Hackfest Optimized: November 4 to November 5 in Quebec

BSides DFW: November 5 to November 6 in Irving

BSides Atlanta: November 4 in Atlanta

BSides Delaware: November 1 to November 12 in New Castle

SC Congress: November 16 in New York

And here are the information security events in the other parts of the world:

Kiwicon V: November 4 to November 6 in Wellington

PACSEC Tokyo: November 9 to November 10 in Tokyo

SANS Paris 2011: November 14 to November 18 in Paris

SANS Geneva: November14 to November 19 in Geneva

SOURCE Barcelona: November 14 to November 17 in Barcelona

e-Crime India: November 9 in Mumbai

e-Crime Abu Dhabi: November 23 in Abu Dhabi

• Crack Me If You Can DefCon 2011 Insidepro team – contest.korelogic.com
  First of all, I must say that this year’s contest was a big improvement over last year. Not that last year was boring, far from that, but the feedbacks given last year were well understood and rectified this year. The weighted points depending on the hashing algorithm made much more sense. The bonuses and the challenges added a lot more spice and need for strategies.
• Rootcon 5: A Summary – sunbeltblog.blogspot.com
  I’m not saying all of my trips go horribly wrong, but exploding toilets, 1984 style televisions, badges that make no sense, surprises in alleyways and emergency fuel dumps could perhaps convince you otherwise. You’ll be pleased to know Rootcon 5 went off without a hitch (well, besides the earthquake drill, the eleven hours at Guangzhou airport and the lady with the foot in her face) and a great time was had by all.

Tools

• XCat: Exploit Boolean XPath Injections! - github.com/orf/xcat/downloads
  Prior to getting acquainted with XCat, let’s know what an XPath Injection actually is. XPath is a language for addressing parts of an XML document, designed to be used by both XSLT and XPointer.
• Multiple Dictionaries or Wordlists Using John The Ripper – room362.com
  John the ripper only takes one word list at a time. There are plenty of docs out there that show you how to cat all of your dictionaries into John’s stdin function but I like to run rules against my lists and I didn’t see any how-tos on doing this. Here is my way.
• UPDATE: BeEF v0.4.2.9 alpha! - code.google.com/p/list/downloads/list
  BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
• UPDATE: NetworkMiner 1.1! – sourceforge.net/projects/networkminer/files/networkminer
  NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files
• UPDATE: BodgeIT v1.2.0!- code.google.com/p/bodgeit/download/list
  The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
• Lilith Web Application Security Tool – darknet.org.uk
  LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html form tags , which often refer to dynamic pages that might be subject to SQL injection or other flaws. It works as an ordinary spider and analyses pages, following hyperlinks, injecting special characters that have a special meaning to any underlying platform.
• Open Source Tool Enables Security Tests For Chip Cards – h-online.com
  At this year’s Black Hat Conference, crypto expert Karsten Nohl of SRLabsdemonstrated the degate tool that can be used to take a closer look at applications stored on smartcards, such as credit cards and SIM cards.

Techniques

• Remote Windows SAM retrieval with VBScript – ox90.co.uk
  There’s no denying that PSExec and FGDump are useful tools on a infrastructure penetration test. FGDump is a problem however, in the fact that it needs to inject into a running process (lsass.dll) and therefore is often blocked by antivirus.
• DB2 SQL Injection: Select With Nth Row Without Cursors – pentesterconfessions.blogspot.com
  Well I’ve looked all over the net for this solution and I could not find the answer so after much trial an error I was able to build my own solution. Lets say you need to query one row at a time from DB2 and you cannot use cursors and specifically you need to query sysibm.systables. I came up with this solution and there may be a more elegant way but this worked.
• Reverse Shell One Liners – bernardodamerle.blogspot.com
  Inspired by the great blog post by pentestmonkey.net, I put together the following extra methods and alternatives for some methods explained in the cheat sheet. There is nothing cutting edge, however you may find this handy during your penetration tests.
• Pentesting WP7 Apps Part 1 – intrepidusgroup.com
  With over 30,000 apps in the marketplace within a year of launch, Microsoft’s Windows Phone 7 platform seems to grabbing consumer attention slowly but steadily. Though the installed user base is nowhere close to that of Android or iOS, Gartner’s predictions notwithstanding, in the last few months we’ve seen an increasing interest from companies on this new mobile platform.
• Who is Logged In? A Quick Way To Pick Your Targets – room362.com
  Say you go for the 500+ shells on an internal test or your phishing exersice goes way better than you thought. Well you need to get your bearings quickly and going into each shell and doing a ps, then looking through the list for all the users logged in is a bit of a pain and defintely not ideal.
• Exploiting The WordpPress Extension Repos – spareclockcycles.org
  Today’s post is kind of long, so I thought I should warn you in advance by adding an additional paragraph for you to read. I also wanted to provide download links for those who’d rather just read the code. It isn’t the cleanest code in the world, so I apologize in advance. I discuss what all of these are for and how they work later on in the post, so if you’re confused and/or curious, read on.

Vendor/Software Patches

• Adobe Closes 14 Holes In Reader and Acrobat – h-online.com
  Adobe has released new versions of Reader and Acrobat to close several critical security holes. Versions 10.x, 9.x and 8.x of both products for Windows, Linux and Mac are affected. Adobe recommends that Reader X and Acrobat X users update to version 10.1.1 as this version offers added protection under Windows through its sandbox.

Other News

• Certificate hacker probably paid by Iran, say victimized firms - computerworld.com
  The CEO of a certificate-issuing company that was hacked in March is even more certain now that a wave of attacks against similar firms is backed by the Iranian government.
• U.S. Agencies Making Progress In Cybercrime – computerworld.com
  U.S. government agencies are getting better at sharing information about cyberattacks with private companies, but cybercrime shows no signs of slowing down, cybersecurity experts told lawmakers Wednesday.
• Seven Ways You Give Thieves Dibs On Your Database – darkreading.com
  Every new data breach that hits the headlines snowballs the embarrassment for the IT security community, especially because this constant follies show revolves around recurring themes.
• U.S. and Australia to add cyber-realm in defense pact – news.cnet.com
  Cyberattacks are about to carry even more weight, with the United States and Australia expected to include them in a mutual defense treaty.The two nations will declare the cyber realm to be part of the 60-year-old treaty tomorrow, Reuters reports. The inclusion will mean that a cyberattack on one country could lead to a response by both.
• Italian Researcher Finds More SCADA Holes – news.cnet.com
  An Italian researcher has uncovered at least a dozen security flaws in software used in utilities and other critical infrastructure systems, prompting security advisories from the U.S. government.

