Events Related

Resources

  • 2011 year In Review: Online Security Highlights and Lowlights – blog.zonealarm.com
    2011 was a big year in terms of online security. From well-publicized data breaches of major companies to the takedown of giant botnets, cybercrime made many headlines. And though hackers came up with more innovative ways to steal information and wreak havoc on the Web, the spotlight on online security vulnerabilities prompted both officials and average users to be more vigilant. Here, we recount the major online security highlights and lowlights of the year.
  • Book Release: hacking and Securing iOS Applications – viaforensics.com
    Jonathan Zdziarski’s new book “Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It,” is due out next month. Pre-order your copy now!

Tools

  • Lynis v1.3.0. Released – rootkit.nl/files/lynis-1.3.0.tar.gz
    Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
  • Patator – Brute Forcing Multi Purpose Tool – potator.googlecode.com
    Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like.
  • New Tools ByPass Wireless Router Security – krebsonsecurity.com
    Security researchers have released new tools that can bypass the encryption used to protect many types of wireless routers. Ironically, the tools take advantage of design flaws in a technology pushed by the wireless industry that was intended to make the security features of modern routers easier to use.
  • UPDATE: OWASP AJAX Crawling Tool 0.2a! – code.google.com/p/fuzzops-ng/downloads/list
    OWASP AJAX Crawling Tool is a tool which will automate the crawling of AJAX applications. It can be daisy-chained with other proxies (like ZAP or Burp) to allow the functionality of those tools to be used on aspects of a web app that traditional spidering tools will miss.
  • Calculating a SSH Fingerprint From a (Cisco) Public Key – blog.didierstevens.com
    I developed a small Python program that calculates a SSH fingerprint from the public key. You store the public key in hex format in a file and use that with this new tool.

Techniques

  • Java Dynamic Instrumentation Crash Course
    This is the first in a series of several ways to go about doing dynamic instrumentation in Java. I will be making use of the Javassist bytecode manipulation library for this series. In this first post, I will be going over Java dynamic instrumentation used within the main program. First, you will need Java installed (of course) and the Javassist jar file (I am using version 3.15). While the Javassist API documentation will provide a thorough description of the classes and functions involved, I will be covering the basics.
  • Heap Overflows for Humans 102.5 – net-ninja.net
    Hi folks. Sometime ago, I discussed an old, but important technique for exploiting application specific heap overflows under windows XP SP3. Today, I am going to discuss another important technique  and give an introduction to my immunity debugger plug-in tool called !heaper!
  • Fun With BSD-derived Telnet Demons - community.rapid7.com
    A port of this exploit to the Metasploit Framework is in progress and we just added a scanner module that can be used to identify vulnerable instances of the telnet service. This module tries to trigger the vulnerability with an invalid pointer, causing the inetd-spawned process to exit. Since this process automatically respawns, it should be safe to scan all affected inetd-based systems.
  • Cracking WPA in 10 Hours or Less – devttys0.com
    The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours.
  • Jumping to another network with VPN pivoting – community.rapid7.com
    VPN Pivoting is one of the best but also most elusive features in Metasploit Pro, so the best way is to see it. That’s why I’ve decided to post a snippet of a recent webinar, where HD Moore shows this feature in action.
  • ZoneTransfer.me – digininja.org
    When teaching, and when talking to clients, I sometimes have to explain the security problems related to DNS zone transfer. The problem usually comes when trying to demonstrate how it works and what information can be leaked, trying to remember which domains have zone transfer enabled and then hoping that they still have it turned on can make it hard. So, to ease both of these problems I’ve registered zonetransfer.me, a domain which is easy to remember and which will always have zone transfer enabled.
  • Exploit Writing Tutorial Part 11 : Heap Spraying Demystified – corelan.be
    With this tutorial, I’m going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer browsers. I’ll start with some “ancient” (“classic”) techniques that can be used on IE6 and IE7. We’ll also look at heap spraying for non-browser applications.

Vendor/Software Patches

  • Microsoft Security Bulletins MS11-100 – Critical - technet.microsoft.com
    This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.

Vulnerabilities

  • From 0Day to 0Data: TelnetD – dankaminsky.com
    Recently, it was found that BSD-derived Telnet implementations had a fairly straightforward vulnerability in their encryption handler. (Also, it was found that there was an encryption handler.) Telnet was the de facto standard protocol for remote administration of everything but Windows systems, so there’s been some curiosity in just how nasty this bug is operationally.
  • Wi-Fi Protected Setup (WPS) PIn brute Force Vulnerability – isc.sans.edu
    Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 – available since January 2007) designed to ease the process of securely setup Wi-Fi devices and networks. A couple of days ago US-CERT released a new vulnerability note, VU#723755, that allows an attacker to get full access to a Wi-Fi network (such as retrieving your ultra long secret WPA2 passphrase) through a brute force attack on the WPS PIN.

Other News

  • Naval researchers pioneer TCP-based spam detection – itworld.com
    A group of researchers from the U.S. Naval Academy has developed a technique for analyzing email traffic in real-time to identify spam messages as they come across the wire, simply using information from the TCP (Transmission Control Protocol) packets that carry the messages.
  • Huge portions of Web vulnerable to denial-of-service attack – arstechnica.com
    Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables. Announced publicly on Wednesday at the Chaos Communication Congress event in Germany, the flaw affects a long list of technologies, including PHP, ASP.NET, Java, Python, Ruby, Apache Tomcat, Apache Geronimo, Jetty, and Glassfish, as well as Google’s open source JavaScript engine V8.
  • QR Code Malware Picks Up Steam – darkreading.com
    As mobile marketers have latched onto the convenience and cool-factor of QR codes, hackers are starting to take advantage of these square, scannable bar codes as a new way to distribute malware.
  • Appeals Court Revies EFF’s Challenge to Government’s Massive Spying Program – eff.org
    The 9th U.S. Circuit Court of Appeals today blocked the government’s attempt to bury the Electronic Frontier Foundation’s (EFF’s) lawsuit against the government’s illegal mass surveillance program, returning Jewel v. NSA to the District Court for the next step.
  • New Year’s Resolution: Full Disk Encryption On Every Computer You Own - eff.org
    Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues.  Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. Best of all, it’s free. So don’t put off taking security steps that can help protect your private data. Join EFF in resolving to encrypt your disks 2012.