Events Related:
- RSA related posts
- Chattin’ With the Boss: “Securing the Network” (Waiting For the Jet Pack) – rationalsurvivability.com
- RSA Interview (c/o Tripwire) On the State Of Information Security In Virtualized/Cloud Environments. – rationalsurvivability.com
- RSAC2010: ISC2 – mckeay.net
- Pics from the RSA Codebreakers Bash – tripwire.com
- Videos from the RSA Codebreakers Bash – Spinning and Hoops – tripwire.com
- RSA Conference 2010 Recap (Round 1): – visiblerisk.com
- RSA 2010/Security BSides Recap – Day 02 – infosecramblings.com
- RSA Conference Wrapup – ha.ckers.org
Resources:
- Security BSides Slides – slideshare.net/BSides
The slides from the recent unconference.
Tools:
- SAHI – Web Automation & Application Security Testing Tool – sahi.co.in
Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications. - Plecost v0.2.2-7 – iniqua.com
Wordpress finger printer tool to search and retrieve information about the plugins versions installed in WordPress systems. - OpenSCAP v0.5.7 – scap.nist.gov
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. - Flint v1.0 – runplaybook.com
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems. - Samhain v2.6.3 – la-samhna.de
The update includes fixes for email code regression. - Beltane v2.3.19 – la-samhna.de
Fixes for Oracle database paths were included here. - Vordel SOAPbox – vordel.com
SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes. - S-E Ninja v0.1 Beta – brokenpixel.com
S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP. - Sniff-n-Spit v1.0 – andlabs.org
It sniffs for HTTP packets from the client to server and forwards them to your favorite proxy. - Imposter v0.9 – andlabs.org
Imposter is a flexible framework to perform Browser Phishing attacks.
Techniques:
- Netsparker, Accuracy and Time Costs of Web Application Security Scanner Report – mavitunasecurity.com
One of the most unrealistic things about the report is the amount of false-positives possibilities in the test websites. - Simple Log Review Checklist Released! – chuvakin.blogspot.com
We have created a “Critical Log Review Checklist for Security Incidents” which is released to the world today. - Frisky Solitaire – Another Info Stealer – didierstevens.com
No need to exploit a software vulnerability to steal info. - Attacking RSA exponentiation with fault injection – root.org
The general idea is that an attacker can disrupt an RSA private key operation to cause an invalid signature to be returned, then use that result to extract the private key. - In the wild PDF exploits using a combination of “ASCIIHexDecode” and” ASCII85Decode” filters – zscaler.com
In the last few months, we have seen PDF exploits related to filters like “ASCIIHexDecode”, “FlateDecode”, etc., being used to avoid antivirus detection. - Locate and Exploit the Energizer Trojan – metasploit.com
As of this afternoon, you can now use Metasploit to locate infected systems on the local network. - SANS Top 25 series
More about the top software flaws present in most systems today- Top 25 Series – Rank 7 – Path Traversal – sans.org
- Top 25 Series – Rank 11 – Hardcoded Credentials – sans.org
- Top 25 Series – Rank 13 – PHP File Inclusion – sans.org
- Decrypting Symantec BackupExec passwords – sensepost.com
BackupExec agent is often among common services found on the internal pen tests. - The ultimate faceoff between password lists – skullsecurity.org
I spent some time graphing potential password dictionaries’ success against leaked password lists to see which one was best. - “Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries” – honeyblog.org
A gadget encapsulates all code related to a specific task and can be executed in a stand-alone fashion.
Vulnerabilities:
- Apache bug prompts update advice – zdnet.com.au
Sense of Security has discovered a serious bug in Apache’s HTTP web server, which could allow complete control of a database.
- Another IE 0day shows up
A very targeted attack emerges that seems to come from a single web address- Microsoft Security Advisory (981374) – microsoft.com
- Microsoft Security Bulletin Summary for March 2010 – microsoft.com
- March 2010 Security Bulletin Release – technet.com
- Targeted Internet Explorer Zero-Day Attack Announced (CVE-2010-0806) – avertlabs.com
- IEPeers – A New Internet Explorer Zero Day Vulnerability – praetorianprefect.com
Vendor/Software Patches:
- Apple Plugs 16 Safari Security Holes – threatpost.com
The Safari 4.0.5 update fixes flaws that could lead to remote code execution if a user is tricked into surfing to a maliciously rigged site.
Other News:
- Researchers dissect ZeuS botnet blueprint – itnews.com.au
Malware startup costs put at $2,753. - Zeus botnet dealt a blow as ISP Troyak knocked out – itworld.com
Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. - China has declared a cyber war: NATO – zopag.com
NATO diplomatic sources have told The Times that the Chinese have become very active with cyber-attacks. - Energizer Bunny’s software infects PCs – computerworld.com.au
According to researchers at US-CERT, software that accompanies the Energizer DUO USB battery charger contains a Trojan horse - Vodafone distributes Mariposa botnet – pandasecurity.com
A quick look into the phone quickly revealed infected software and was spreading the infection to any and all PCs that the phone would be plugged into. - Cyber Crooks Leave Traditional Bank Robbers in the Dust – krebsonsecurity.com
Organized cyber criminals stole more than $25M versus $9.5M for traditional stick-up artists. - FBI: Online Fraud Costs Skyrocketed in 2009 – krebsonsecurity.com
Reported losses from online fraud more than doubled last year, from $265 million in 2008 to nearly $560 million in 2009. - Former NSA tech chief: I don’t trust the cloud – networkworld.com
The former National Security Agency technical director told the RSA Conference he doesn’t trust cloud services. - Hands On: Unboxing the Fake Intel Core i7-920 – gearlog.com
The box looks very real, and the weight of the package is perfect. - Password cracker 100 times faster with an SSD – h-online.com
An acceleration by a factor of 100 was observed, compared to the older 8GB Rainbow Tables for XP hashes. - New “Smart Meters” for Energy Use Put Privacy at Risk – eff.org
Energy usage data, measured moment by moment, allows the reconstruction of a household’s activities. - TJX Hacking Conspirator Gets 4 Years – wired.com
Zaman, a former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 - Kaspersky: Apple is blocking iPhone security software – pcpro.co.uk
Eugene Kaspersky has claimed Apple is blocking attempts to bring third-party security software to the iPhone. - Why Bob Maley’s Firing is Bad for All of Us – threatpost.com
Maley became a sought-after speaker and interview subject, a fact that led directly to his firing. - Facebook Adds Code for Clickjacking Prevention – theharmonyguy.com
On high-risk pages, a block of code checks whether the page is “top” and not inside a frame. - Google “99.9 pct” sure to shut China search engine: report – news.yahoo.com
Google was likely to take some time to follow through with its plans. - Haven’t found that software glitch, Toyota? Keep trying – latimes.com
There’s a lot of speculation that Toyota’s problems with sudden acceleration may be caused by the vehicles’ electronics systems.
Leave A Comment