- CanSecWest Registration – cansecwest.com
Official site for the CanSecWest registration
- Hacking at Random event comments
A look at the happenings of this hacker’s summer camp over at the Netherlands.
- Hacking at Random: more bandwidth, more far-sightedness, more future – h-online.com
- Hacking at Random – hackaday.com
- Defcon Roundup Part II – reusablesec.blogspot.com
Some reflections on this well-regarded security event.
- Security BSides Las Vegas 2009 Audio – uncommonsensesecurity.com
A commentary on the BSide meets at Las Vegas
- Websecurify v0.3RC1 – code.google.com/p/websecurify/
Websecurify Security Testing Runtime identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies.
- AppPrint (Beta) Web, Application Server and Web 2.0 Fingerprinting tool – blueinfy.com
It scans port 80 for a particular target and tries to deduce the banner using httprint methodology.
- Metasploit Gets Wyse [Exploits] & Two New Beta Modules – djtechnocrat.blogspot.com
HD Moore merged the first exploit of many for Wyse thin clients, written by KF, into Metasploit SVN.
- Common Insecure Cookie Attacks: Session Attacks – cenzic.com
- Common Insecure Cookie Attacks: Cross-Site Request Forgery – cenzic.com
Insecure cookie validation can lead to session attacks such as privilege escalation, session hijacking, etc.
- Session Hijacking Video Demonstration from Imperva – imperva.com
Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs.
- Tunneling IP traffic over ICMP – hackaday.com
IP traffic can be piped through an ICMP tunnel, disguising all your surfing as simple ping packets.
- USB Multipass – revision3.com/hak5
On his episode we build a USB Multipass complete with customized boot menu ready to launch any of favorite tools.
- JRun Management Console Directory Traversal vulnerability. – milw0rm.com
Using Management Console authenticated attacker can read any file on server.
- Critical vulnerability in Pidgin IM – h-online.com
The cause of the problem is a bug in the libpurple library which allows code to be written to memory and executed using crafted MSN-SLP packets.
- Microsoft WINS vulnerability under attack – zdnet.com
The attacks are hitting Microsoft Windows users who have not yet applied the MS09-039 update.
- Using Cain to sniff RDP/Remote Desktop/Terminal Server traffic via “Man in the Middle” – irongeek.com
In this video I’ll be showing how Cain can pull off a “Man in the Middle” attack against the Remote Desktop Protocol.
- Linux kernel vulnerability fixes – Update 3 – h-online.com
Linux developers have released kernel versions which fix a critical vulnerability revealed last week.
- Security Patch Catchup: Java, Safari & OS X – washingtonpost.com
A patch roundup for a few popular software
- Security Update: Hotfixes available for ColdFusion and JRun – adobe.com
These vulnerabilities could lead to the potential compromise of user accounts or the affected system.
- VMWare updates
A few updates to the VMWare workstation, placer and ACE
- Thunderbird 220.127.116.11 fixes SSL vulnerability – h-online.com
Moxie Marlinspike and Dan Kaminsky revealed details of the vulnerability in their Black Hat presentations.
- Hackers indicted for hacking into TJ Maxx, others
Three hackers have been indicted by a federal grand jury in New Jersey on charges of hacking into Heartland Payment Systems and Hannaford Brothers.
- TJX Hacker Charged With Heartland, Hannaford Breaches – wired.com
- Alleged International Hacker Indicted for Massive Attack on US Retail and Banking Networks – djtechnocrat.blogspot.com
- Three men indicted in largest U.S. data breach – cnet.com
- BSA Softens Anti-Piracy Message – wired.com
The Business Software Alliance has a new anti-piracy video that uses humor instead of scare tactics.
- Website VA Vendor Comparison Chart – jeremiahgrossman.blogspot.com
A chart listing the notable SaaS/Cloud/OnDemand/Product vendors and how some of their key features compare.
- Q2 Threats Report Released–It’s All About Botnets and Spam – avertlabs.com
The report confirmed our first-quarter prediction that the surge in botnet growth would send spam levels to new heights.
- Radisson Hotels report significant data breach – zdnet.com
Radisson said the hotel chain’s computer system was hacked and customer credit and debit card numbers were stolen.
- Find Evan Ratliff Win $5000 – ha.ckers.org
He’s a reporter that wants to be found.
- Botmaster: It’s All About Infecting, Selling Big Batches of Bots – darkreading.com
Undercover Cisco researcher told the going rate for a single bot is 10- to 25 cents.