- Securosis’ Guide to the RSA Conference 2010 – mckeay.com
If you want to do some research on specific technologies at the RSA Conference 2010, this should help.
- ShmooCon 2010 Firetalks – Update 5 (aka – the Wrap-Up) – novainfosecportal.com
Presentation compilations and more.
- Assured Exploitation Training – trailofbits.com
This training class is focused on various topics in advanced exploitation of memory corruption vulnerabilities.
- IT Audit: 6 VMWare Settings Every IT Auditor Should Know About – sans.org
Here we’ll take a look at settings that impact security, and how they should ideally be configured.
- Side-Track: Security/Pen-testing Distribution Of Linux For The ZipIt Z2 – irongeek.com
The ZipIt Z2 is great platform for dropboxes since it runs Linux and is only $50.
- Sahi v3.0 – sahi.co.in
- Repscan v3.0 – sentrigo.com
This new version supports MS SQL Server and Oracle databases.
- NoMore and 1=1 – eslimasec.com
This tool is used to minimize the time required to type malicious syntax and have a handy repository as well.
- Katana v1.5 (Z@toichi) – hackfromacave.com
Katana includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, Malware Removal and more.
- John the Ripper v1.7.5 – openwall.com
Its primary purpose is to detect weak Unix passwords
- Watcher version 1.3.0 released February 25, 2010 – websecuritytool.codeplex.com
Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing.
- Really good whitepaper about “Hacking Oracle from the Web” – red-database-security.com
This is the most comprehensive published collection of different techniques for attacking Oracle from the web.
- Ping Shellcode – didierstevens.com
I’ve added 2 new assembly source files for shellcode to execute a ping.
- Running a command on every machine in your domain from the command line – pauldotcom.com
You can run any command you want on every machine in your domain.
- Man in the Browser – fireeye.com
Man in the Browser a.k.a MITB is a new breed of attacks whose primary objective is to spy on browser sessions.
- How Secure are Secure Interdomain Routing Protocols? – microsoft.com
In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information.
- How to prevent a user granted the ALTER USER priviledge from changing SYS/SYSTEM password and how to bypass it. – red-database-security.com
Many Oracle users are not aware that the grant command can also be used to change passwords or even create users.
- Securing Java in Oracle Update and escalating to SYSDBA – oracleforensics.com
Most organisations either take the risk of the change breaking functionality or decide to stay as they are.
- VMWare Directory Traversal Metasploit Module – carnal0wnage.attackresearch.com
I pushed up my checker module to the metasploit trunk as an auxiliary scanner module.
- Killing the Monkey in the Middle – pauldotcom.com
There are many ways for the attacker to insert themselves in the middle of a conversation.
- Enumerate Oracle SIDs – slaviks-blog.com
As promised, here is a small Python script to allow you to enumerate and find Oracle SIDs.
- Multiple Adobe products vulnerable to XML External Entity Injection And XML Injection – cgisecurity.com
This advisory provides a good explanation and examples of these rarely discussed attack types.
- Adobe plugs critical hole in Download Manager – cnet.com
Download Manager is a tool that helps users efficiently download files from Web servers.
- 75 percent of enterprises have been hit by multi-million dollar cyber attacks – daniweb.com
Every enterprise, yes 100 percent, experienced cyber losses in 2009.
- An Interview With Howard Schmidt – threatpost.com
Dennis Fisher talks with Schmidt about his career and what the priorities should be for the cybersecurity czar.
- Police called in over SMH leak – abc.net.au
An Australian transport minister says there were about 3,727 unauthorised hits on the website
- ‘Sophisticated’ Hack Hit Intel in January – wired.com
Intel acknowledged that it was hacked in January in a sophisticated attack at the same time that Google, Adobe and others were targeted.
- Credit card skimming attacks on pay-at-the-pump petrol stations – h-online.com
Skimming devices attached to petrol pump terminals use Bluetooth to transmit the data to criminals operating near by.
- GoDaddy store your passwords in clear-text and may try to SSH to your VPS without permission – sucuri.net
Some scary stuff that might happen to you if you host your site with them, clearly violating on your privacy.
- US unable to win a cyber war – net-security.org
If the US got involved in a cyber war at this moment, they would surely lose.
- N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss – krebsonsecurity.
A New York marketing firm that was preparing to be acquired is now facing bankruptcy from a computer virus.
- Hotel room security defeated by a piece of wire – can be secured with a towel – gadling.com
A piece of bent wire can defeat these magnetic swipe rooms.
- Are Hollywood Hackers Bogus or Bright? – pcworld.com
Gordon, a lecturer at the Dublin Institute of Technology, studied 50 movies, produced over five decades.
- Navy Planning Prototype Cyber-Network Security System – darkreading.com
Seeking proposals for a system that ensures cyber operations aren’t shut down in the event of a cyber war.
- Microsoft secretly beheads notorious botnet – pcpro.co.uk
Microsoft has won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs.
- Cryptome Back Online After Brief DMCA Battle – darkreading.com
Website reportedly taken down for posting sensitive Microsoft document on criminal investigation compliance.
- Wyndham Hotels Hacked Again – yahoo.com
This is the third data breach reported by Wyndham in the past year.
- Another, Better TKIP Attack That’s Still Limited – wifinetnews.com
One of the two researchers who brought us the TKIP Michael packet integrity attack has a refined technique.