• DefCon 2011
  Leftover notes and resources five weeks after.
• Crack Me If You Can teams – contest.korelogic.com
• Crack Me If You Can InsidePro – contest.korelogic.com
• Crack Me If You Can team john users – contest.korelogic.com
• The Art of Exploiting Lesser Known Injection Flaws Revealed At BlackHat – penetration-testing.7safe.com
  The audience at Black Hat, Las Vegas were recently engaged by an interactive workshop titled ‘The Art of Exploiting Lesser Known Injection Flaws’ presented by 7Safe renowned security researchers Sumit Siddarth and Aleksander Gorkowienko.

Resources

• OWASP Goatdroid - code.google.com/p/owasp-goatdroid/
  The OWASP GoatDroid Project pays homage to the OWASP WebGoat Project. It is a fully functional and self-contained environment for learning more about vulnerabilities and security issues for the Android platform.
• Identifying And Detecting Security Breaches – usa.visa.com
  Visa has a slidedeck posted Identifying and Detecting Security Breaches. Sounds fun! If you’ve been around security for a while, nothing will be new in this deck, but it’s a nice and short to breeze through for ideas if something is missing in your enterprise security posture. Every bullet point also makes for a decent item to review or ask your team (if you have one) to describe how it is handled. (I do believe in role-playing!)
• The Big Fat Metasploit Post – securityaegis.com
  A while ago we tried to identify a core toolset that every pentester should start with or couldn’t live without. The first article focused on Nmap, The second on our list is none other than the exploit framework Metasploit. Instead of reinventing the wheel with Metasploit guides we decided to take all the disparate info on using Metasploit and put it into one place, starting from the basics all the way to advanced testing.

Tools

• The Zaproxy files – code.google.com/p/zaproxy/downloads/list
  An easy to use penetration testing tool.
• WCE v1.2 64-bit version released – hexale.blogspot.com
• The ERPScan WEBXML Checker! – erpscan.com/products
  As all of us know the importance of SAP (short for Systems, Applications and Products) systems. We also know that with increased exposure to new technologies, newer vulnerabilities are found. ERPScan WEBXML Checker, is a new tool from who we consider as a leading entity involved with discovering new SAP related vulnerabilities.

Techniques

• A deeper look at ms11 – 058 – skullsecurity.org
  Two weeks ago today, Microsoft released a bunch of bulletins for Patch Tuesday. One of them – ms11-058 – was rated critical and potentially exploitable. However, according to Microsoft, this is a simple integer overflow, leading to a huge memcpy leading to a DoS and nothing more. I disagree.
• Password Tracking In Malicious iOS Apps – software-security.sans.org
  In this article, John Bielich and Khash Kiani introduce OAuth, and demonstrate one type of approach in which a malicious native client application can compromise sensitive end-user data.
• Apache HTTPD Killer Remote Denial of Service – eromang.zataz.com
  Kingcope has release, the 19 August, on Full disclosure mailing-list a perl script named “killapache.pl“ how can cause to Apache HTTPD Web server a remote denial of service (DoS). The DoS could be done by the attacker with a low requirement of ressources (CPU, memory and bandwidth) causing the targeted Web server to consume a big amount of ressources (CPU and memory). Apache HTTPD 2.0 and 2.2 series are affected by this vulnerability.
• Setting up a persistent trusted CA in an Android emulator - intrepidusgroup.com
  Setting up a persistent trusted CA in the Android emulator is a common problem, encountered any time we assess an application within an emulator, that use SSL properly. The goal is to man-in-the-middle (MITM) traffic from an application running in the Android emulator.
• IIS Search Verb Directory Listing – room362.com
• My Flash 9 Workflow - www.l1pht.com/2011/08/my-flash-9-workflow/
  Just recently I’ve tested a number of web applications that made heavy use of Adobe Flash. Considering I didn’t find a whole lot when I was searching I thought I’d document my current workflow.
• SSH Cheat Sheet – pentestmonkey.net
  SSH has several features that are useful during pentesting and auditing.  This page aims to remind us of the syntax for the most useful features.

Vendor/Software Patches

• Microsoft Releases New Versions of Software Security Tools – threatpost.com
  Microsoft has released new versions of several of its software security tools, including itsThreat Modeling Tool and a pair of fuzzers. All of the tools are part of the company’s Security Development Lifecycle program, which it has been sharing with external organizations for a few years now.

Other News

• BART, Anonymous, and a girl hacker
  The purported hacker who infiltrated the BART’s Police Officers Association website today claims to be a French girl (“Humiliating, huh?”) who executed her first hack, SF Weekly has learned. SF Weekly chatted online with someone who claimed to be the mind behind today’s attack.
• BART Police Website Hacker Claims To Be French Girl On First Hack part 1 – blogs.sfweekly.com
• BART Police Website Hacker Claims To Be French Girl On First Hack part 2 - blogs.sfweekly.com
• Randomly generated passwords at myBART – lightbluetouchpaper.org
• The Great RSA Hack
  The current theory is that a nation-state wanted to break in to Lockheed-Martin and Northrop-Grumman to steal military secrets. They couldn’t do it, since these companies were using RSA SecurID tokens for network authentication. So, the hackers broke into RSA with a targeted email attack.
• How We Found The File That Was Used To Hack RSA - f-secure.com
• Researchers Recover RSA Phishing Attack, Hiding In Plain Sight - wired.com
• Android Malware Explodes, iOS Remains Safe – wired.com
  According to a report by antivirus software maker McAfee, Android is now the “most attacked mobile operating system,” with a jump in malware attacks of 76 percent in the last quarter. This impressive win is even more so when you consider that Android “outpaces second place Java ME threefold”.

