Archive for the ‘Uncategorized’ Category




Utilities Folder

Disk Encryption Feature


iCal App

Address App

Mail App

Safari App

FaceTime App

Twitter App


Key Deletions from OS:

Java Runtime has been completely remove from the default install (to increase security). Rosetta (use to run PowerPC apps) has been removed from the OS. Front Row (Entertainment app. Similar to Apple TV) removed from Lion. Rumor has it, Lion will be equipped with an Apple TV app.


Noticeable additions to Lion:

Mac OS X Lion Server (included as an additional feature within Mac OS X Lion.), Disk Encryption, Recovery Partition (automatically creates during install), Multi-User Remote Computing (you can connect to a virtual display and see your files), SSD Trim Support (means of coordinating disk use that hasn’t been present in past versions of OS X), View in Spotlight (when you search for an item in Spotlight you can put your mouse on top for a quick Preview of the item or, if the file isn’t supported in Preview, you can see a popup with more information),Migration assistant from PC (Lion lets you connect your PC and migrate files over), PDF Signing in Preview (allows you to sign a small piece of paper, take a picture of it with your built in camera and then insert it into a PDF using Preview), Podcast Publisher (easier to start sharing with the world in OS X Lion with the inclusion of Podcast Publisher), Windows Controls and Gestures (scrolling experience mirrors how you scroll on the iPad or iPhone), Time Machine Without External Hard Drive (Local Snapshots. Backup on your Mac without an external hard drive), iTunes Artwork Screensaver (Hover over a picture to play the song), iChat gains Yahoo support and Live Preview (Yahoo IM right out of the box for video and audio chat. Additionally, if you hover your mouse over a link you’ll see a live preview of the webpage without opening Safari), Super High Resolution Monitor Support (supports HiDPI), and Find My Mac (same feature found on iPad and iPhone).



Thus far, our internal testing of Mac OS X Lion has been positive.  The security focus Apple invested in Lion has been impressive.  As a security professional, the “Find my Mac” feature within Lion is quite appealing. It will let you track your “mis-placed” or “stolen” Mac, then enable you with the option – to remote wipe your drive.  Keep in mind, these findings are just initial testing results (from a 3 day time frame). Our security team will begin deep testing for vulnerabilities next week. We will post those findings soon.




Cyber Stalking

Posted: January 19, 2011 in Uncategorized

Warning: Digital Pics Show More Than Meets the Eye, – Sent via the FOX News Android App.  Download the app: #

If you come across a WebMail system that supports HTML email (no JavaScript) like GMail, Y! Mail, and Hotmail, then it’s extremely helpful to know how exactly to send HTML email to test those anti-XSS filters. I don’t recall seeing a how-to on the subject anywhere in the webappsec circles. To send arbitrary HTML email, laced with filter evading JavaScript, requires only a specially crafted text file and a *unix command line. Copy / Paste the following into a plain text file (email.txt):
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit


The trailing dot is not a typo, it terminates the end of the message so make sure the file always ends with it. Second, leave the Content-Type, Content-Transfer-Encoding, and MIME-Version headers as they are. Beyond that, you are free to modify and insert your HTML/JavaScript injections wherever you’d like including the email subject and content body. You can also spoof the return email address and add arbitrary email headers using the same format. Once you got something to want to send, well email, type this Unix command:

> sendmail -t < email.txt

The -t flag is where you want to send the email to and redirect in whatever you named your email text file to sendmail. That’s it!


An easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

This release includes the following significant changes:
Memory leaks have been fixed in the active scanner and spider.
External applications can now be invoked from the Sites and History tabs.
The passive scanner now looks for vulnerabilities, such as:
Autocomplete forms with password fields
Cookies without the ‘HttpOnly?’ flag
SSL Cookies without the ‘secure’ flag
Weak authentication


Gen-Y Developments, Inc

Posted: January 13, 2011 in Uncategorized

In February 2011, HackProof Labs will launch an Application Development division: “Gen-Y Developments, Inc.”  Please check back for more details.

Type of applications that will be developed initially:  social media, bio-tech, cyber defense and health care.

Thank you for visiting the HackProof Lab’s 2011 Blog.

Dedicated to our clients and industry peers.   Blog will reference and offer knowledge transfer on today’s security best practices and report on the latest vulnerabilities. This site will also offer HackProof Lab’s latest company announcements and news.

Please send us an email at –  if you have any security concerns or technology questions.