- CanSecWest posts
A round-up of the events in the recent Canadian conference
- Videos in Hack in the Box – hitb.org
Videos of the keynotes of HITB Malaysia 2009
- Passware Kit Forensic Decrypts TrueCrypt Hard Disks in Minutes – forensicfocus.com
Passware Kit Forensic has become the first commercially available software to break TrueCrypt hard drive encryption without applying a time-consuming brute-force attack.
- HD Moore on Metasploit, Exploitation and the Art of Pen Testing – threatpost.com
Dennis Fisher talks with HD Moore, the founder of the Metasploit Project and the chief security officer at Rapid7.
- OpenSSL 1.0 – openssl.org
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit SSL v2/v3 and TLS v1 protocols.
- Vicnum v1.4 – sourceforge.net/projects/vicnum/
A lightweight flexible vulnerable web application written in PERL and PHP.
- Plecost v0.2.2-8 – plecost.googlecode.com
Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems.
- DBAPPSecurity web application scanner MatriXay 3.6 – professionalsecuritytesters.org
MatriXay 3.6 not only has the remarkable scanning ability, but also provides powerful penetration testing functions and web Trojan detection.
- Zigbee Analysis Tools – sans.org
KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks.
- pvefindaddr v1.27 – corelan.be
Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files.
- Buck Security v0.5 – buck-security.org
Buck Security is a collection of security checks for Linux.
- pwnat v0.2-Beta – samy.pl
Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.
- Nmap v5.30 Beta 1 – nmap.org
Nmap is a free open source utility for network exploration or security auditing.
- Wireshark 1.2.7 – wireshark.org
Wireshark is the world’s most popular network protocol analyzer.
- SQLFury – sqlfury.com
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application.
- w3af v1.0-RC3 – sourceforge.net/projects/w3af/
The w3af core and it’s plugins are fully written in python.
- CMS Explorer (or: what’s that CMS running?) – sunera.com
CMS Explorer is currently set up to test Drupal, WordPress and Joomla!/Mambo, with exploration support for Drupal and WordPress.
- Microsoft SDL version 5 – msdn.com
The largest change in SDLv5 is the inclusion of SDL for Agile Development as an Addendum at the end.
- LoverBoy – loverboy.sourceforge.net
A web application penetration testing tool that can extract data from SQL Server, MySQL, DB2, Oracle, Sybase, Informix, and Postgres.
- CUPP v3 – remote-exploit.org
Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities.
- Skipfish v1.29B – skipfish.googlecode.com
Skipfish is an active web application security reconnaissance tool.
- Kon-Boot v1.1 – piotrbania.com/all/kon-boot
Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel.
- Flint 1.0.5 – chargen.matasano.com
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.
- Can you still trust your network card? – ssi.gouv.fr
The talk explained how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (NICs).
- Has SSL become pointless? Researchers suspect state-sponsored CA forgery – betanews.com
Using ‘man-in-the-middle’ to intercept TLS or SSL is essentially an attack against the underlying Diffie-Hellman cryptographic key agreement protocol.
- A couple of PDF exploits you might want to hear about
- Pwn2Own 2010: Lessons Learned – symantec.com
So, why do Web browsers make such good targets for exploit developers?
- Resilient SSH Tunneled Meterpreter Session – pauldotcom.com
Resilient in that it will monitor the tools running needed to give me access and relaunch them if needed.
- Automated SEO poisoning attacks explained – sophos.com
SEO poisoning is one of the major methods of attack that we are seeing being used by online criminals at the moment.
- Plugging the CSS History Leak – mozilla.com
It’s a tough problem to fix, though, so I’d like to describe how we ended up with this approach.
- Using Nessus Thorough Checks for In-depth Audits – tenablesecurity.com
Nessus users have a wide range of powerful options whose functionality is critical to a successful vulnerability scan, but whose meaning may not be completely clear.
- PWN2OWN & Fuzzing – garwarner.blogspot.com
Charlie Miller got quite a bit of buzz for his fuzz when at CanSecWest he owned a fully patched Mac with fully patched Safari “in 10 seconds”.