• OWASP AppSec 2011
  Capture The Flag briefings
• Capture The Flag – www.appsecusa.org/ctf.html
• AppSecUSA CTF! Another Write Up – notsosecure.com

Resources

• Whitepaper “Python Arsenal For Reverse Engineering” - dsecrg.com
  This whitepaper (beta release) is a collection of various Python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. The collection consists of more than 40 projects. This document is intended to show the power of Python for RE and also an attempt to systematize a knowledge of the python for RE. This document is useful for beginners and advanced professionals of RE.
• Australian Department of Defence –  iOS Hardening Configuration Guide – djtechnocrat.blogspot.com
  Parts of this guide refer to features that require the engagement of the technical resources of your telephony carrier, firewall vendor, or Mobile Device Management vendor. While every effort has been made to ensure content involving these third party products is correct at the time of writing, you should always check with these vendors when planning an implementation.
• Smartphone Whitepapers - iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html
  Smartphone (iOS, Android, Blackberry, Windows)  guidance documents.

Tools

• Skipfish
  Skipfish is a fully automated, active we application security reconnaissance tool. Its key features are high speed, ease of use, and cutting edge security logic.
• UPDATE: Skipfish 2.01b! – code.google.com/p/skipfish/downloads/list
• UPDATE: Skipfish 2.02b! – code.google.com/p/skipfish/downloads/list
• UPDATE: SQLNinja 0.2.6-rc1! – sourceforge.net/projects/sqlninja/files/sqlninja/
  Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
• UPDATE: Risu v1.4.5! – github.com/hammackj/risu/archives/master
  Risu is a Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
• UPDATE:  BeEF v0.4.2.7-alpha! – code.google.com/p/beef/downloads/list
  BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
• UPDATE: ZAProxy v1.3.1! - code.google.com/p/zaproxy/downloads/list
  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
• Vega – Open Source Cross Platform Web-Application Security Assessment Platform – darknet.org.uk
  Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
• TLSSLed v1.1 – blog.taddong.com
  A few weeks ago we released TLSSLed v1.0 with the goal of helping organizations to test their SSL/TLS (HTTPS) implementation for common flaws and misconfigurations. Today, we release an updated version, v1.1, that includes some additional tests.
• Durandal: A Distributed CPU/GPU Hashcracker! – durandal-project.org/download.html
  Durandal is a distributed GPU/CPU computingsoftware that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment x64 platforms.
• Sniffer files - github.com/sirg3/Sniffer
  Sniffer is an unoriginally-named packet sniffer with the unique ability of determining which application a packet is coming from (or going to). At the moment it is little more than a prototype to prove that the idea works.
• WebSurgery: A Web Application Secuity Toolkit – www.surgeonix.com/blog/downloads/websurgery/websurgery.zip
  It is a suite of tools for security testing of web applications. It is designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer and Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms.
• Twitter Archiver - blog.stalkr.net
  Twitter is great to get and share information, quickly. But it is all web 2.0 and you cannot use a simple cat or grep to view or search your tweets. I would like to have tweets saved in simple text format: date, user, text – one per line. So here comes Twitter Archiver, a small python script using PTT to archive any public timeline of tweets, in simple text format. Script: archiver.py, patch: archiver.diff.

Techniques

• Shellcode Anatomy
  Hackers are becoming more sophisticated and are investing resources to evade anti-malware detection. As recent breaches have shown, hackers are already seeing the fruits of their labor. In these spear-phishing attacks, the hacker gained access by sending out files (whether PDF, Excel or Word docs) to company employees. All that was needed was a single individual to open that file – and the attacker penetrated the organization.
• Part I of IV – blog.imperva.com
• Part II of IV – coming next week!
• Detecting LDAP Injections – rapid7.com
  It all started to go wrong when Web applications started to replace internal desktop applications in many companies around the globe and one manager proposed: “We should authenticate access to this application using our Active Directory!”
• Reversing Jailbreakme.com 4.3.3 - intrepidusgroup.com
  Wednesday, @comex came out with a new user-level jailbreak available on jailbreakme.com. I wanted to understand exactly how this exploit is able to get root so easily. Here is my workflow, and preliminary analysis of the exploit.
• Decoding Data Exfiltration – Reversing XOR Encryption – crucialsecurityblog.herris.com
  One of the first and most important questions that intrusion analysts are asked after a network attack is “did they steal anything?”. And if so, “what did they take?”. Often, this is also one of the most challenging questions to answer when the analyst only has a post-intrusion forensic image to work with. Frequently, the analyst’s primary objective becomes identifying and locating data exfiltration files.
• SRF Exploit for Joomla 1.6.3 or Lower – sectechno.com
  New exploit has been published that are targeting Joomla 1.6.3 or lower version the vulnerability  allow an attacker to create a specially crafted URL that would execute arbitrary script code on  victim’s browser.
• Injecting O2 into another .NET Process (in this case NUnit.exe) – o2platform.wordpress.com
  Here is a pretty powerful example of what can be done with O2′s .NET reflection APIs. The objective is to start NUnit under the control of an O2 script and to add a new feature to NUnit (in this case a new error viewer)
• Hacking With JSP Shells – netspi.com
  Most enterprise datacenters today house at least a few web servers that support Java Server Pages (JSP). In my experience, at least one will suffer from vulnerabilities that can be leveraged to upload JSP shells and execute arbitrary commands on the server (this especially seems to be the case with preconfigured appliances).
• JavaScript Obfuscation in Metasploit – community.rapid7.com
  As of this writing, Metasploit has 152 browser exploits. Of those, 116 use javascript either to trigger the vulnerability or as a means to control the memory layout of the browser process [1]. Right now most of that javascript is static. That makes it easier for anti-virus and IDS folks to signature. That makes it less likely for you to get a shell.

