Event Related

Resources

  • Nessus
  • The History of Programming Languages Infographic – veracode.com
    In a world of increasing inter-connectivity, programming languages form the foundation. Did you know that the first programming language is over 100 years old and was written by a woman, Ada Lovelace? Join as us we delve into the history, evolution, and prevalance of programming languages over the years.
  • Security Book Reviews – securitybookreviews.eu
    A selection of book reviews and suggestions for the Information Security Community, brought to you by the
    [dreamcats](http://dreamcats.org/) conspiracy.
  • Penetration testing of iPhone Applications – Part 4 – securitylearn.net
    In the first part of the article, we have discussed about the iPhone application traffic analysis. Second part of the article covered the privacy issues and property list data storage.
  • Cracking IKE Mission:Improbable (Part 2) – blog.spiderlabs.com
    A couple of weeks ago I posted Part 1 of Cracking IKE, detailing some useful techniques when cracking Aggressive Mode PSK hashes. In that post we saw that a hash is not always ‘crackable’ and additional steps are required in order to find a correct group name or ID.

Tools

Techniques

  • Enumerating Open Shares On The Buffalo Linkstation – 3vildata.com
    Since enumeration seems to be all the rage at the moment, I thought I’d chip in with my own, although admittedly very much less high-profile, one.
  • Open Security Research: Creating, Extracting, and Signing JARs – blog.opensecurityresearch.com
    Java Archive (JAR) is a cross-platform archive file format used to compress and bundle multiple files (e.g. Java class files), metadata and resources into a single file with the .jar file extension.
  • Can GDB’s List Source Code Be Used for Evil Purposes? – ioactive.com
    The following is a simple trick where you can use GDB as a trampoline to read a file which originally you don’t have enough permission to read. This trick could also be helpful in a binary capture-the-flag (CTF) or reverse engineering challenge.
  • Agilebits 1Password support and Design Flaw? – hashcat.net
    This week I finally finished the first milestone, the hashing part of TrueCrypt. That is PBKDF2-HMAC-Whirlpool, -RipeMD160 and -SHA512.

  • The beginners guide to breaking website security with nothing more than a Pineapple
    – troyhunt.com
    That’s an easy assumption to make because it’s hard to observe the risk of insufficient transport layer protection being exploited, at least compared to something like XSS or SQL injection. But it turns out that exploiting unprotected network traffic can actually be extremely simple, you just need to have the right gear.
  • Hacking and Rooting SOHO Home Routers – securityevaluators.com
    ISE researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points.

Vendor/Software Patches

Vulnerabilities

  • Linode Hacked Through ColdFusion Zero Day – threatpost.com
    Web hosting company Linode said it was compromised and that the attackers got access to its database, source code and customer credit card numbers.
  • If iOS is Less Secure, Why Does Android Get Attacked? – veracode.com
    Software vulnerabilities are the food that keeps viruses, malware and other attacks alive, right? If that’s the case, you’d expect that the software with the most vulnerabilities would also be the software facing, proportionally, the most attacks.

Other News

  • FISMA Reform Passes House on 416-0 Vote – bankinfosecurity.com
    The Federal Information Security Amendments Act would require federal agencies to continuously monitor their IT systems for cyberthreats and implement regular