Events Related:
- CanSecWest posts
A round-up of the events in the recent Canadian conference- CanSecWest 2010 Day 1 – sophos.com
- CanSecWest 2010 day 2 summary – sophos.com
- CanSecWest 2010 day 3 summary – sophos.com
- Hacker Olympics: a shout-out from Vancouver, BC! – technet.com
- Videos in Hack in the Box – hitb.org
Videos of the keynotes of HITB Malaysia 2009
Resources:
- Passware Kit Forensic Decrypts TrueCrypt Hard Disks in Minutes – forensicfocus.com
Passware Kit Forensic has become the first commercially available software to break TrueCrypt hard drive encryption without applying a time-consuming brute-force attack. - HD Moore on Metasploit, Exploitation and the Art of Pen Testing – threatpost.com
Dennis Fisher talks with HD Moore, the founder of the Metasploit Project and the chief security officer at Rapid7.
Tools:
- OpenSSL 1.0 – openssl.org
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit SSL v2/v3 and TLS v1 protocols. - Vicnum v1.4 – sourceforge.net/projects/vicnum/
A lightweight flexible vulnerable web application written in PERL and PHP. - Plecost v0.2.2-8 – plecost.googlecode.com
Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems. - DBAPPSecurity web application scanner MatriXay 3.6 – professionalsecuritytesters.org
MatriXay 3.6 not only has the remarkable scanning ability, but also provides powerful penetration testing functions and web Trojan detection. - Zigbee Analysis Tools – sans.org
KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. - pvefindaddr v1.27 – corelan.be
Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. - Buck Security v0.5 – buck-security.org
Buck Security is a collection of security checks for Linux. - pwnat v0.2-Beta – samy.pl
Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party. - Nmap v5.30 Beta 1 – nmap.org
Nmap is a free open source utility for network exploration or security auditing. - Wireshark 1.2.7 – wireshark.org
Wireshark is the world’s most popular network protocol analyzer. - SQLFury – sqlfury.com
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. - w3af v1.0-RC3 – sourceforge.net/projects/w3af/
The w3af core and it’s plugins are fully written in python. - CMS Explorer (or: what’s that CMS running?) – sunera.com
CMS Explorer is currently set up to test Drupal, WordPress and Joomla!/Mambo, with exploration support for Drupal and WordPress. - Microsoft SDL version 5 – msdn.com
The largest change in SDLv5 is the inclusion of SDL for Agile Development as an Addendum at the end. - LoverBoy – loverboy.sourceforge.net
A web application penetration testing tool that can extract data from SQL Server, MySQL, DB2, Oracle, Sybase, Informix, and Postgres. - CUPP v3 – remote-exploit.org
Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities. - Skipfish v1.29B – skipfish.googlecode.com
Skipfish is an active web application security reconnaissance tool. - Kon-Boot v1.1 – piotrbania.com/all/kon-boot
Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel. - Flint 1.0.5 – chargen.matasano.com
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.
Techniques:
- Can you still trust your network card? – ssi.gouv.fr
The talk explained how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (NICs). - Has SSL become pointless? Researchers suspect state-sponsored CA forgery – betanews.com
Using ‘man-in-the-middle’ to intercept TLS or SSL is essentially an attack against the underlying Diffie-Hellman cryptographic key agreement protocol. - A couple of PDF exploits you might want to hear about
- Escape From PDF – didierstevens.com
I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability! - Escape From Foxit Reader – didierstevens.com
Remember, Foxit Reader issues no warning when launching a command!
- Escape From PDF – didierstevens.com
- Pwn2Own 2010: Lessons Learned – symantec.com
So, why do Web browsers make such good targets for exploit developers? - Resilient SSH Tunneled Meterpreter Session – pauldotcom.com
Resilient in that it will monitor the tools running needed to give me access and relaunch them if needed. - Automated SEO poisoning attacks explained – sophos.com
SEO poisoning is one of the major methods of attack that we are seeing being used by online criminals at the moment. - Plugging the CSS History Leak – mozilla.com
It’s a tough problem to fix, though, so I’d like to describe how we ended up with this approach. - Using Nessus Thorough Checks for In-depth Audits – tenablesecurity.com
Nessus users have a wide range of powerful options whose functionality is critical to a successful vulnerability scan, but whose meaning may not be completely clear. - PWN2OWN & Fuzzing – garwarner.blogspot.com
Charlie Miller got quite a bit of buzz for his fuzz when at CanSecWest he owned a fully patched Mac with fully patched Safari “in 10 seconds”. - Reverse Engineering File Formats – jbrownsec.blogspot.com
But soon you will see by blackbox testing and reverse engineering, we can get all the information we need to correctly produce EDS files and find vulnerabilities. - Burp Suite Tutorial – Intruder Tool version 2 – securityninja.co.uk
My Burp Suite tutorial blog posts appear to be a bit like buses, it took a long time for me to do the first one and now I’m writing the third one! - OpenRunSaveMRU and LastVisitedMRU – sans.org
Talking with a colleague the other day reminded me of just how nuanced many of the forensic artifacts are that we rely upon.