Other News

• Exclusive first interview with key LulzSec hacker – newscientist.com
  It was early May when LulzSec’s profile skyrocketed after a hack on the giant Sony corporation. LulzSec’s name comes from Lulz, a corruption of LOL, often denoting laughter at the victim of a prank. For 50 days until it disbanded, the group’s unique blend of humour, taunting and unapologetic data theft made it notorious.
• iOpener: How Safe is your iPhone data! – h-online.com
  The greatest current risk for iPhone owners is not viruses or malicious web pages, it is the danger that the phone might fall into someone else’s hands. Although iPhones do offer elaborate security mechanisms, these mechanisms won’t stand up to an imaginative hacker.
• AusCERT jumps the gun on BIND bug release - risky.biz
  AusCERT has broken an embargo, accidentally and prematurely broadcasting a security bulletin pertaining to multiple vulnerabilities in the BIND DNS server earlier today.
• Vsftpd backdoor discovered in source code – update – h-online.com
  Chris Evans, aka Scary Beasts, has confirmed that version 2.3.4 of vsftpd’s downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd – which is described on its web site as “probably the most secure and fastest FTP server for Unix-like systems” – was alerted on Sunday to the fact that a bad tarball had been downloaded from the vsftpd master site with an invalid GPG signature. It is not known how long the bad code had been online.
• Cracking DES faster with John the Ripper – h-online.com
  Version 1.7.8 of John the Ripper, a free password cracker, promises to be up to 20 per cent faster when cracking the Data Encryption Standard (DES) algorithm. The increase in speed is achieved by improvements in the processing of S-box. Although AES (Advanced Encryption Standard) has long been the encryption standard of choice, encryption and decryption with (triple) DES remain useful techniques.
• Which Banks Are Enabling Fake AV Scams? – krebsonsecurity.com
  Fake antivirus scams and rogue Internet pharmacies relentlessly seek customers who are willing to trade their credit card numbers for a remedy. Banks and financial institutions become partners in crime when they process payments to fraudsters.
• Malware Exploit Found for iOS Devices By German Researchers – readwriteweb.com
  Germany’s Federal Office for Information Security issued a warning today that iPhones, iPads and the iPod Touch have “critical weaknesses,” the Associated Press reports. The malware is delivered by an infected PDF that can affect the user’s device without them knowing. The same result would occur when a user visits a website with an infected PDF.
• ‘Sophisticated Cyberattack’ Hits Pacific Northwest National Lab – darkreading.com
  Pacific Northwest National Labs, a research and development facility operated under contract to the Department of Energy, was attacked during the long holiday weekend and is still struggling to restore IT services.
• DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools – fastcompany.com
  A top Department of Homeland Security (DHS) official has admitted on the record that electronics sold in the U.S. are being preloaded with spyware, malware, and security-compromising components by unknown foreign parties.

• Defcon 19  Quals
  For the third year, I competed with team Shellphish in the Defcon quals. We pulled through with some amazing points at the end to finish in 8th place. My successful contributions, however, were really only with respect to Forensics 100 and 300
  • Defcon 19 Quals Forensics 100 and Forensics 300 solution – bryceboe.com
  • Defcon 19 CTF Pre-Quals: Binary 100 Challenge – blog.securestate.com
  • Defcon 19 CTF Quals: Forensic – 300 – blog.securestate.com
  • Defcon CTF Quals 2011 – Retro 400 – leetmore.ctf.su
  • Defcon CTF Quals 2011 – Pwnables 400 – leetmore.ctf.su
  • GB200 writeup DEFCON CTF quals – nonroot.blogspot.com
  • Quals files collection – daxnitro.com/quals/
  • Defcon 19 Quals Write-up List – rogunix.com/defconquals19.html
  • Pwntent Pwnables 200 Writeup – auntitled.blogspot.com
  • Shell-Storm CTF resources – repo.shell-storm.org/CTF

Resources

• AppSecEU Presentations
  • Brad Arkin of Adobe Corp
  • David Stubley’s APT in a nutshell
  • Giles Hogben INISA
  • Arian Evans on Whitehat Security
• Wordlists from Sownage – l1pht.com
  Here are a few cleaned up wordlists from the sownage files.  There are more than a few throwaways in use here, but it still might be worth a run in a few specific situations.
• TDSS and hacking the hackers – blog.eset.com
  If you’ve been following the research we’ve been publishing (spearheaded by my Russian colleagues Aleksandr Matrosov and Eugene Rodionov) you’ll be aware that the TDL rootkit family doesn’t make use of OS’s own file system.

Tools

• Skipfish Update
  Skipfish is a fully automated, active web application security reconnaissance tool. Its key features: High speed, Ease of use, Cutting-edge security logic.
  • UPDATE: Skipfish-1.91b! – code.google.com/p/skipfish/downloads/list
  • UPDATE: Skipfish-1.92b! - code.google.com/skipfish/downloads/list
• UPDATE: Nmap 5.52.IPv6.Beta2! - nmap.org
  Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
• UPDATE: SWFRETools v1.2.0! – github.com/sporst/SWFREtools/downloads
  The SWFRETools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files. The tools are partly written in Java and partly in Python and are licensed under the GPL 2.0 license.
• UDPATE: ZAProxyv1.3.0! - code.google.com/zaproxy/downloads/list
  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
• RADARE: Reverse engineering framework – radare.nopcode.org
  Opensource tools to disasm, debug, analyze and manipulate binary files. There are small tools also included for better deguging, graphs can be used to link and have a better idea over of the binary.
• Burpsuite free edition v1.4 released – blog.portswigger.net
  This is a major upgrade with numerous new features, including: The ability to compare site maps, functions to help with testing access controls using your browser,support for preset request macros, session handling rules to help you work with difficult situations etc.
• SecureState Releases New Tool  For Footprinting 802.1x Wireless Networks – blog.securestate.com
  Today, SecureState is releasing a new tool for footprinting 802.1x wireless networks called EAPeak. EAPeak is a Python powered script that is meant to parse useful pieces of information for a Security Assessment of wireless networks that use the Enterprise Authentication Protocol.

Techniques

• Defcon Obfuscation Technique
  Feds aren’t the only ones who are paying attention to the demonstrations at security conferences like Black Hat and DEFCON – the folks who actually don the black hats are, also.That point was driven home this week by Kaspersky Lab researcher Marta Janus, who blogged about an interesting new code obfuscation technique that she discovered while analyzing a Polish e-commerce Web site that had been compromised.
  • Hackers Pinch Obfuscation Technique From Defcon presentation – threatpost.com
  • Dangerous Whitespaces – securelist.com

• Using Nmap for Pentesting eDirectory – cqure.net
  While doing a security review the other day I came across Novell eDirectory running on Windows. It’s been a while since I looked at eDirectory and while it’s a lot of LDAP, the servers were also running the Netware Core Protocol (NCP).

