- Security Acts Magazine Issue 1 Released – security-database.com
An ad-supported, free online magazine targeting IT security professionals
- SHODAN makes searching weak servers and sites easier, also available as a Firefox extension
Ethical considerations aside, this free service makes for an easy testing tool for finding vulnerable targets.
- SHODAN search engine – shodan.surtri.com
- You’ve been SHODAN’d – praetorianprefect.com
- (Updated) SHODAN – Computer Search Engine Released – security-database.com
- Metaspoit 3.3 Released! Exploitation Framework – darknet.org.uk
A new version of Metaspoit brings more modules, fewer bugs and more.
- Nmap 5.10 beta 1 Released – security-database.com
Nmap is a free open source utility for network exploration or security auditing.
- Why You Need Echo Mirage – pauldotcom.com
A look at obfuscation and Echo Mirage
- Graudit v1.4 Released – security-database.com
Graudit is a simple script and signature set that allows you to find potential security flaws in source code using the GNU utility grep.
- Websecurify v0.4 Released – security-database.com
An update to this security testing framework includes a better UI, rewritten task engine, among others
- IGhashGPU – Cracking Oracle Passwords with 790 Million Passwords/second – red-database-security.com
Ivan Golubev’s super fast password cracker gets an update, includes Oracle 11g hases.
- Racket 1.0.6 Released – spoofed.org
Racket is a Ruby Gem used for reading, writing and handling raw packets in an intuitive manner.
- Man-in-the-Middle Attacks against the chipTAM comfort Online Banking System – blogs.23.nu/RedTeam
- English Paper about Man-in-the-Middle Attacks against chipTAN Online – blogs.23.nu/RedTeam
Information about the attacks developed against chipTAN comfort.
- Analysis of 10k Hotmail Passwords Part 5: Markov Model Showdown – reusablesec.blogspot.com
Incremental and markov modes applied on a password data set
- Attacking MSSQL with Metasploit – darkoperator.com
Some analysis on how to extract info from a Microsoft SQL Server using the popular tool.
- Injection attacks, it’s not just SQL! – securityninja.co.uk
A look into XPath injection and how it is used with XML files.
- RSS09:Web Application Firewall Bypasses and PHP Exploits – suspekt.org
- Shocking News in PHP Exploitation – suspekt.org
A quick summary on unserializing Zend Framework input can lead to remote PHP code execution
- [V13P] Target analyser – portswigger.net
A guide to using Burp’s web application analysis function.
- Creating Ghost Services with Single Packet Authorization – cipherdyne.org
An illustration regarding using spaclient to access sshd.
- Climategate hack used open proxies – erratasec.blogspot.com
The hacker used an open proxy to hide his origin but might give clue to his/her identity.
- IE vulnerability revealed
A hacker posted an attack code to the Bugtraq mailing list last Friday that could break into a PC running older versions of Microsoft’s Internet Explorer browser.
- Sexy girl pics used in Facebook clickjacking scam
Facebook worm uses a cross-site request forgery attack to spread via the victim’s wall posting.
- New Facebook worm uses sexy model to get guys to click da’ button – techtarget.com
- Facebookers hit with steamy clickjacking exploit. – theregister.co.uk
- Metasploit releases IE attack, but it’s unreliable – networkworld.com
The code exploits an Internet Explorer bug that was disclosed last Friday as a proof-of-concept attack.
- Symantec Online Store Hacked – softpedia.com
A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec.
- Man Pleads Guilty to Selling Fake Chips to US Navy – itworld.com
Felahy, who owns a microchip brokerage company, pleaded guilty to conspiracy and conterfeit-goods traficking.
- US Air Force Buying Another 2,200 PS3s – slashdot.org
The purchase will go to a network cluster for radar processing, video processing and neuromorphic computing.
- 24 of Top 100 HTTPS Sites Now Safe From TLS Renegotiation Attacks – djtechnocrat.blogspot.com
Several banks and commerce companies are still vulnerable to man-in-the-middle attacks though.
- Microsoft Releases Password Attack Data, Captured from FTP Honeypot – djtechnocrat.blogspot.com
The data is part of a project to monitor attacks that everyday users might encounter on a regular basis.