Re Think On Pentest Lab – We Go Totally Open Source

Having played around with my previous Virtual Pentest Lab and found it more than up to the job, Citrix’s Xenserver is after all the best Virtualisation system around and for not very much money or free if you don’t need the fancy extra’s – I have a 2 node Xenserver system with an OPenFiler SAN at the office without the essentials licence and it makes life sooooo easy.

Anyways we digress, back to my home Pentest lab, well I go back to the day job, because another virtualisation system I have setup at the office is a fantastic product created by the guys at Proxmox – http://www.proxmox.com/products/proxmox-ve

Continue reading “Re Think On Pentest Lab – We Go Totally Open Source”

CitiBank Forces Users To Install In-Secure Software

For some years now I have known that Citibank CitiDirect web login for online banking will only work with certain out of date JRE versions, the reason for this knowledge is the company I work for have CitiBank accounts.

Now since JAVA’s JRE has recently been found to be vulnerable to remote code execution this could have been a problem, but we expect that CitiBank would sort things out.

Well today the plot went seriously pear shaped as the issue vulnerability went public, the internet and every nasty cyber-criminal now knows of this. See the article published here on PacketStorm http://www.packetstormsecurity.org/1007-advisories/citibank-java.txt

I emailed CitiBank first thing this morning, asking for answers and have as yet had no reply.

Watch this space