Vendor/Software Patches

• Microsoft Patch Tuesday (Tomorrow!)
  Microsoft has announced that it plans to release 16 security bulletins on Tuesday 14 June. The company rates nine of the bulletins as critical; the remaining seven are considered to be “Important”. According to Microsoft, the bulletins will patch a total of 34 vulnerabilities in its products.
  • Microsoft Many Critical Vulnerabilities on Patch Tuesday – h-online.com
  • June Advance Notification Service And 10 Immutable Laws Revisited – blogs.technet.com
• Flash Player Updates
  Adobe and VideoLAN have released security updates for some of their software programs today. Adobe released a new version of Adobe Flash Player which fixes a security vulnerability in the popular application.
  • Flash Player, VLC Security Updates Released – ghacks.net
  • Adobe Flash Player 10.3.181.22

• Wireshark 1.6.0 Released – wireshark.org
  Wireshark 1.6.0 has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets. Large file (greater than 2 GB) support has been improved.

Other News

• RSA SecurID Revelation
  Lockheed Martin and RSA today each separately confirmed that the breach that compromised RSA’s SecurID authentication technology helped lead to the recent targeted attack aimed at the defense contractor.

• • RSA Offers SecurID Token Repalcement For Customers In Wake Of Lockheed Hack – darkreading.com
  • RSA Finally Comes Clean: SecurID is Compromised – arstechnica.com
  • Replacing RSA SecurID Tokens Not So Simple – darkreading.com
  • Security Alert: RSA Breach and 7 Ways To Secure Your Tokens – stateofsecurity.com
  • On The RSA SecurID Compromise – dankaminsky.com
  • @hdmoore RSA Twitter Update
• The Ocean Bank Trial
  A closely-watched court battle over how far commercial banks need to go to protect their customers from cyber theft is nearing an end. Experts said the decision recommended by a magistrate last week — if adopted by a U.S. district court in Maine — will make it more difficult for other victim businesses to challenge the effectiveness of security measures employed by their banks.
  • Bank Not Responsible for Letting Hackers Steal $300K From Customer - wired.com
  • Court: Passwords + Secret Questions = ‘Reasonable’ eBanking Security – krebsonsecurity.com
• Java Patch Plugs 17 Security Holes - krebsonsecurity.com
  Oracle today released an update to its ubiquitous Java software that fixes at least 17 security vulnerabilities in the program. The company is advising users to apply this update as soon as possible; it looks like most — if not all — of the vulnerabilities addressed by this new version may be exploited remotely without authentication.
• IMF is victim of ‘sophisticated cyberattack’ says report – pcworld.com
  The scope of the attack remains unknown, according to the New York Times, which broke news of the incident Saturday. But it noted that the IMF, which helps manage financial crises around the world, is “the repository of highly confidential information about the fiscal condition of many nations.”

• Outerzone 2011 Hacker Con – irongeek.com
  The following are videos of the presentations from the Outerzone 2011 hacker conference.

Resources

• web.config Security Analyzer
  This little beauty let’s you feed in a Web.config then it comes back and tells you everything you’ve done wrong in the world of security configuration.
  • web.config Security Analyzer – wcanalyzer.com
  • Continuous Web.config security analysis with WCSA and TeamCity – troyhunt.com

• OWASP Top 10
  If you’ve spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, you have likely utilized or referenced the OWASP Top 10.
  • OWASP Top 10 Tools and Tactics – resources.infosecinstitute.com
  • A Deliberately Vulnerable Set of PHP Scripts That Implement the OWASP Top 10 – irongeek.com

• Focusing on the Spirit of NIST’s Guidance For Continuous Monitoring – blog.coresecurity.com
  The National Institute of Standards and Technology (NIST) has regularly recommended new guidance to help give agencies a clearer deployment path to a more robust information security program.
• Viewpoint Paper on Threats and Vulnerabilities – jps.anl.gov
  I would go even further and argue that understanding Vulnerabilities is more powerful than understanding Threats—regardless of the relative difficulty of TAs vs. VAs.
• The Key Skill-Set of Great Penetration Testers – thehackeracademy.com
  For me, the difference between Keatron’s list and a great penetration tester comes down to one thing: intelligence types.   Specifically, the difference between convergent intelligence and divergent intelligence.

Tools

• Metasploit VNC Password Extraction – room362.com
  I ran into the same issue on Penetration Tests in the past but didn’t know much about the wacked out version of DES that RFB (the VNC protocol) was using.
• Update: Inspathx r66 – code.google.com
  Inspathx is a tool that uses local source tree to make requests to the URL and search for path inclusion error messages.
• Update: JBroFuzz 2.5! – sourceforge.net
  JBroFuzz is a web application fuzzer for requests being made over HTTP or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
• Update: Skipfish-1.85b! - code.google.com
  Skipfish is a fully automated, active web application security reconnaissance tool.
• Update: WhatWeb v.0.4.6! – github.com
  WhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand.
• Pastenum – Pastebin/pastie enumeration tool - corelan.be
  When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.
• The Open Pentest Bookmark Collection v1.4 – securityaegis.com
  News, news, news… Hey guys and gals of the security community.  We are pleased to announce the release of version 1.4 (yes 1.3 squeaked by without a blog post) of the Open Pentest Bookmarks Collection.
• New SNMP Metasploit Modules - carnal0wnage.attackresearch.com
  My new favorite modules (for today) are the snmp_enumusers and snmp_enumshares modules that work against windows hosts that have snmp running.

Techniques

• PenTest Perfect Storm 6: We Love Cisco! – willhackforsushi.com
  In the webcast, hosted by CORE Security Technologies, we discussed attack techniques against Cisco devices, combining wireless, network and web app techniques to exploit common network architectures.
• Metasploit: Adobe Flash CVE-2011 - blog.metasploit.com
  Recently, I spent about a week and a half working on the latest 0-day Flash vulnerability. I released a working exploit on March 22nd 2011. The original exploit was just an attempt to get something working out the door for all of our users.
• Attack using CVE-2011-0609 – f-secure.com
  Attackers have been taking advantage of the situation in Japan to trick their targets into opening malicious files. These cases have used infected Excel attachments with Flash exploits.
• Extracting AP names from Packet Captures – packetstan.com
  Years ago, while working as a Network Engineer, I did a bit of sniffing of our wireless access points. I noticed that some access point, mainly Cisco, broadcast the Access Point’s name.

