- WASC Threat Classification to OWASP Top Ten RC1 Mapping – jeremiahgrossman.blogspot.com
A table of the OWASP Top 10 in relation to the WASC list.
- Wireshark Network Analyzer Mind Map – mindcert.com
A mind map for Wireshark
- OWASP O2 Platform – owasp.org
O2 is a collection of open source modules to help webapp security professionals.
- SiteDigger v3.0 Released 12/01/2009 – layeredsec.com
SiteDigger searches Google’s cache for vulns, security issues in websites.
- 2009-exploits – packetstormsecurity.org
An archive of exploits added to Packet Storm last year.
- Thoughts about Open Source Community in RE – ragestorm.net
A few words about the diStorm disassembler and the community
- CUDAdbCracker – Cracking Using CUDA – security-database.com
This tool is a salted SHA-1 cracker using CUDA enabled videocards.
- fimap – Remote & Local File Inclusion (RFI/LFI) Scanner – darknet.org.uk
A small python tool for finding and auditing file inclusion bugs in webapps
- WatiN v2.0 RC 1 – Web Application Testing in .NET – security-database.com
The testing automation tool for webapps is updated with a new release candidate.
- WAFP v0.01 – Web Application Finger Printer – security-database.com
WAFP fetches files and checks their checksums vs. a Finger Prints checksum.
- fspy – v0.1.1 – Linux Filesystem Activity Monitoring Tool – security-database.com
This is a fast, small activity monitoring tool for Linux filesystems.
- sslciphercheck v1.2.0 – woany.co.uk
An update that includes support for standard GET HTTP requests, among others.
- mssqlfp – code.google.com
A tool for version fingerprinting of Microsoft SQL Servers
- OpenSCAP v0.5.6 Released – security-database.com
The SCAP framework tool is updated with a new checking mechanism, among others.
- Burp Suite v1.3 released – portswigger.net
A new release of Burp features a new message editor, AMF-encoding support, among others.
- Web scanning comes to the Cloud – rootshell.be
iiScan is a new online and free vulnerability scanner for websites.
- iPhone Wardriving Just Got Better – synjunkie.blogspot.com
A review of WiFi-Where
- Hiding password hashes and a new sha1 Oracle password cracker – petefinnigan.com
A few thoughts and links about securing passwords and breaking them.
- MySQL exploit demo – intevydis.com
A Flash movie on a Vulndisco exploit
- Sun Web Server 7 exploit demo – intevydis.com
Another Flash movie, this time featuring heap overflow
- Off Topic: Creating Metasploit Exploit Modules Step By Step (Tutorial!) – sans.org
A screencast on how to go about turning a exploit into a Metasploit module.
- A checklist approach to security code reviews, part 3 – securityninja.co.uk
The ninja continues his series by discussing secure storage and secure development.
- PDF file loader to extract and analyse shellcode – hexblog.com
An explanation on how to write a file loader in IDC and Python to extract shell code from malicious PDFs.
- NAT Pinning and ABE – hackademix.net
Some feedback on NAT pinning and prevention of attacks using this.
- SiteMinder Single Sign-On / Security Risks – cktricky.blogspot.com
A critique on insecure single sign-on implementations and using SiteMinder.
- Glastopf – Web Application Honeypot – ethicalhack3r.co.uk
How to use Glastopf to attract vulns via emulation
- NIST-certified USB flash drives cracked wide open
A security firm has cracked the encryption used for transfering sensitive US government data.
- Flash drive manufacturers warn: Hackers can decrypt ‘secure’ USB sticks – sophos.com
- Secure USB Flaw Exposed – darkreading.com
- Decrypting USB flash drives is easy – erratasec.blogspot.com
- Researcher Rates Mac OS X Vulnerability ‘High’ – darkreading.com
The vulnerability is a potential buffer overflow error arising from the use of the strtod function in Mac OS X’s underlying Unix code.
- D-Link Routers: One Hack to Own Them All – sourcesec.com
A flaw in D-Link’s CAPTCHA can prove to be a backdoor into the admin settings interface.
- Obama cyber czar choice worries about smartphones social networking – sfgate.com
Some of the thoughts of Howard Schmidt, the new cyber czar, on cybersecurity in the US.
- 2009 Annual Report – pandasecurity.com
A year-in-review report for malware by Panda Labs.
- Adobe Reader, Acrobat, Flash Player updater coming – sunbeltblog.blogspot.com
A comment on the popularity of Adobe with malware makers and how the company is fighting against it.
- Samy worm writer publishes proof-of-concept location hack
With the use of XSS, an attacker can plug your MAC address and find out your location via Google.
- Hack Pinpoints Victim’s Physical Location – darkreading.com
- Hacker pilfers browser GPS location via router attack – theregister.co.uk
- Samy’s twitter – twitter.com
Samy Kamkar, Samy worm author and creator of the above attack, is now on Twitter.
- Research Consolidation: Gartner Acquires Burton Group For $56M In Cash – techcrunch.com
An IT professional consultancy company is acquired by Gartner.