Real Time Gas Monitoring

September 21, 2008 by Eliot 12 Comments

With the weather getting colder, [Daniel] decided it would be a good idea to monitor how much energy his gas heating was using in real time. He used a Nokia 6680 cameraphone to monitor the heater’s flame through the sight glass. PyS60, a Symbian implementation of Python, checks the image sent by the camera and measures how much blue flame is visible. These values are stored in a SQL DB on the phone that can be polled over Bluetooth. At the end of the billing cycle, he’ll be able to correlate the amount of gas used with what the phone reported.

[Thanks, florent bayle]

Crawling + SQL Injection With Scrawlr

June 24, 2008 by Eliot 3 Comments

Scrawlr is the latest tool to come out of HP’s Web Security Research Group. It was built in response to the massive number of SQL injection attacks happening on the web this year. Most of these vulnerable sites are found through googling, so Scrawlr works the same way. Point it at your web server and it will crawl all of the pages and evaluate the URL parameters to see if they’re vulnerable to verbose injection. It reports the SQL server and table names if it comes across anything.

It only supports 1500 pages right now and can’t do authentication or blind injection. It’s still a free tool and a great way to identify if your site is vulnerable to automated tools finding you website via search engines.

[via Acidus]

Exploit-Me Firefox XSS And SQL Scanning Addon

June 14, 2008 by Eliot 7 Comments

[youtube=http://www.youtube.com/watch?v=RbL2ptbjoSA&hl=en&rel=0&color1=0x3a3a3a&color2=0x999999]
One of the best tools we saw at LayerOne was the Exploit-Me series presented by [Dan Sinclair]. Security Compass created these tools to help developers easily identify cross site scripting (XSS) and SQL injection vulnerabilities.

Continue reading “Exploit-Me Firefox XSS And SQL Scanning Addon” →