Vendor/Software Patches

• Apple releases Mac OS x 10.6.7 update – h-online.com
  In the software update notes, Apple also recommends the update “for all early 2011 MacBook Pro models”.
• Firefox 3 Updates and SSL Blacklist Extension – isc.sans.edu
  At the heels of yesterday’s Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version.
• Adobe fixes Vulnerabilities in Flash, AIR and Acrobat - h-online.com
  Adobe has released updates to its Flash Player, Acrobat and Acrobat Reader products to fix related security vulnerabilities in these products that potentially allowed an attacker to compromise a system by means of a crafted SWF embedded in an Excel file.

Vulnerabilities

• SCADA: The Luigi Auriemma files
  The security of critical infrastructure is in the spotlight again this week after a researcher released attack code that can exploit several vulnerabilities found in systems used at oil-, gas- and water-management facilities, as well as factories, around the world.
  • Interview with Luigi Auriemma of 34 0day ICS Vulnerabilities - digitalbond.com
  • Italian Researcher Publishes 34 ISC Vulnerabilities – digitalbond.com
  • Vulnerabilities in some SCADA server software – seclists.org
  • Attack Code For SCADA Vulnerabilities Released Online - wired.com
  • Another zero-day exploit for SCADA systems - h-online.com

• Advanced Exploitation of the recent Flash Zero-Day Vulnerability – blog.fortinet.com
  Looking into it more in-depth, I was then able to confirm that this vulnerability is a perfect real-world example of program flow validation error.

Other News

• The Comodo Conspiracy
  Thus, while an Iranian state-sponsored attack is a plausible theory, it’s not the only one.
  • List of Fraudulently Issued Certificates - comodo.com
  • A brief introduction to web ‘certificates’ - erratasec.blogspot.com
  • No Reason to Believe Comodo Attack Came from Iranian Government – erratasec.blogspot.com
  • Web Browsers and Comodo Disclose A Succesful Certificate Authority Attack, Perhaps from Iran - freedom-to-tinker.com
  • Comodo RA Compromise - isc.sans.edu
  • Microsoft Advisory About Stolen SSL Crtificates – isc.sans.edu
  • Microsoft Warns: Fraudulent digital certificates issued for high value websites - zdnet.com
  • Comodo CA Compromised by Iran? – djtechnocrat.blogspot.com
  • Hack Obtains 9 Certificates to prominent Websites; traced to Iran – wired.com
  • SSL meltdown forces browser developers to update – h-online.com
  • Phony SSL Certificates issued to Google, Yahoo, Skype and others – threatpost.com
  • Fraudulent Certificates Issued by Comodo, is it time to rethink who we trust? – nakedsecurity.sophos.com
  • How the Comodo Certificate fraud calls CA trust into question - arstechnica.com
  • Comodo certificate issue follow up – blog.mozilla.com

• Homegrown: Rustock Botnet fed By U.S. Firms – krebsonsecurity.com
  Aaron Wendel opened the doors of his business to some unexpected visitors on the morning of Mar. 16, 2011.

• HD Moore Releases His Process for Security Research – resources.infosecinstitute.com
  HD Moore is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform.
• Industrial Control Systems: security holes galore - h-online.com
  It seems that Stuxnet has given many security experts an interest in the potential holes in industrial control and SCADA (Supervisory Control and Data Acquisition) systems.
• McAfee Acquires Sentrigo – securosis.com
  McAfee has had a partnership with Sentrigo for a couple years, and both companies have cooperatively sold the Sentrigo solution and developed high-level integration with McAfee’s security management software.

• ShmooCon CTF 2011 Ghost In the Shellcode – ghostintheshellcode.com
  Congratulations to ppp for winning the second GitS CTF! The game board as it was when the contest ended is now live, though answers are not accepted, nor are any of the exploitable services running.
• Just like the real thing - blog.uncommonsensesecurity.com
  The goal is to build a truly “enterprise class” network, and they pull it off every year.
• RSA 2011
  Last year we produced a pretty detailed Guide to the Conference and it was well received, so – gluttons for punishment that we are – we’re doing it again
  • RSA Guide 2011: Key Themes – securosis.com
  • Researchers To Hit Major Website In Drive-By At RSA – darkreading.com

Resources

• USB Attacks On Linux
  Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years.
  • USB Autorun Attacks Against Linux – linux.slashdot.org
  • ShmooCon 2011 Presentation - blog.iss.net
  • Microsoft says RIP Windows XP AutoRun for USB – itnews.com.au
• Some common infosec job roles and related certifications – resources.infosecinstitute.com
  Most people hear the term Infosec, and they automatically associate that with network and telecom security, but in reality it’s much broader than that.
• Project Ubertooth: Building A Better Bluetooth Adapter – ossman.blogspot.com
  Video of my presentation,Project Ubertooth: Building a Better Bluetooth Adapter, at ShmooCon 2011 is now online.
• Apple iOS Push Notifications: Security Implications, Abuse Scenarios, and Countermeasures – blogs.sans.org
  In this article, I will briefly introduce details of how APN works and present scenarios of how insecure implementations can be abused by malicious parties.
• Cisco 4Q10 Global Threat Report - blogs.cisco.com
  The Cisco 4Q10 Global Threat Report is now available for download. The report showcases data from the 4th calendar quarter (October 1, 2010 – December 31, 2010).
• ShmooCon 2011 Debriefing - blog.fortinet.com
  First, just like in BlackHat DC 2011, this year’s conference had several talks on smart phones. Good news! I was however slightly surprised they all concerned Android.
• Five Key Design Decisions That Affect Security In Web Applications - blogs.sans.org
  Senior developers and architects often make decisions related to application performance or other areas that have significant ramifications on the security of the application for years to come.
• What netsec-like podcasts do you listen to? - risky.biz
  I’m having a hard time getting my fill of security related news and discussion. I’m down to two podcasts that I listen to weekly.
• Exploit Kits – A Different View – securelist.com
  Exploit kits are packs containing malicious programs that are mainly used to carry out automated ‘drive-by’ attacks in order to spread malware.
• Password/Word Lists – room362.com
  Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords.
• Multi-State Information Sharing & Analysis Center CyberSecurity Digital Dashboard – msisac.org
  I stumbled upon this and was kind of impressed.

