Tools: Metasploit inside a word file – ithaven.blogspot.com Vulnerabilities: FFSpy – Firefox Malware PoC Debian OpenSSH 4.7 encryption flawed Flaw in encryption armor discovered – cnet.com Chink in encryption armor discovered – zdnet.com ntpd autokey stack buffer overflow – cert.org Other News: Adobe patch Tuesday approach Adobe Adopts Microsoft’s Patch Tuesday Approach – washingtonpost.com Adobe [...]

Tools: nmap 4.85BETA9 – nmap.org Vulnerabilities: IIS 6.0 webdav authentication bypass Microsoft Security Advisory 971492 – microsoft.com Bypassing Remote WebDav Auth IIS 6.0 – g0thacked.wordpress.com Other News: Secret questions are too easily guessed Are Your "Secret Questions" Too Easily Answered? – technologyreview.com Study Shows "Secret Questions" Are Too Easily Guessed – slashdot.org Gumblar malware Gumblar [...]

Tools: PSHToolkit offset fix for use on Windows XP SP3+latest patches – hexale.blogspot.com TrueCrypt 6.2 – truecrypt.org Moth – VMware image with various vulnerable applications – bonsai-sec.com Other News: UC Berkeley computers hacked – 97,000 SSNs and other info stolen – cnet.com Explosion of BlackBerry trading in Nigeria – darknet.org.uk

Tools: Dranzer ActiveX Fuzzer Watcher – Passive web security analysis tool (fiddler plugin) Pangolin – Very nice SQL injection tool Network Monitor 3.3 – Microsoft’s wireshark equivalent CAIN 4.9.30 – Now with SSL MITM support Vulnerabilities: Oracle TNS listener 10.2.0.3 and 11.1.0 Other News: F-Secure malware course – noppa.tkk.fi Hijacking US military satellites for communication [...]

Here are the information security events in North America this month: ChicagoCon 2009 – May 8-9 in Chicago CSI CX – May 17-21 in Nevada IEEE Security and Privacy Symposium – May 17-20 in California Web 2.0 Security and Privacy 2009 – May 21 in California LayerOne 2009 – May 23-24 in California Techno Security [...]