windows
- [Washington Post] With Web 2.0, a new breed of malware evolves
- [WindowsITPro] Is SNMP an Open Door to Your Network?
- [Wired] Adobe Confirms PDF Exploit
- [Wired] GMail Flaw Lets Anyone Read Your E-Mail
- [Wired] Hacker Discovers Serious Vulnerability in PDF Files
- [Wired] Sneaky White Hats Pull Surveillance Cam Switcheroo
- [ZDNet] Are Routers the Next Big Target for Hackers?
- [ZDNet] BT denies routers still vulnerable to old exploit
- [ZDNet] Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance
- [ZDNet] Gmail cookie vulnerability exposes user's privacy
- [ZDNet] GNUCITIZEN Resources on ZDNet
- [ZDNet] Researchers outline Wi-Fi router hijacking via browser
- [ZDNet] Snom VoIP phone vulnerability enables phone history theft, addy book poisoning, and more
- [ZDNet] Wi-Fi routers vulnerable to UPnP attack from hackers
- [ZDNet] BT Home Hub encryption under fire
- [WindowsITPro] Is SNMP an Open Door to Your Network?
- [Security Park] The threat of the Ajax Super-Worm
- [Information Week] Facebook Privacy Glitch Revealed Private Paris Hilton Pictures
- [ZDNet] Black Hat Europe, Day 2: The day that wasn't and Black Hat Europe ...
- [ITP] Crack the hackers
- [PC World] Researcher: BT Home Hub Wi-Fi Security Easy to Crack
- [Techworld] The stupidity of 'default' security settings
- [SecurityProPortal] BT's WiFi router easily hackable, says Whitehat hacker
- [The Tech Herald] BT Home Hub vulnerable
- [The Register] Department of Homeland Security website hacked!
- [Information Week] Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista
- [Information Week] Researcher finds new flaw in QuickTime for Windows
- [Wired] Quicktime Flaw Makes Windows Vulnerable to Attack
- [The Tech Herald] GNUCitizen reports QuickTime 0-Day
- [Dark Reading] Tech Insight: Finding & Prioritizing Web Application Vulnerabilities
- [Dark Reading] Hackers in the House
- [Information Week] Hackers Join Social Network Craze With 'House Of Hackers'
- [InfoWorld] Hackers create their own social network
- [The Register] Yet another hole found in BT Wi-Fi router
- [PC Pro] BT Home Hub "spits out password to hackers"
- [CNet] Networking with hackers
- [Information Week] Security Star Shares Top 5 Most Popular Web 2.0 Services Sure To Be A Hit With Hackers
- [Channel Web] One-On-One With 'Life Hacker' Petko Petkov
- [Heise Security] Adobe Reader may have critical hole
- [PC World] Security Researcher Finds Flaw in Windows Media Player
- [eWEEK] QuickTime Zero-Day Hits Windows XP, Vista
- [GCN] Tools for the attacker, tools for the defender
- [The Tech Herald] Apple and Cisco each release patches
- [Computerworld] Apple patches 5 critical QuickTime bugs
- [PC World] Symantec Suspects Bot in Attacks on D-Link Routers
For more information regarding our constantly expanding portfolio you can visit our blog.