Event Related

• Infiltrate  Conference
• “Voight-Kampff’ing The BlackBerry PlayBook” at INFILTRATE 2012 – intrepidusgroup.com
  We gave a talk at Immunity’s awesome INFILTRATE conference in Miami Beach, FL. Our presentation, “Voight-Kampff’ing The BlackBerry Playbook”, discussed some of the blackbox style, independent research we performed on the BlackBerry PlayBook.
• Infiltrate Wrap Up – blog.opensecurityresearch.com
  Our industry is getting over saturated with conferences that are filled with stale and sometimes uninspiring content.  If we cannot collectively raise the bar, we’re not motivating ourselves to produce creative and innovative research – and if we’re not doing that, we might as well surrender our intellect, curiosity, and integrity to the vendors who would prefer to ignore the security of their customers, to increase their profits.

Tools

• Windows Phone App Analyser v1.0 released today - securityninja.co.uk
  The main reason I wanted to do the WP7 app development was to increase my knowledge about the WP7 application development and submission process.  I have done a lot of mobile security research and even presented about Android and iOS security but I didn’t want to assume that knowledge would apply to WP7 so I got my hands dirty with some app development!
• Reversing Malware with Android Reverse Engineering (A.R.E.) - sectechno.com
  Malwares on mobile system are increasing dramatically, especially on android smartphone system, this week Trendmicro security lab posted about new campaign targeting this system by infecting users over web applications.
• The SPToolkit – The Phishing Toolkit Project - professionalsecuritytesters.org
  These articles give some good insights into why phishing is on the rise and why you, as an information security professional, should be worried about it.

Techniques

• Monitoring pastebin.com within your SIEM - blog.rootshell.be
  For those who (still) don’t know pastebin.com, it’s  a website mainly for developers. Its purpose is very simple: You can “paste” text on the website to share it with other developers, friends, etc. You paste it, optionally define an expiration date, if it’s public or private data and you are good.
• Stuff I learned while writing a CTF - alexmcgeorge.wordpress.com
  This blog entry talks about some of the lessons I learned running the WebHacking class for Infiltrate 2012 which included a WarGame/CTF style hootenanny on the final day.
• Ncrack presentation   - sock-raw.org
  Just letting people know, I uploaded the slides from my AthCon presentation on Network Exploitation with Ncrack. I will probably get my hands on the video material from the conference soon.

Vendor/Software Patches

• Oracle Updates
• Fundamental Oracle flaw revealed  - infoworld.com
  Over the past two months, InfoWorld has been researching a flaw in Oracle’s flagship database software that could have serious repercussions for Oracle database customers, potentially compromising the security and stability of Oracle database systems.
• Oracle Critical Patch Update Advisory – January 2012 - oracle.com
  A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory.

Vulnerabilities

• Security Email - blogs.zappos.com
  The most important focus for us right now is the safety and security of our customer’s information.  Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts.
• A free Windows Vulnerability for the NSA – blog.ioactive.com
  Some months ago at Black Hat USA 2011 I presented this interesting issue in the workshop “Easy and Quick Vulnerability Hunting in Windows,” and now I’m sharing it with all people a more detailed explanation in this blog post.
• Excuse me, your clouds are leaking – intrepidusgroup.com
  I recently started playing around with Gliffy, a nice online diagramming tool that has become quite popular.  Gliffy makes sharing your diagrams with the world easy.

Other News

• Offensive Research Continuing to Advance – threatpost.com
  “The ability to make a difference in the real world against dedicated offensive teams is a rare thing,” Dave Aitel, CEO of Immunity, which put on Infiltrate, said during the conference. “This stuff can change quickly.”
• A technical examination of SOPA and PROTECT IP – blog.reddit.com
  As you have probably heard, there are two pieces of legislation currently pending that we, and others like us, believe seriously threaten the internet. I wanted to take some time to delve into the text of both of these bills, and outline their potential consequences as I am able to understand them.
• Man charged with stealing NY Fed Reserve Bank source code - news.cnet.com
  Authorities arrested a computer programmer today and charged him with stealing source code worth $9.5 million from the Federal Reserve Bank of New York.

Here are information security events in North America this month:   DoD Cybercrime Conference 2012: January 20 to January 27 in Atlanta       ShmooCon USA : January 27 to Januaryin Washington, DC       And here are the information security events in the other parts of the world: BSides Vienna: January 21 [...]

Resources How Modern Cars Can Be Cracked – autosec.org SOURCE Barcelona Resources from September 2011 – sourceconference.com Links, articles, and media from the event. OSCP-My Review – proactivedefender.blogspot.com The OSCP certification is an offensive security course which teaches the attacking side of Information Security and is largely aimed at those wanting to become penetration testers. [...]

Events Related Highlights from the 28th Chaos Communications Congress – advocacy.globalvoicesonlne.org The Chaos Communications Congress is the annual meetup of Germany’s Chaos Computer Club, one of the oldest hacker collectives in the world. It takes place in Berlin every year at the height of the holiday season between Christmas and New Year’s Eve, a time [...]

Events Related Chaos Communications Congress Debriefing(s) …dedicated to information about the conferences and events of the CCC. Being our most important event, the annual Chaos Communication Congress is usually the main focus. But we provide announcements and background information for other CCC events as well – be it regional or international. Crypto talk at 28C3: [...]

Resources OWASP Risk Assessment Calculator – paradoslabs.nl Congress Authorizes Offensive Use of Cyberwarfare – fas.org Historic document via Federation of American Scientists “… Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to–” Tools [...]

Events Related RuxCon Presentation Materials Archive – ruxcon.org.au BlackHat Abu Dhabi 2011 – tmacuk.co.uk I am going to keep this short, but I met a lot of new people, a lot of people I had spoken to over the phone but never seen face to face and people that I knew over Twitter. This, in [...]

Events Related PacSec 2011 Presented Material – pacsec.jp English/Japanese versions of PacSec 2011 Tokyo event last month. @OWASP Tokyo Webservices: Attack, defenses, and hardening – twitter.com Archives for ClubHack 2011 Videos – clubhack.tv MalCon 2011 YouTube Channel – youtube.com Resources Opensecuritytraining.info Welcome Message – opensecuritytraining.info New open source, creative commons powered teaching portal on computer [...]

Events Related OWASP ATL Presentation – intrepidusgroup.com I recently gave a presentation at OWASP ATL on the OWASP Mobile Top 10 and how to assess mobile applications. This was a light weight discussion of the OWASP Mobile Top 10 and some topical and technical concerns related to securing mobile applications. OWASP Benelux Days 2011 – [...]

Here are information security events in North America this month: BayThreat 2011: December 9 to December 11 in Mountain View SANS Cyber Defense Initiative 2011: December 9 to December 16 in Washington, DC   And here are the information security events in the other parts of the world: BeneLux OWASP Day 2011: December 1 to [...]