- Reverse Engineering File Formats – jbrownsec.blogspot.com
But soon you will see by blackbox testing and reverse engineering, we can get all the information we need to correctly produce EDS files and find vulnerabilities.
- Burp Suite Tutorial – Intruder Tool version 2 – securityninja.co.uk
My Burp Suite tutorial blog posts appear to be a bit like buses, it took a long time for me to do the first one and now I’m writing the third one!
- OpenRunSaveMRU and LastVisitedMRU – sans.org
Talking with a colleague the other day reminded me of just how nuanced many of the forensic artifacts are that we rely upon.
- OpenSSL Flaw Can Crash Remote Machines – threatpost.com
The flaw gives an attacker the ability to use a single TLS record to take out remote machines that are running vulnerable OpenSSL software.
- PHP blunders with random numbers – h-online.com
Andreas Bogk warns that, despite recent PHP improvements, the session IDs of users who are logged into PHP applications remain guessable.
- MS patches lots of holes in Internet Explorer Microsoft fixes 10 security leaks in their flagship browser
- Apple patching a lot of flaws
The update corrects more than 90 security flaws and weaknesses in a variety of Apple and third-party products.
- Monster Mac OS X Update – krebsonsecurity.com
- Apple patching frenzy: Security holes in QuickTime, iTunes, AirPort – zdnet.com
- QuickTime update patches 16 vulnerabilities – h-online.com
- Java fixed up
Security updates for Java SE and Java for Business have been released as Java 6 Update 19.
- Java 6 Update 19 closes 26 security holes – h-online.com
- Java Patch Plugs 27 Security Holes – krebsonsecurity.com
- Oracle Java SE and Java for Business Critical Patch Update Advisory – sans.org
- Foxit Reader Security Update – foxitsoftware.com
Foxit Reader has released a security that fixes an issue that runs an embedded executable in a PDF document without asking the user’s permission.
- AP Exclusive: `Smart’ meters have security holes – google.com
At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills.
- Heartland data breach could be bigger than TJX’s – networkworld.com
The company said the intrusion may have been the result of a “widespread global cyberfraud operation”.
- iPhone hacked in Pwn2Own, and more
Among other things, they were able to read the entire SMS database, including text messages that had already been deleted.
- Frenchman Arrested After Hacking Into Obama’s Twitter Accounts – wsj.com
A Frenchman will face trial after hacking into Twitter accounts, including that of U.S President Barack Obama.
- U.S. Faces Cyber Security Gap Without Training, Education – esecurityplanet.com
One of the most important steps policymakers can take is to nourish the education and training of a new crop of security experts.
- Senate panel passes Cybersecurity Act with revised “kill switch” language – opencongress.org
The goal of the bill was to develop a public-private plan for strengthening national security in the case of internet-based attacks.
- How I’d Hack Your Weak Passwords – lifehacker.com
If you invited me to try and crack your password, how many guesses would it take before I got it?
- School laptop spy case prompts Wiretap Act rethink – arstechnica.com
The existing Wiretap Act already bans oral, wire, and electronic communications gathered without consent.
- Facebook data erased due to lawsuit threats.
Legal threats from Facebook have led to the destruction of a social science dataset about to be released to researchers.
- Data sifted from Facebook wiped after legal threats – newscientist.com
- UPDATED: Facebook Data Deleted After Lawsuit Threat – gigaom.com
- Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts – zdnet.com
BeyondTrust’s quantitative report message is simple – get back to the basics.
- More “hotel door hacking” and lockcon – blackbag.nl
The chain is a weak link by itself as it was obvious if had been broken and repaired many times before.
- US Navy Wants to Field Cyber-Attack System – military.com
In 2018, the U.S. Navy hopes to take a major step toward fielding a cyber-attack system on a tactically survivable, fighter-size aircraft.
- Peoplesoft passwords – gasparotto.blogspot.com
Since nobody give the database user/password connection string on application connection, Peoplesoft will de-encrypt the password to be able to reconnect to the database.