- A Conference By Any Other Name… – windowsir.blogspot.com
A few comments on DoD CyberCrime 2010 and Black Hat DC
- Get FREE copies of Hakin9 Magazines — PDF Download – professionalsecuritytesters.org
All that is required to access the downloads is to join their mailing list.
- (IN)Security Issue 24 is Now Available – infosecramblings.com
This issue includes AES and 3DES comparison analysis, virtualized browsing shields against web-based attacks and more.
- Nikto 2.1.1 available! – cirt.net
Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items
- Groundspeed Official Site – groundspeed.wobot.org
The official site of this open source Firefox add-on for security testers.
- netsniff-ng – code.google.com/p/netsniff-ng/
Basically, it is similar to tcpdump, but it doesn’t need syscalls for fetching packets.
- NMAP 5.21 – Is UDP Protocol Specific Scanning Important? Why Should I Care? – isc.sans.org
With protocol awareness, a scan of the UDP DNS port for instance (udp/53), might be an actual DNS request.
- Local File Inclusion with Magic_quotes_gpc enabled – notsosecure.com
Penetration using magic_quote_gpc and PHP
- Scanning JBoss AS for open Invokers – blogs.23.nu/RedTeam
Apparently, the guys at Acunetix were tired of examining their JBoss Application Servers manually for vulnerabilities.
- cmd.dll – didierstevens.com
Take a command interpreter and transform it from an EXE into a DLL.
- Oracle 11g Exploit Published
David Litchfield exposed in Black Hat DC earlier this week a serious-yet-unpatched flaw in Oracle 11g databases.
- Oracle 11g 0day exploit published – red-database-security.com
- Oracle Blackhat video removed from Website - red-database-security.com
- David Lichtfield in the Oracle cross-hairs (again…) – slaviks-blog.com
- Exploiting the Samba Symlink Traversal – metasploit.com
This bug allows any user with write access to a file share to create a symbolic link to the root filesystem.
- Postgres Fingerprinting – metasploit.com
Metasploit supports Postgres enumeration using this technique.
- WordPress iframe injection? – isc.sans.org
- Adobe ColdFusion Information Disclosure – isc.sans.org
This could allow remote access to collections created by the Solr Service.
- IE bug allows file access from remote locations
We posted this in a Black Hat DC update, an now it’s live. Let’s hope MS fixes this extra quickly.
- Microsoft warns of Internet Explorer vulnerability – sophos.com
- IE flaw gives hackers access to user files, Microsoft says – infoworld.com
- Microsoft warns of IE flaw, turns PC into public file server – arstechnica.com
- Internet Explorer Vulnerability And Temporary Fix – ghacks.net
- US Cybersecurity Enhancement Act pushes cybersecurity scholarships and checks current security fitness of agencies.
The US government is stepping up to the challenge of creating a more secure online environment.
- Patch Tuesday pre-release news
Watch for 13 bulletins and 26 vulerabilities to be fixed by Microsoft
- Oracle Ships Critical Out-of-Band Security Patch – threatpost.com
Oracle has released an out-of-band patch to fix a gaping security hole in the Oracle WebLogic Node Manager.
- ATM Skimmers, Part II – krebsonsecurity.com
A slide deck on ATM fraud attacks are posted.
- iPhones Vulnerable to New Remote Attack – threatpost.com
The attack is the result of a flaw in the way the iPhone handles over-the-air provisioning, trusted root certificates and configuration files.
- Hacking for Fun and Profit in China’s Underworld – nytimes.com
Internet security experts say China has legions of hackers that are behind an escalating number of global attacks.
- Verizon MiFi Device Hacked – threatpost.com
Using Kismet to break into this new mobile access point device.
- Foil impressioning defeats security locks – hackaday.com
This method uses a heavy gauge aluminum foil to grab and hold the pins in the correct place for the lock to be turned.
- Pirating the 2010 Oscars – waxy.org
An impressive collection of data on the piracy of Oscar shows starting from 2003 plus some bonus analysis.
- Accuracy and Time Costs of Web Application Security Scanner Report – ha.ckers.org
Larry Suto has a report outlining the differences between some of the top web application scanners on the market.
- Hackers Steal Millions in Carbon Credits – wired.com
The hackers launched a targeted phishing attack which took an estimated 250,000 carbon credits worth $4 million.
- ITB Issue 0×1 – Call For Collaboration – cutawaysecurity.com
In order for this publication to continue we need more people to step up and provide their input.