- Front Range OWASP Conference 2010 – owasp.org
The official wiki/site of the FROC 2010
- The History of Hacking – onlinemba.com
Hacking has been around as long as computers as a way to reconfigure or reprogram a system to give access to someone who otherwise shouldn’t have access.
- Released Buster Sandbox Analyzer 1.23 – offensivecomputing.net
Version 1.23 introduces the automatic malware analysis mode.
- OllyDbg 2.0 – ollydbg.de
This time, I have missed a crash in the popup menu of the breakpoint window.
- web application firewall bypass with a XSS attack – acunetix.com
In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered by the WAF.
- WMIC for incident response – sans.org
I mentioned at the end of that post that I’ve been using WMIC in place of psexec and that I’d have more on that later.
- Top 10 Things you may not know about tcpdump – sans.edu
What are the things you may not know about tcpdump? Here are some of the favorite items I ran into and please fill free to submit more.
- AV Bypass Made Stupid – room362.com
I started with fgdump, a well known hashdumping/pwdump tool. It’s detected by 80% of all AVs and by all the top 10.
- pigtoddler.py – Culling Files By Riding Spiders – l1pht.com
I wanted a troubled little script that didn’t require much care and had a little more “dice roll” type attitude.
- pro tip: get lucky by scanning for 192.168.20.1 – clearnetsec.com
ut as I just witnessed at a client, none of their historical vulnerability scan results discovered the cards because this client doesn’t use that IP block, yet several Dell servers had default DRAC cards waiting for some love.
- About the Adobe Zero-Day
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.
- Microsoft Security Bulletin Advance Notification for June 2010 – microsoft.com
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
- House OKs Cybersecurity Reforms – darkreading.com
Bill calls for creation of a permanent National Office for Cyberspace and Office of the Federal Chief Technology Officer within the White House.
- WikiLeaks Was Launched With Documents Intercepted From Tor – wired.com
WikiLeaks bootstrapped itself with a cache of documents obtained through an internet eavesdropping operation by one of its activists, according to a new profile of the organization’s founder.
- Massive iPhone Security Issue Could Endanger Enterprise Adoption – readwriteweb.com
This flaw was discovered by Bernd Marienfeld, an information security professional and blogger, last week.
- Viral clickjacking ‘Like’ worm hits Facebook users – sophos.com
Hundreds of thousands of Facebook users have fallen for a social-engineering trick which allowed a clickjacking worm to spread quickly over Facebook this holiday weekend.
- Tabnapping: New Phishing Attack – absolute.com
The content of the original tab is changed to a fake site, most often a login screen to a common site like Facebook or Gmail.
- Microsoft security IS “good enough” and that’s the problem – jeremiahgrossman.blogspot.com
No shortage of vulnerabilities resulting in widespread and devastating compromises with patches unpredictable and long in coming.
- PHP Remains Strong Despite Security Flaws – developer.com
But even after so many identified security issues in MOPS, PHP experts argue that the language is not necessarily insecure.
- ATM Skimmers: Separating Cruft from Craft – krebsonsecurity.com
The truth is that most of these skimmers openly advertised are little more than scams designed to separate clueless crooks from their ill-gotten gains.
- NHTSA’s Complaint Database Leaks Private Information Like A Sieve – thetruthaboutcars.com
Our Canadian pal carquestions took a look through NHTSA’s public complaint database, and found four examples of personal information that NHTSA should have redacted but didn’t.