Events Related:
- CanSecWest Registration – cansecwest.com
Official site for the CanSecWest registration - Hacking at Random event comments
A look at the happenings of this hacker’s summer camp over at the Netherlands.- Hacking at Random: more bandwidth, more far-sightedness, more future – h-online.com
- Hacking at Random – hackaday.com
- Defcon Roundup Part II – reusablesec.blogspot.com
Some reflections on this well-regarded security event. - Security BSides Las Vegas 2009 Audio – uncommonsensesecurity.com
A commentary on the BSide meets at Las Vegas
Tools:
- Websecurify v0.3RC1 – code.google.com/p/websecurify/
Websecurify Security Testing Runtime identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. - AppPrint (Beta) Web, Application Server and Web 2.0 Fingerprinting tool – blueinfy.com
It scans port 80 for a particular target and tries to deduce the banner using httprint methodology. - Metasploit Gets Wyse [Exploits] & Two New Beta Modules – djtechnocrat.blogspot.com
HD Moore merged the first exploit of many for Wyse thin clients, written by KF, into Metasploit SVN.
Techniques:
- Common Insecure Cookie Attacks: Session Attacks – cenzic.com
- Common Insecure Cookie Attacks: Cross-Site Request Forgery – cenzic.com
Insecure cookie validation can lead to session attacks such as privilege escalation, session hijacking, etc. - Session Hijacking Video Demonstration from Imperva – imperva.com
Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs. - Tunneling IP traffic over ICMP – hackaday.com
IP traffic can be piped through an ICMP tunnel, disguising all your surfing as simple ping packets. - USB Multipass – revision3.com/hak5
On his episode we build a USB Multipass complete with customized boot menu ready to launch any of favorite tools.
Vulnerabilities:
- JRun Management Console Directory Traversal vulnerability. – milw0rm.com
Using Management Console authenticated attacker can read any file on server. - Critical vulnerability in Pidgin IM – h-online.com
The cause of the problem is a bug in the libpurple library which allows code to be written to memory and executed using crafted MSN-SLP packets. - Microsoft WINS vulnerability under attack – zdnet.com
The attacks are hitting Microsoft Windows users who have not yet applied the MS09-039 update. - Using Cain to sniff RDP/Remote Desktop/Terminal Server traffic via “Man in the Middle” – irongeek.com
In this video I’ll be showing how Cain can pull off a “Man in the Middle” attack against the Remote Desktop Protocol.
Vendor/Software Patches:
- Linux kernel vulnerability fixes – Update 3 – h-online.com
Linux developers have released kernel versions which fix a critical vulnerability revealed last week. - Security Patch Catchup: Java, Safari & OS X – washingtonpost.com
A patch roundup for a few popular software - Security Update: Hotfixes available for ColdFusion and JRun – adobe.com
These vulnerabilities could lead to the potential compromise of user accounts or the affected system. - VMWare updates
A few updates to the VMWare workstation, placer and ACE- VMware Security Announcement – vmware.com
- VMware Workstation 6.5.3 Release Notes – vmware.com
- Thunderbird 2.0.0.23 fixes SSL vulnerability – h-online.com
Moxie Marlinspike and Dan Kaminsky revealed details of the vulnerability in their Black Hat presentations.
Other News:
- Hackers indicted for hacking into TJ Maxx, others
Three hackers have been indicted by a federal grand jury in New Jersey on charges of hacking into Heartland Payment Systems and Hannaford Brothers.- TJX Hacker Charged With Heartland, Hannaford Breaches – wired.com
- Alleged International Hacker Indicted for Massive Attack on US Retail and Banking Networks – djtechnocrat.blogspot.com
- Three men indicted in largest U.S. data breach – cnet.com
- BSA Softens Anti-Piracy Message – wired.com
The Business Software Alliance has a new anti-piracy video that uses humor instead of scare tactics. - Website VA Vendor Comparison Chart – jeremiahgrossman.blogspot.com
A chart listing the notable SaaS/Cloud/OnDemand/Product vendors and how some of their key features compare. - Q2 Threats Report Released–It’s All About Botnets and Spam – avertlabs.com
The report confirmed our first-quarter prediction that the surge in botnet growth would send spam levels to new heights. - Radisson Hotels report significant data breach – zdnet.com
Radisson said the hotel chain’s computer system was hacked and customer credit and debit card numbers were stolen. - Find Evan Ratliff Win $5000 – ha.ckers.org
He’s a reporter that wants to be found. - Botmaster: It’s All About Infecting, Selling Big Batches of Bots – darkreading.com
Undercover Cisco researcher told the going rate for a single bot is 10- to 25 cents.
No comments yet.