Vulnerabilities:
- OpenSSL Flaw Can Crash Remote Machines – threatpost.com
The flaw gives an attacker the ability to use a single TLS record to take out remote machines that are running vulnerable OpenSSL software. - PHP blunders with random numbers – h-online.com
Andreas Bogk warns that, despite recent PHP improvements, the session IDs of users who are logged into PHP applications remain guessable.
Vendor/Software Patches:
- MS patches lots of holes in Internet Explorer Microsoft fixes 10 security leaks in their flagship browser
- Security Bulletin MS10-018 Released – technet.com
- Microsoft issues emergency patch for 10 IE holes – cnet.com
- Apple patching a lot of flaws
The update corrects more than 90 security flaws and weaknesses in a variety of Apple and third-party products.- Monster Mac OS X Update – krebsonsecurity.com
- Apple patching frenzy: Security holes in QuickTime, iTunes, AirPort – zdnet.com
- QuickTime update patches 16 vulnerabilities – h-online.com
- Java fixed up
Security updates for Java SE and Java for Business have been released as Java 6 Update 19.- Java 6 Update 19 closes 26 security holes – h-online.com
- Java Patch Plugs 27 Security Holes – krebsonsecurity.com
- Oracle Java SE and Java for Business Critical Patch Update Advisory – sans.org
- Foxit Reader Security Update – foxitsoftware.com
Foxit Reader has released a security that fixes an issue that runs an embedded executable in a PDF document without asking the user’s permission.
Other News:
- AP Exclusive: `Smart’ meters have security holes – google.com
At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills. - Heartland data breach could be bigger than TJX’s – networkworld.com
The company said the intrusion may have been the result of a “widespread global cyberfraud operation”. - iPhone hacked in Pwn2Own, and more
Among other things, they were able to read the entire SMS database, including text messages that had already been deleted. - Frenchman Arrested After Hacking Into Obama’s Twitter Accounts – wsj.com
A Frenchman will face trial after hacking into Twitter accounts, including that of U.S President Barack Obama. - U.S. Faces Cyber Security Gap Without Training, Education – esecurityplanet.com
One of the most important steps policymakers can take is to nourish the education and training of a new crop of security experts. - Senate panel passes Cybersecurity Act with revised “kill switch” language – opencongress.org
The goal of the bill was to develop a public-private plan for strengthening national security in the case of internet-based attacks. - How I’d Hack Your Weak Passwords – lifehacker.com
If you invited me to try and crack your password, how many guesses would it take before I got it? - School laptop spy case prompts Wiretap Act rethink – arstechnica.com
The existing Wiretap Act already bans oral, wire, and electronic communications gathered without consent. - Facebook data erased due to lawsuit threats.
Legal threats from Facebook have led to the destruction of a social science dataset about to be released to researchers.- Data sifted from Facebook wiped after legal threats – newscientist.com
- UPDATED: Facebook Data Deleted After Lawsuit Threat – gigaom.com
- Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts – zdnet.com
BeyondTrust’s quantitative report message is simple – get back to the basics. - More “hotel door hacking” and lockcon – blackbag.nl
The chain is a weak link by itself as it was obvious if had been broken and repaired many times before. - US Navy Wants to Field Cyber-Attack System – military.com
In 2018, the U.S. Navy hopes to take a major step toward fielding a cyber-attack system on a tactically survivable, fighter-size aircraft. - Peoplesoft passwords – gasparotto.blogspot.com
Since nobody give the database user/password connection string on application connection, Peoplesoft will de-encrypt the password to be able to reconnect to the database.
