- HITB eZine ‘Reloaded’ – Issue #001 – security-database.com
Hack in the Box releases free ezine pdf.
- Threat Classification References Mapping Proposal – webappsec.pbworks.com
A table for classifying security threats
- An excellent improvement to Adobe Reader security – msmvps.com
- Mapping between OWASP Top 10 (2004, 2007), WASC 24+2 and SANS CWE/25 – denimgroup.posterous.com
A table mapping and comparing vulnerabilities.
- Web Security: Are You Part of the Problem? – smashingmagazine.com
A primer on web security, the different attacks common on the net and how to defend against them.
- BackTrack security live CD final release
Backtrack gets an update.
- Kismet 2010 01 R1 – packetstormsecurity.org
Kismet is an 802.11 layer 2 wireless network sniffer.
- Webcruiser – web vulnerability scanner v1.00 released – security-database.com
A very simple to use Web Security scanner
- Browser Fuzzer 3 – packetstormsecurity.org
- Gone in 60 seconds – pauldotcom.com
Active Directories need better permission controlsto safeguard accounts.
- CSS History Knocker – samy.pl
A CSS history hack to check the sites you’ve visited. Don’t worry, it’s safe.
- Top Ten Web Hacking Techniques of 2009 (Official) – jeremiahgrossman.blogspot.com
A ranked list of the best exploits of last year.
- A checklist approach to security code reviews, part 4 – securityninja.co.uk
This installment covers secure communications and error handling.
- Reproducing the “Aurora” IE Exploit – metasploit.com
A port of the exploit into Metasploit provides an intriguing exercise.
- Firm to Release Database & Web Server 0days – krebsonsecurity.com
A Russian research firm is set to release information on security holes in Zeus, Sun web servers, MySQL, DB2 and more.
- Hidden admin access on D-Link routers – h-online.com
Some D-Link routers allow the “GetDeviceSettings” SOAP action to be executed without authentication.
- Internet Explorer Zero Day and Operation Aurora
Some news on the vulnerability in Internet Explorer that broke Google’s security
- Operation “Aurora” Hit Google, Others – mcafee.com
- New IE hole exploited in attacks on US firms – snet.com
- More Details on “Operation Aurora” – avertlabs.com
- Google Hack Attack was Ultra Sophisticated, New Details Show – wired.com
- “Aurora” Exploit in Google Attack Now Public – mcafee.com
- Assessing risk of IE 0day vulnerability – technet.com
- Operation Aurora – Enabling DEP in IE – djtechnocrat.blogspot.com
- Pidgin update addresses emoticon vulnerability – h-online.com
The developers of this IM app have patched a flaw demostrated during the last 26C3.
- Oracle patches released – isc.sans.org
This release covers Oracle Application Server and Oracle WebLogic Server, among others.
- Font vulnerability patched
Vulnerability in OpenType Font Engine could allow for remote code execution.
- Security update released for Adobe Reader and Acrobat – adobe.com
The update addresses critical security issues in Reader and Acrobat.
- Sun Java JRE 6 Update 18 Released – isc.sans.org
385 bugs are fixed in this release.
- The FBI Wants To Know About Your IT Skills – slashdot.org
If you are part of InfraGard, the FBI is looking to know more about your computer skills.
- Security Flaw Makes It Easy To Bypass Verizon Droid Screen Lock – techcrunch.com
It’s as easy a hitting the Back button when receiving a call.
- Android app steals bank login details – h-online.com
An infected app in the Android Market steals bank login details on phones it is on.
- Should users worry about new cellular hack? – sfgate.com
How will the recent breach in GSM security affect regular cellphone subscribers?
- Twitter hackers take down Baidu – slashdot.org
The Iranian Cyber Army strikes again, downing China’s number one search engine.
- Google leaving China behind
A bundle of news related to Google’s relation with China
- Google hackers targeted source code of more than 30 companies – wired.com
- Google.cn attack part of a broad spying effort – slashdot.org
- Keeping your data safe – googleenterprise.blogspot.com
- A new approach to China – googleblog.blogspot.com
- Kasumi A5/3 algorithm cracked
A related-key attack cracks open the A5/3 security used in 3G networks.
- Adobe confirms ‘sophisticated, coordinated’ breach – zdnet.com
Adobe said its corporate network systems were breached by hackers.
- The Girl who Conned the Ivy League – rollingstone.com
How a high school dropout created the ultimate fake ID.
- L.A. Law Firm Reports Cyber Attack from China – laweekly.com
A law firm representing a company suing China gets an attack originating from that country.
- Airport access IDs hacked in Germany – slashdot.org
The cloned card allows unrestricted access in airports.