Event Related

  • Bsides Boston – youtube.com
    Security BSides Boston is a community driven event, created by information security professionals. The goal of Security BSides is to expand the security communication and expand the community. Over 200 students, technologists and information security professionals participate each year in Cambridge, MA. Don’t miss out and register today!! (as this event is expected to be sold out).

Resources

  • Mobile Hotspots – cs.fau.de
    Passwords have to be secure and usable at the same time, a trade-off that is long known. There are many approaches to avoid this trade-off, e.g., to advice users on generating strong passwords and to reject user passwords that are weak.
  • Reversing Basics Part 2: Understanding the Assembly – blog.opensecurityresearch.com
    This is the second blog post in a three part series. In the first post, we reviewed the structure of a simple C program. In this installment, we will cover disassembling this program, and reviewing the Assembly code generated by the compiler, GCC.
  • Announcing: the ULTIMATE SANS Pen Test Poster! – pen-testing.sans.org
    I am super excited to announce the release of our brand-new SANS Ultimate Pen Test Poster! Three months in the making, this poster is chock full of tips, tricks, ideas, tools, resources, references, practice environments, and much much more, all focused on helping penetration testers and related security professionals excel in their work.
  • The Problem With Networks ….. – blog.spiderlabs.com
    Where do I start with this open-ended statement? I guess from a pen testing perspective, quite a lot. Internal pen test results tend to open up a can of worms for a company.

Tools

  • EMET 4.0 now available for download – blogs.technet.com
    We are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit, best known as EMET, is now finally available for download.

Techniques

Vendor/Software Patches

  • Critical Update Plugs 40 Security Holes in Java – krebsonsecurity.com
    Oracle today released a critical patch update for its Java software that fixes at least 40 security vulnerabilities in this widely deployed program and browser plugin. Updates are available for Java 7 on both Mac and Windows.
  • HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On – isc.sans.edu
    HP released a security bulletin on a potential remote unauthorized access with HP Integrated Lights-Out iLO3/iLO4 using Single-Sign-On.
  • Linkedin DNS Hijack – Update – isc.sans.edu
    LinkedIn had its DNS “hijacked”. There are no details right now, but often this is the result of an attacker compromissing the account used to manage DNS servers.But so far, no details are available so this could be just a simple misconfiguration.

Vulnerabilities

Other News