Techniques

  • Breaking into and Reverse Engineering iOS Photo Vaults – blog.ioactive.com
    For whatever reason, a lot of people store risqué pictures on their devices. Why they feel the need to do that is left for another discussion. This behavior has fueled a desire to protect photos on mobile devices.
  • Sleepy Puppy Extension for Burp Suite – techblog.netflix.com
    Netflix recently open sourced Sleepy Puppy – a cross-site scripting (XSS) payload management framework for security assessments. One of the most frequently requested features for Sleepy Puppy has been for an extension for Burp Suite, an integrated platform for web application security testing.

Resources

  • Microsoft Security Intelligence Report Volume 19 is now available – blogs.microsoft.com
    This includes threat data from the first half of 2015 as well as longer term trend data on the industry vulnerabilities, exploits, malware, and malicious websites that your organization should use to assess your current security posture. We are also providing threat data for over 100 countries/regions.

Tools

  • dnscat2: now with crypto! – github.com
    This change introduces cryptography to dnscat2! All connections are now encrypted by default.
  • MassBleed – github.com
    MassBleed SSL Vulnerability Scanner
  • Nmap 7 Released – nmap.org
    The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 7.00. It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012.
  • PwnBin – github.com
    PwnBin is a webcrawler which searches public pastebins for specified keywords. All pastes are then returned after sending completion signal ctrl+c.
  • Aircrack-ng 1.2 Release Candidate 3 – aircrack-ng.blogspot.com
    Third release candidate and hopefully this should be the last one. It contains a ton of bug fixes, code cleanup, improvements and compilation fixes everywhere. Some features were added: AppArmor profiles, better FreeBSD support, including an airmon-ng for FreeBSD

Vulnerabilities

  • PNG pongs: critical bug patched in ubiquitous libpng – www.theregister.co.uk
    This will not be fun: the graphics processing library libpng has a vulnerability and needs to be patched. The problem for that is that libpng is everywhere – in browsers, anything that processes photos to produce thumbnails, file browsers, music players, in applications in every operating system.
  • Siri’s Flaw: Apple’s Personal Assistant Leaks Personal Data – blog.trendmicro.com
    Siri for iOS devices has made everyday tasks easier; whether it is getting directions to the nearest gas station or staying in contact with growing social media networks. iOS users can just call out a contact’s name and the device will populate with a telephone number and email address. However, convenience comes with a price: personal information.

Other News

  • California’s Cyber Security Policy Is Now the Strongest in the U.S. – tech.co
    Technology solves a lot of problems, but it can also help contribute to new ones. Cyber attacks are on the rise and they don’t appear to be letting up. One of the dilemmas that the digital age has created is the conundrum concerning the extent to which digital content can be considered private.