Tools

• PDF Exploit Disguised As A Xerox Scanned Document - labs.m86security.com
  Most office network printers and scanners have a feature that sends scanned documents over email. Cyber crooks however, have imitated email templates used by these devices for malicious purposes
• The Honeynet Project Releases New Tool: PhoneyC - chuvakin.blogspot.com
  As promised, I will be reposting some of the cool new announcements from The Honeynet Project here on my blogsince I now serve as Project’s Chief PR Officer.
• MetaSploit Framework 3.5.2 Released – blog.metasploit.com
  On February 1st, Eduardo Prado of Secumania notified us of a privilege escalation vulnerability on multi-user Windows installations of the Metasploit Framework.
• Open SCAP v0.6.8 released – open-scap.org
  The OpenSCAP Project was created to provide an open-source frameworkto the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.
• SSL Diagnosis v0.8.1a released – sourceforge.net
  SSL Diagnos is used to get information about SSL usage (protocols ssl2, ssl3, tls, dtls, and ciphers). It can also be used for testing and rating ciphers on SSL clients.
• Passwords shared between rootkit.com and gawker – terminal23.net
  This is a classic journo case of an editor-sensationalized title for an article that doesn’t really get reasonable until the last two paragraphs where it kinda puts the brakes on calling password reuse “endemic.”
• UPDATE: Nmap 5.51! – nmap.org
  Wow! In about two weeks time, another Nmap release! We now have Nmap version 5.51! The last release was Nmap 5.50, which we wrote about here.
• eEye to Release Free Vulnerability Scanner with Zero -Day Identification and Configuration Auditing – eeye.com
  eEye Digital Security, a provider of IT security and unified vulnerability management solutions, today announced the pre-release of Retina Community.
• UPDATE: Fiddler v2.3.2.3! - fiddler2.com
  Our first post regarding Fiddler, the web debugger can be found here. On the 13th of February, an update was released.
  

Techniques

• A Python Domains Extractor From IPs – blog.kaffenews.com
  I developed it in 5 mins just because I had to do a PT on a list of IP Addresses and it was needed to get the Domains from IPs.
• TrueCrypt
  After I read the documentation and some reviews I realize that it is a very secure piece of software that implements many high level features so I knew I will not be easy, at least in theory.
  • Cracking a TrueCrypt Container - shortinfosec.net
  • TrueCrypt Self-Bruteforce - q-protex.com
• What is Mausezahn? – peripheral.at
  Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet.
• Proxocket
  • Proxocket - sethioz.co.uk
  • Proxocket – DLL Proxy For Winsock – darknet.org.uk
  • Proxocket – A Winsock Proxy Sniffer - netresec.com

• Move over tsgrinder/tscrack hello ncrack – carnalOwnage.attackresearch.com
  So thanks to mubix for telling me that ncrack now supports RDP. very cool stuff.
• Left or right handed passwords - justanotherhacker.com
  Are you left or right handed? How about your password? English based passwords seem to be predominantly left handed.
• Hidden bandit Inside NeoSploit - symantec.com
  Over the last few years, Symantec has observed a substantial rise in the use of exploit kits.
• Breaking web security – it’s all about RCS – net-ninja.net
  I will be discusing ways in which we can include error handling, anonymimity and how we can build the exploit so that the auditor has a reliable and flexible weapon.
• Decoding HTML Style tag based malicious frames - research.zscaler.com
  Injecting clear text or obfuscated malicious Iframes has become a common attack vector.
• Universe’s best and legal Mac OS X reversing tutorial for newbies – reverse.put.as
  I have decided to re-release my beginners tutorial, this time based on a crackme, so it deserves the upgrade to Universe instead of World.
• Android Gmail App: Stealing Emails via XSS - spareclockcycles.org
  This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior.
• Android Reverse Engineering – thomascannon.net
  This project all started when I was asked tot ake a look at a software product that was under evaluation.
• Forensic Examination of Pointsec Encrypted Drives - dfsforensics.blogspot.com
  Many organizations use Pointsec (Check Point) full disk encryption in order to keep their data secure, especially in the case of laptops.
• Blackhole exploits kit attack growing - research.zscaler.com
  Recently, we have seen an increase in Blackhole exploit kit attacks. Blackhole is yet another web exploit kit developed by Russian hackers.
• Better Passwords In Under 200 Characters - blog.wearpants.org
  Good password security is a pain in the neck. Done properly, it requires a different password for every site.

Vendor/Software Patches

• February 2011 Microsoft Black Tuesday Summary – isc.sans.edu
  Here are the February 2011 Black Tuesday patches.  Enjoy!
• Adobepatch
  Adobe released updates for Reader for 9.4.2 and 10.0.1.  While this page on Adobe’s site doesn’t actually list them correctly, if you drill down into the actual product and OS, you’ll see the updates listed for 2/8/2011.
  • Adobe Reader 9.4.2 and 10.0.1 Updates are out - isc.sans.edu
  • Adobe patches for Shockwave, Flash, Reader, and Cold Fusion – isc.sans.edu
• Adobe, Microscoft, WordPress Issue Security Fixes – krebsonsecurity.com
  Talk about Patch Tuesday on steroids! Adobe, Microsoft and WordPress all issued security updates for their products yesterday. In addition, security vendorTipping Point released advisories detailing 21 unpatched vulnerabilities in products made by CA, EMC, HP, Novell and SCO.
• VMWare Security Advisory - vmware.com
  Updated versions of the Cisco Nexus 1000V virtual switch address a denial of service in VMware ESX/ESXi.

Vulnerabilities

• Last August, TippingPoint said they will enforce a six-month disclosure on bought bugs that haven’t been patched. Today, TippingPoint rolled out 22 - dvlabs.tippingpoint.com
  These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010.
• Comcast DOCSIS 3.0 Business gateways Multiple Vulnerabilities – exploit-db.com
  With these default credentials, internal attackers can modify deviceconfigurations to leverage more significant attacks, including redirection of DNS requests.

