Events Related:

  • HTML5 goodness at BlackHat Abu Dhabi this week –
    In addition to covering some of the interesting HTML5 attacks already released during 2010 by myself and other researchers, it has two new sections – HTML5 based port scanning and HTML5 Botnets.


  • Google Hacking Database Reborn –
    Johnny Long of Hackers for Charity started the Google Hacking Database (GHDB) to serve as a repository for search terms, called Google-Dorks, that expose sensitive information, vulnerabilities, passwords, and much more.
  • Sector 2010 Presentations Now Online –
    The presentations from the Sector Security Conference 2010 are now online. Albeit the keynotes are still not up but, the should follow in short order.
  • How to Get Started With Malware Analysis –
    The process also allows security professionals to assess the scope, severity and repercussions of the incident, and may help the organization bring the parties responsible for the incident to justice.


  • Blacksheep outs Firesheep users
    BlackSheep is a Firefox add-on which warns users if someone is using Firesheep on their network. It also indicates the IP address of the machine that is spying on you.

  • UPDATE: Plecost v0.2.2-9-beta! –
    WordPress finger printer tool, plecost searches and retrieves information about the plugins versions installed in WordPress systems.
  • ThreatFactor NSIA –
    ThreatFactor NSIA is a website scanner that monitors websites in real-time in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues.
  • Metasploit Framework 3.5.0 – Win32 respin –
    The new installer still contains everything you need to run msfgui, scan a network, and store the results for use with db_autopwn out of the box.
  • UPDATE: OWASPBWA v0.92rc1! –
    Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
  • UPDATE: Skipfish-1.70b! –
    Skipfish is a fully automated, active web application security reconnaissance tool.
  • Virtualization ASsesment TOolkit –
    VASTO is a Virtualization ASsessment TOolkit, a collection of Metasploit modules meant to be used as a testing tool to perform penetration tests or security audit of virtualization solutions.
  • Wi-fEye: A Multi-Pronged Network Penetration Tester! –
    Wi-fEye can be considered as a GUI to almost all tools that we use daily. It is designed to be the ultimate point-and-shoot tool.


  • JAVA Malware evading decompilation –
    It seems that the bytecode of the above class is thwarting the decompilation in some way.
  • Java Exploits –
    The recent Java JRE patch bundle released by Oracle contained a long list of security fixes, several of which for vulnerabilities that allow drive-by exploits.
  • Security hero –
    Chester proposes to use WPA/WPA2-PSK with a universal, non-secret password; for example “free”.
  • SAP Application Server Security essentials: default passwords –
    So if you thing that you are great GRC Expert and trying to secure your SAP environment trying to solve a 5-dimentional cross-system SOD conflicts there are some things you must do right now.
  • Searching for Sensitive Data Using URL Shorteners –
    So simple that such services can also be used by the bad guys to distribute malicious URLs in pseudo-safe addresses.
  • Where’s the 0x1337beef? –
    When working through the plethora of issues published in October’s patch-extravaganza, there was one particular vulnerability that I felt compelled to investigate.


  • CVE-2010-3654 Adobe Reader 0 day + CVE-2010-2883 Flash + Reader PDF Federal Benefits –
    CVE-2010-3654 Adobe Flash Player and earlier on Windows, Mac OS X, Linux, and Solaris and and earlier on Android, and authplay.dll (aka AuthPlayLib.bundle or in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.

Other News:

  • Computer glitch takes out ATMs, online banking on a massive scale? –
    According to the Orange County Register, some customers of Bank of America and Wells Fargo were unable to access online banking.
  • Researchers Working Toward Processor-Specific Attacks –
    Now research out of Frances  Ecole Superiore d’Informatique, Electronique, Automatique (ESIEA) moves a step closer to that goal: identifying a method for isolating the processor used by anonymous systems for the purpose of subverting that hardware.
  • All-in-One Skimmers –
    The model displayed here is designed to work on specific Diebold ATMs, and can hold a battery charge for two to four days, depending on ambient temperature and the number of customers who pull money out of the hacked ATM.
  • Angry Birds Trojan –
    To demonstrate this, Jon had also uploaded several other applications to Marketplace: Fake Contact Stealer, Fake Location Tracker and Fake Toll Fraud. These would be launched by the Angry Birds trojan.
  • Fedora criticised for hacker tool ban –
    In the end, the Fedora board decided against the tool to prevent potential legal claims against Fedora – even the sharing of hacker tools is an offence in some countries.
  • PGP Disk Encryption Bricks Upgraded Macs –
    Some Apple Mac users who rushed to upgrade their systems with the company’s latest security patch were left to scramble for help after a conflict with disk encryption software from PGP rendered the upgraded Macs un-bootable.
  • VERIS Community application launched –
    Last March, we publicly released the Verizon Enterprise Risk and Incident Sharing (VERIS) framework used to collect data for the DBIR series.