Events Related:
- Derbycon
I will admit there is limited spacing, we rented the entire second floor of the Hyatt and tickets will go fast.- new hacker con, hell of speaker list: DerbyCon – reddit.com
- Derbycon Teaser Video and website launch date announced – secmaniac.com
- ShmooCon CTF Warmup 2011 – cylab.cmu.eduA couple of PPP members (awesie, tylerni7) participated in the ShmooCon CTF Warmup. It was lots of fun and awesie got the prize! We also figured we should post a write-up for #3.
Resources:
- Ubertooth video and news – ossman.blogspot.com
This will be a longer presentation telling the complete story of the development of Project Ubertooth and demonstrating new capabilities of the platform (hopefully with working Ubertooth One prototypes). - How To Deploy IPv6 Securely – readwriteweb.com
The number of available IPv4 addresses is expected to run out in less than a year, as we’ve reported before. - MobileSubstrate wiki - iphonedevwiki.net
MobileSubstrate consists of 3 major components: MobileHooker, MobileLoader and safe mode.
Tools:
- SSL Diagnos is used to get information about SSL usage – sourceforge.net/projects/ssldiagnos/
It can also be used for testing and rating ciphers on SSL clients. It has also specific support for pop3s, sip, smtp and explicit ftps. - Nessus Viewer v1.0.0 released – vulnerabilitydatabase.com
Nessus Viewer enables IT Security auditors and penetration testers to quickly navigate inside Nessus reports by sorting and filtering each entry. - R-U-Dead-Yet Version 2.1 - chaptersinwebsucirity.blogspot.com
The forms and their post action url’s are now parsed correctly. So here comes v2.1 with the bug fix.
Techniques:
- Windows UAC Bypass now in Metasploit! – secmaniac.com
The Windows UAC bypass was committed to the Metasploit Framework today. - Flash Player Sandbox bypass
Unfortunately, these restrictions are not the same as, “cannot communicate with the network in any way” which is what is stated in the documentation.- Bypassing Flash’s local-with-filesystem Sandbox – xs-sniper.com
- Flash Player sandbox can be bypassed – h-online.com
- Metasploit SAP Management Console AUX Modules – blog.c22.cc
I see no ethical issue in releasing the information gathering modules that take advantage of this bug, as quite honestly, anybody with an SAP system and tcpdump could find this in a few minutes.
Vendor/Software Patches:
- Apple releases Mac OS X 10.6.6 update – h-online.com
Apple has now posted its detailed About the Mac OS X v10.6.6 Update knowledge base article.
Other News:
- Dell Acquisition of Secureworks
Dell announced they are acquiring SecureWorks, the MSSP, for an undisclosed sum.- HP(en!s) Envy: Dell Buys SecureWorks – securosis.com
- Dell to acquire SecureWorks – h-online.com
- Car Theft thru hacking
Car thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key.- Car Theft by Antenna – technologyreview.com
- Hacking your car for fun and profit – snosoft.blogspot.com
- US revamps science, technology standard-setting efforts – networkworld.com
The NIST has been given new marching orders: expand work with the private sector to develop standards for a range of key technologies such as cloud computing, emergency communications and tracking, green manufacturing and high performance green building construction. - Researchers Hack Internet Enabled TVs, Discover Multiple Security Vulnerabilities – securityweek.com
Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it’s likely that similar security flaws exist in other Internet TVs. - Researcher Develops Password Hacking Software for Wi-Fi Networks Using Amazon Web Services – readwriteweb.com
A researcher has developed software for breaking password protections used for wireless networks.
No comments yet.