Subscribe to Infosec Events
Infosec Events Feed Stay up to date with all of the latest security news by subscribing to our RSS Feed. Alternatively, you can have updates sent directly to your email address.

Week 15 In Review – 2014

Published: April 14th, 2014 | Category: Security Conferences, Security Tools, Security Vulnerabilities | (0) Comments

Events Related

Resources

  • Car Hacking 2: The Content – blog.ioactive.com
    Does everyone remember when those two handsome young gentlemen controlled automobiles with CAN message injection? However, what if you don’t have the resources to purchase a car, pay for insurance, repairs to the car, and so on?
  • HeartBleed slides – malwarejake.blogspot.com
    Better (more complete) slides and other material available here.
  • SOURCE Boston 2014: idb – iOS Blackbox Pentesting – speakerdeck.com
    More than ever, mobile apps are used to manage and store sensitive data by both corporations and individuals. In this talk, Daniel’s team review common iOS mobile app flaws involving data storage, inter-process communication, network communications, and user input handling as seen in real-world applications.
  • M-Trends 2014 Threat Report Revealed – www.mandiant.com
    The fifth installment of Mandiant’s annual threat report, M-Trends has arrived! You can download the latest report, “M-Trends: Beyond the Breach”, here.
  • Notacon 11 (2014) Videos – www.irongeek.com
    These are the videos from the 11th Notacon conference held April 10th-13st, 2014.

Tools

  • Capstone – www.capstone-engine.org
    Capstone is a lightweight multi-platform, multi-architecture disassembly framework.Their target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
  • OWASP ZAP 2.3.0 – wasp.blogspot.com
    OWASP ZAP 2.3.0 is now available. There are a large number of changes in this release, so this post will just give a high level overview of some of the most significant changes

Vulnerabilities

  • The Heartbleed Bug – heartbleed.com
    The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

    • Heartbleed test – filippo.io
      Enter a URL or a hostname to test the server for CVE-2014-0160.
    • Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping – arstechnica.com
      Researchers have discovered an extremely critical defect in the cryptographic software library an estimated two-thirds of Web servers use to identify themselves to end users and prevent the eavesdropping of passwords, banking credentials, and other sensitive data.
    • OpenSSL 1.0.1 Heartbleed Vulnerability – [Critical Vulnerability] – www.r00tsec.com
      The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.
    • hb-test.py – gist.github.com
      Here is OpenSSL heartbeat PoC with STARTTLS support.
    • openssl_heartbleed.rb – github.com
      Here is a module about openssl heartbleed. This module requires Metasploit.
    • Yet Another HeartBleed – penturalabs.wordpress.com
      This Heartbleed Information Disclosure Vulnerability has pretty much been covered all over the internet on 8th April 2014. As a one-page-stop summary, please read this.
    • Heartbleed Bug Impacts Mobile Devices – bluebox.com
      Another SSL vulnerability has been disclosed and released to the public. This one is referenced as CVE-2014-0160 or as it is commonly be called the Heartbleed bug due the leaking of information from heartbeat messages an SSL/TLS connection produces. How does this relate to mobile devices?
    • Gaping SSL? My Heartbleeds – community.rapid7.com
      As you may already know, a vulnerability affecting OpenSSL was reported and it most likely affects your organization. The “Heartbleed” SSL vulnerability affects widely deployed versions of the OpenSSL library, which is used in the majority of software, including web-, email-, database- and chat-servers.
    • heartattack.py – bitbucket.org
      CVE-2014-0160 exploit PoC, Originally from test code by Jared Stafford (jspenguin@jspenguin.org), Adapted by Johan Nestaas.
    • Why you should care about the OpenSSL heartbleed vulnerability – research.zscaler.com
      researchers from Google and Codenomicon made quite a splash when they revealed details of a vulnerability in OpenSSL’s implementation of the heartbeat extension, which they have affectionately dubbed heartbleed. Why is this such a big deal?
    • Everything you need to know about the Heartbleed SSL bug – troyhunt.com
      Massive. Huge. Catastrophic. These are all headlines troyhunt had seen on april 9 that basically say we’re now well and truly screwed when it comes to security on the internet.
    • Why heartbleed doesn’t leak the private key [retracted] – blog.erratasec.com
      So as it turns out, Robert Graham completely messed up reading the code. He don’t see how, but he read it one way.
    • Heartbleed Bug Poses Serious Threat to Unpatched Servers – symantec.com
      Heartbleed, or the OpenSSL TLS ‘heartbeat’ Extension Information Disclosure Vulnerability (CVE-2014-0160), affects a component of OpenSSL known as Heartbeat. OpenSSL is one of the most widely used, open source implementations of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.
    • OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products – tools.cisco.com
      Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.
    • The Heartbleed Hit List: The Passwords You Need to Change Right Now – mashable.com
      An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook.
    • Heartbleed Bug Impacts Mobile Update – bluebox.com
      Bluebox Labs has updated the original Heartbleed Scanner application to determine if your Android applications or your Android OS are vulnerable to the Heartbleed bug.
    • WhiteHat Security Observations and Advice about the Heartbleed OpenSSL Exploit – blog.whitehatsec.com
      The Heartbleed SSL attack is one of the most significant, and media-covered, vulnerabilities affecting the Internet in recent years. According to Netcraft, 17.5% of SSL-enabled sites on the Internet were vulnerable to the Heartbleed SSL attack just prior to its disclosure.
    • How the heartbleed bug works. – xkcd.com
      Heartbleed explained in details here.
    • Hacker successfully uses Heartbleed to retrieve private security keys – theverge.com
      This morning, content distribution network Cloudflare gave some hope to those affected by the Heartbleed security flaw with an announcement that the bug might not be as bad as feared.
    • Testing for Heartbleed vulnerability without exploiting the server. – blog.mozilla.org
      Heartbleed is a serious vulnerability in OpenSSL that was disclosed on Tuesday, April 8th, and impacted any sites or services using OpenSSL 1.01 – 1.01.f and 1.0.2-beta1.
    • 8 Tips For Dealing With Heartbleed Right Now – researchcenter.paloaltonetworks.com
      There’s a lot out there already about what Heartbleed means for the Web and beyond, and I’ll point you to our own analysis written by Scott Simkin or an essay by Dan Goodin over at ars technica for that explanation.

