- New tool deCOFEEnates Windows systems – h-online.com
Hackers have released Decaf, a tool which hinders the work of Microsoft’s Computer Online Forensic Evidence Extractor.
- Meterpreter Pivoting, Web Scanning, Wireless, and More! – metasploit.com
Meterpreter now spawns a background thread for each request and added support for a standards-compliant XMLRPC server, among other updates.
- Sqlmap State of Art – 3 years Later – bernardodamele.blogspot.com
Musings on the most downloaded SQL injection tool on SourceForge
- Scapy Version 2.1.0 Available – security-database.com
A new update on this multi-purpose packet manipulation tool
- Ninja V0.1.3 – Privilege Escalation, Detection and Prevention – security-database.com
A tool for monitoring process activity on the local host and keeping track of all processes running as root gets updated.
- Groundspeed compared to Firebug and the Web Developer extension – groundspeed.wobot.org
Groundspeed is compared to the much broader scoped Firebug and the Web Developer extension.
- Metasploit Adds Module for New Adobe 0-Day Vulnerability – djtechnocrat.blogspot.com
- Lynis Version 1.2.9 Just Released – security-database.com
This Linux auditing tool now includes Squid 3 support, additional sysctl keys, among others
- SpotTheVuln – spotthevuln.com
An effective online blog for helping web developer stop, fix and prevent security problems in their code.
- CAT The Manual Web Application Penetration Testing Application Released – security-database.com
This tool was designed to cope with a more demanding level of application testing by taking away some of the more repetitive tasks of testing.
- XSS Cross-site Scripting Resource – imperva.com
Imperva releases a glossary resource with a description of XSS along with original presentations, podcasts, educational videos, Webcasts, and more.
- Testing for SSL renegotiation – ivanristic.com
How to using the s_client tool for SSL connection renegotiation.
- Meterpreter Tunneling And VNC Revamped – room362.com
- Testing your susceptibility to phishing attacks – Are your technical controls helping? – hexesec.wordpress.com
A comprehensive attack methodology to provide a repeatable way to test a client’s susceptibility to phishing attacks.
- File Upload, Anti-Virus, UPX Packer, Mubix’s article and a partridge in a pear tree. – cktricky.blogspot.com
Proof on why file upload without extension or file type checking can be dangerous and if an antivirus can stop such an attack.
- Why your Metasploit PSEXEC exploit might be failing – pauldotcom.com
It may be your UAC (User Access Control) preventing your tools from working.
- A checklist approach to security code reviews, part 2 – securityninja.com.uk
This list covers the items for Authentication and Authorisation secure development.
- SSL Man-in-the-Middle PoC to come – blogs.23.nu/RedTeam
Red Team to release a SSL/TLS authentication man-in-the-middle attack
- RockYou Hack: From Bad To Worse – techcrunch.com
RockYou suffered a data breach that resulted in the exposure of over 32 Million user accounts with all account data in plain text
- RockYou Hacker: 30% of Sites Store Plain Text Passwords – readwriteweb.com
Hacker reveals more info about site security holes and warns companies to take better care of customer’s data.
- News on the Zero-day Adobe Attack
- Adobe Warns of Reader, Acrobat Attack – slashdot.org
- Adobe to patch zero-day Reader, Acrobat hole – cnet.com
- Adobe Acrobat 0-Day Analysis – f-secure.com
- F-secure discusses the new Adobe exploit, how it spreads and how to stop it.
- New Zero day Adobe Acrobat Reader vulnerability analysis – Part 1 – zscaler.com
- New Zero day Adobe Acrobat Reader vulnerability analysis – Part 2 – zscaler.com
An in-depth analysis of the new Reader security hole
- Iraq hacking US Predator Drones and Twitter
Hackers exploit an unprotected communications link in US drones.
- Iraq insurgents hack into video feeds from US drones– bbc.co.uk
- Drone hacking – makezine.com
- Twitter hacked by Iranian Cyber Army
Twitter’s DNS records were temporarily compromised by militant Iranians
- McAfee Labs Report on VoIP Vulnerabilities – trustedsource.org
McAfee provides a general and technical overview to the threats against VoIP and how to protect and remediate against them
- Attack Of The RAM Scrapers – darkreading.com
Insight on RAM scraping in POS devices and prevention techniques
- Firefox 3.5.6 patches critical security holes – cnet.com
Mozilla has updated its Firefox browser to patch three critical security holes.
- Wireshark 1.2.5 Released – wireshark.org
This update includes security fixes and updated protocol support.
- Building a Global Cyber Police Force – slashdot.org
Security vendors and several countries consider creating global police force to investigate and arrest suspected hackers.
- Cybersecurity Czar Job Is Useless, Says Spafford – slashdot.org
The position is a blame-taking position with not much authority, according to Purdue professor Gene Spafford.
- Old Saint NIST: Ho Ho Hold on, what’s this? – novainfosecportal.com
A slew of new NIST documents are being released between now and April that describe how to satisfy FISMA.
- Project Honey Pot Traps Billionth Spam – slashdot.org
Project Honey Pot releases a full rundown of statistics on the last five years of spam to commemorate the event.
- Industrialized Hacking Heads Top Five Data Security Trends For 2010 – imperva.com
Imperva predicts five key security trends for 2010.
- Autonomous Intelligent Botnets Bouncing Back – slashdot.org
Compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world each day of this year.