- Pwn2Own 2010
Now in its fourth year, the Pwn2Own competition will award up to $100,000 for exploits that successfully penetrate various hardware and software systems.
- Contest offers $100,000 for smartphone, browser hacks – theregister.co.uk
- Pwn2Own 2010 – tippingpoint.com
- 2010 SANS Top 25 Most Dangerous Programming Errors Released – cgisecurity.com
This is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities.
- Security Scoreboard – securityscoreboard.com
Think about a Zagat for security products, that is what it is.
- MacNikto 1.1.1 – informationgift.com
It provides easy access to a subset of the features available in the Open Source, command-line driven Nikto web security scanner.
- Harden SSL/TLS – Tool release – g-sec.lu
It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites.
- Pyrit 0.3.0 – code.google.com/p/pyrit/
Pyrit allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff
- Browser Rider v20090204 Released – engineeringforfun.com
The project aims to provide a powerful, simple and flexible interface to any client side exploit.
- Websecurify v0.5 Beta 1 – code.google.com/p/websecurify/
- Self-Inflicted SQL Injection – don’t quote me ! – mikesmithers.wordpress.com
But how can you be attacked when the attacker isn’t even around at the time ?
- Integrating Core Impact Pro With the Metasploit Project – coresecurity.com
Today we announced that CORE IMPACT Pro will be integrated with Metasploit in our next scheduled product release.
- Scriptable Processor modules – hexblog.com
One of the new features we are preparing for the next version of IDA is the ability to write processor modules using your favorite scripting language.
- Abusing WCF to Perform Remote Port Scans – gdssecurity.com
The first step in establishing a session with WSDualHttpBinding requires the client and server to negotiate the duplex connection.
- Screen Unlock Meterpreter Script – relentless-coding.blogspot.com
The script needs SYSTEM privileges and patches the msv1_0.dll loaded by lsass.exe so that every password will be accepted to unlock the screen.
- Google Buzz Security Flaw – ha.ckers.org
It’s yet another example of bad input validation/output encoding by your favorite advertising overlords at Google.
- Adobe fixes Reader and Acrobat Flaws
This vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests.
- Security updates available for Adobe Reader and Acrobat – adobe.com
- Adobe plugs more gaping holes in PDF Reader – zdnet.com
- Adobe Plugs Critical PDF Code Execution Flaw – threatpost.com
- Security Updates for Adobe Reader, Acrobat – krebsonsecurity.com
- Mozilla security updates
Firefox and Seamonkey get a few bug fixes.
- Reverse-engineering a smart meter – root.org
A software bug, typo at the control center, or hacker could potentially turn off my power and gas.
- Electronic key impressioning – hackaday.com
Apparently, a handheld impressioning device is about to hit the market that can tell you the key codes for a lock in a matter of seconds.
- China Home to Most Hacked Computers, Says Report – inc.com
In the last three months of 2009, about 1,095,000 computers in China were hacked.
- Criminal hacker ‘Iceman’ gets 13 years – computerworld.com
Max Ray Butler, who used the hacker pseudonym Iceman, was sentenced Friday morning in Pittsburgh on charges of wire fraud and identity theft.
- A Comparison of DBIR with UK breach report – verizonbusiness.com
The following is a high-level comparison of DBIR findings to the 7Safe report from the UK.
- Even Kingston Knocks Off Kingston microSD Cards? – gizmodo.com
Bunnie Huang of the famous Chumby encountered some Kingston microSDs appeared to be dysfunctional counterfeits.
- Mock cyber attack shows US unpreparedness – net-security.org
The simulated cyber attack in Washington showed that the US is still not ready to deflect or mitigate such an attack.
- Hackers, Troops Rejoice: Pentagon Lifts Thumb-Drive Ban (Updated) – wired.com
U.S. Strategic Command has lifted its ban on the tiny drives, memory sticks, CDs and other “removable flash media” on military networks.