Week 14 In Review – 2014

Published: April 7th, 2014 | Category: Security Tools, Security Training | (0) Comments

Resources Everything You Always Wanted to Know About iTunes and iCloud Backups But Were Afraid to Ask – blog.crackpassword.com Do you think you know everything about creating and using backups of Apple iOS devices? Probably not. Here Vladimir Bezmaly (MVP Consumer security, Microsoft Security Trusted Advisor) shares some thoughts, tips and tricks on iTunes and iCloud […]

Information Security Events For April

Published: March 31st, 2014 | Category: Security Conferences, Security Training | (0) Comments

Here are information security events in North America this month:   InfoSec Southwest 2014 : April 5 to 6 in Austin, Texas USA   CactusCon 2014 : April 4 in AZ, USA   BSides Orlando 2014 : April 5 to 6 in Orlando, Florida, USA   BSides Rochester 2014 : April 5 in NY, USA […]

Week 13 In Review – 2014

Published: March 31st, 2014 | Category: Security Tools, Security Vulnerabilities, Site News | (0) Comments

Resources iOS Application Security Part 32 – Automating Tasks With iOS Reverse Engineering Toolkit (iRET) – highaltitudehacks.com In this article, we will talk about a new tool named iOS Reverse Engineering Toolkit (iRET) that has just been released to assist penetration testers in automating most of the tasks involved in a iOS penetration test. The project […]

Week 12 In Review – 2014

Published: March 24th, 2014 | Category: Security Conferences, Security Training, Security Vulnerabilities | (0) Comments

Events Related Three Things to Take Away from CanSecWest, Pwn2Own – threatpost.com Browsers, brokers and BIOS: you could safely call that triumvirate the past, present and future of security, but you’d be wrong. If last week’s CanSecWest conference, and Pwn2Own and Pwnium contests are indeed a point-in-time snapshot of the technical side of information security, then […]

Week 11 In Review – 2014

Published: March 17th, 2014 | Category: Hacking Contests, Security Tools, Security Training, Vendor News | (0) Comments

Events Related Pwn2Own 2014: A recap – hp.com Two record-setting days of payouts for zero-day vulnerabilities brought the 2014 Pwn2Own contest tantalizingly close to the first million-dollar competition, with $850,000 paid to eight entrants. $385,000 of potential prize money remained unclaimed. Researchers pocket record $400K at Pwn2Own hacking contest’s first day – computerworld.com Researchers on Wednesday cracked […]

Week 10 In Review – 2014

Published: March 10th, 2014 | Category: Security Tools, Security Training, Vendor News | (0) Comments

Resources Forgot your Windows admin password? – ogostick.net This is a utility to reset the password of any user that has a valid local account on your Windows system. Finally! A very major release! TrustyCon Videos Available – makehacklearn.org You can find the playlist of all of the videos in Al Jigong Billings YouTube channel […]

Week 9 In Review – 2014

Published: March 3rd, 2014 | Category: Security Conferences, Security Tools, Security Training, Security Vulnerabilities | (0) Comments

Events Related RSA Conference 2014 RSA protests by DEF CON groups, Code Pink draw ire – news.cnet.com The RSA security conference (where the world’s security companies come to do business with each other), opened its doors this week in San Francisco to a wide range of protests by security professionals who would otherwise be attending and […]

Information Security Events For March

Published: February 28th, 2014 | Category: Security Conferences, Security Training | (1) Comment

Here are information security events in North America this month:   4th ACM Conference on Data and Application Security and Privacy (CODASPY) : March 3 to 5 in San Antonio, TX, USA   GRC Summit 2014 : March 4 to 6 in Boston, MA, USA   DakotaCon 2014 : March 7 to 9 in Madison, […]

Week 8 In Review – 2014

Published: February 24th, 2014 | Category: Security Tools, Security Training, Security Vulnerabilities, Vendor News | (0) Comments

Events Related Course Review: Offensive Security AWE (Advanced Windows Exploitation) – www.ethicalhacker.net In terms of training, Offensive Security is best known for their Pentesting with BackTrack/Kali (PWK) and Cracking the Perimeter (CTP) courses. The course was delivered by its creators, Matteo Memelli and Devon Kearns. Matteo handled all of the speaking responsibilities, and Devon apparently participated […]

PREVIOUS
© Godai Group 2014
Home - Calendar - Communities - Training - Archives - Contact