- SecurityPodcasts Boxee App – ethicalhack3r.co.uk
How to add this podcast series to your Boxee media center.
- Flash Cookie Remover 0.9 Beta Released – misec.net
Just like what the title says, it removes Flash cookies as well as all info related to them.
- Nmap 5.20 Released – layeredsec.com
The new version includes new scripting engine scripts, a completely rewritten traceroute engine, among others.
- John the Ripper updated to v188.8.131.52 – openwall.com
This password cracker has updates for better performance, increased buffer sizes, among others.
- Automating Audit Tests with Eventtriggers.exe (20 Critical Control Scripting Tip) – sans.org
One way to assist with the automation of any given assessment is to script your assessments and automate the scripts you write.
- Quickpost: PDF Header %!PS-Adobe-N.n PDF-M.m – didierstevens.com
A curious PDF header is spotted which might be exploited by malware authors.
- Juniper Kernel Crash – scapy Code – praetorianprefect.com
The exploit code for a Juniper kernel flaw is released and tested with scapy.
- Using curl to retrieve malicious websites – isc.sans.org
An explanation why using this command-line tool is better than wget when downloading potentially-malicious sites.
- Hostmap-shared/virtual host enumeration – securityaegis.com
A look into how Hostmap can help you check virtual hosts.
- Oracle TNS Listener AUTH_SESSKEY Buffer Overflow – metasploit.com
A Metasploit plugin based on CVE-2009-1979 vulnerability.
- Analysis of 10k Hotmail passwords Part 6: Markov Model Showdown 2 – The Rematch – reusablesec.blogspot.com
A revised look into the analysis of previous blog posts.
- Microsoft investigating bug in Windows which affects Windows NT 3.1 to Windows 7
A zero day vulnerability has been found that affects all Windows versions from NT3.1 to 7 and affects support for 16-bit applications.
- More news on Operation Aurora
- Operation Aurora, and a brief video apology from me – sophos.com
- Hex-Rays against Aurora – hexblog.com
A brief look at using IDA Pro to analyse the new threat.
- Widespread attacks exploit newly patched IE Bug – itworld.com
- Reports of DEP being bypassed – technet.com
- ‘Aurora’ Exploit Retooled To Bypass Internet Explorer’s DEP Security – darkreading.com
- Operation Aurora Attacks – verizonbusiness.com
A commentary on the recent IE vulnerability from Verizon’s security blog.
- cPanel HTTP Response Splitting Vulnerability – rec-sec.com
A couple of security flaws in the website control panel software are revealed.
- Microsoft quickly turning around a fix for Aurora bug
Looks like the the company is picking up the pace to fix the Aurora problem.
- Apple also in the patching games, releases a fix for 12 serious flaws
The first security update for the year for Mac OS X addresses Flash, OpenSSL and a host of other issues.
- Critical patches emerge for Mac OS X security holes – sophos.com
- Apple patches 12 Serious Mac OS X flaws – threatpost.com
- Security Patch for BIND 9.6.1 Released – isc.sans.org
The security patch addresses two cache poisoning vulnerabilities allowing a nameserver to cache unauthenticated data.
- Would you have spotted the fraud? – krebsonsecurity.com
ATM skimmers are getting rampant these days that you need to be prepared and know how to spot them.
- Clickjacking problem in browsers persists – h-online.com
A demo exploit was released that fools users into adding a Facebook app in their account.
- Defensio news
Websense releases a new product that allows Facebook users to better police the comments on their fan pages and wall.
- Introducing Defensio 2.0 – defensio.com
- New software for Facebook pointed at hackers and spammers – marketingpilgrim.com
- This EMP Cannon Stops Cars Almost Instantly – gizmodo.com
We may be seeing a new law enforcement tool for stopping road rage and fleeing suspects in the horizon.
- 80% of .gov websites miss DNSSEC deadline – slashdot.org
- A large number of government websites fail to implement the new security guidelines for their sites.