Other News

• Anonymous vs. Aaron Barr/HBGary
  A security researcher claims to have infiltrated the higher echelons of the Anonymous organisation and identified key leaders’ names and addresses.
  • Anonymous infiltrates the HBGary security company, which was tasked with infiltrating Anonymous by the FBI –  reddit.com
  • Researcher claims to have infiltrated Anonymous high command - v3.co.uk
  • HBGary Federal Hacked by Anonymous – krebsonsecurity.com
  • Anonymous hacks security company HBGary, Dumps 50,000 emails online - readwriteweb.com
  • Measuring password re-use empirically - lightbluetouchpaper.org
  • Anonymous Attacks US Security Company – guardian.co.uk
  • rootkit.com cleartext passwords – dazzlepod.com
  • How One Man Tracked Down Anonymous – And Paid A Heavy Price – wired.com
  • HBGary’s conversations with Feds – uiu.me
  • HBGary’s conversations with the Feds pt. 2 - uiu.me
  • blow by blow of how Anonymous gained root access on rootkit.com – dazzlepod.com
  • The Report on Anonymous by Aaron Barr - cryptome.org
• Rootkit.com’s MySQL database leaked – stfu.cc
  Come on, I know it’s /r/netsec, so we should be familiar with checking URLs before clicking, but I’d expect at least a warning before clicking a direct download of a company’s database.
• Hatfields and McCoys 2011 Style – 1raindrop.typepad.com
  By itself its an derisive, throw away comment that security people make about developers all the time, and of course developers are not averse to throwing haymakers back at security people.
• Sony Marketing Man Tweets PS3 Master Key - twitpic.com
  My life is complete. Sue yourself, Sony.
• iPhone Password Hack
  Researchers in Germany say they’ve been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone’s passcode.
  • iPhone Attack Reveals Password In 6 Minutes - techworld.com.au
  • iPhone Hacked and Passwords Stolen In Just 6 Minutes - cyberarms.wordpress.com
  • How to steal passwords from a locked iPhone - nakedsecurity.sophos.com
  • Researches steal iPhone password in 6 minutes – engadget.com
• Secret Plan To Kill WikiLeaks With FUD Leaked – wikileaks.ch
  Three information security consultancies with links to US spy agencies cooked up a dirty tricks campaign late last year to destroy Wikileaks by exploiting its perceived weaknesses.
• Hackers hit ‘at least five oil and gas firms’ – bbc.co.uk
  Hackers have run rampant through the networks of at least five oil and gas firms for years, reveals a report.
• Night Dragon attacks: myth or reality – nakedsecurity.sophos.com
  Many readers will have seen the press around a series of hacking attacks that have been labelled the ‘Operation Night Dragon’ attacks by McAfee.

• ShmooCon 2011
  Getting to ShmooCon each year is always challenging (as is trying to get home). Mother Nature seems to enjoy disrupting the travel to and from the conference, which is held in Washington, D.C in January or February of each year.
  • ShmooCon 2011 – intrepidusgroup.com
  • ShmooCon 2011 Conference Wrap Up - blog.tenablesecurity.com
• US Cyber Challenge 2011
  The Center for Internet Security’s US Cyber Challenge today kicked off an online competition to identify high school students possibly interested in cybersecurity career.
  • High school cybersecurity competition kicks off – itknowledgeexchange.techtarget.com
  • New Contest To Promote Cyber Security Skills In Teens – threatpost.com
• Participate remotely on the OWASP Summit - diniscruz.blogspot.com
  The OWASP Summit is gearing up to be an amazing event. If you are not able to make it in person to Portugal, then please make the time to participate remotely.
• Announcing Pwn2Own 2011 - dvlabs.tippingpoint.com
  It’s that time of year again and the Zero Day Initiative (ZDI) team here at HP TippingPoint is proud to announce the 5th annual Pwn2Own competition is back.

Resources

• 2010 Top Web Application Hack Attacks – chaptersinwebsecurity.blogspot.com
  I must admit that I was curious just like everybody else, what 2010 will look like, retrospectively, through the eyes of the international infosec community.
• TiGa’s Video Tutorial Site – woodman.com
  TiGa’s video tutorial series on IDA Pro.
• Mobile Security Tips – f-secure.com
  With data charges getting cheaper and technologies in mobile computing getting more powerful, mobile devices are becoming more like a small personal computer.
• ShmooCon 2011 FireTalks
  • FireTalks at ShmooCon 2011, Night 1 – vimeo.com
  • FireTalks at ShmooCon 2011, Night 2 – vimeo.com
  • Net Neutrality, the FCC, and the end of the Internet as we know it - vimeo.com
• OMG-WTF-PDF Denouement – blog.fireeye.com
  I recently gave this presentation at the 27th Chaos Computer Congress in Berlin. For some reason, the slides never made it from Pentabarf to the Fahrplan.
• Guide to Security for Full Virtualization Technologies – csrc.nist.gov
  The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure.
• ShmooCon 2011 Library
  This year I talked about my improvements to VERA over the past 6 months. Much of the talk was centered around live demos, which unfortunately did not make it to the slides. The new tracing module and updated versions of the VERA code will be posted here soon.
  • ShmooCon 2011: Visual Malware Reversing – offensivecomputing.net
  • ShmooCon 2011: Zigbee Security: Find, Fix, Finish – youtube.com
  • ShmooCon 2011 video collection - reddit.com
• So you think your *capability* model is bad? – Icamtuf.blogspot.com
  In his recent post, Brad Spengler mocked the Linux capability system – a somewhat ill-conceived effort to add modern access controls on top of the traditional Unix permission model.

Tools

• Password Length Matters - justanotherhacker.com
  In fact, it matters so much that the term password is just plain wrong. Passphrase is better, and I did mean to start using that term instead.
• UPDATE: Cain & Abel v4.9.38 – oxid.it
  Our previous post regarding Cain & Abel can be found here. Now, oxid.it has released an updated Cain & Abel version 4.9.38!
• Another update to gdbinit for iOS and ARM support to ptool.pl and offset.pl – reverse.put.as
  I have fixed some of the missing stuff in gdbinit for iOS. Now the jump conditions are displayed for ARM and Thumb modes and the “stepo” command is working for ARM and semi-working for Thumb (to be fixed in the next release).
• THC Hydra v6.1 released – vulnerabilitydatabase.com
  THC-Hydra – the best parallized login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.
• Majordomo2- Directory Traversal (SMTP/HTTP) – exploit-db.com
• GoogleDiggity
  The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks
  • Exclusive!! GoogleDiggity the exclusive Google hacking project v0.2 - stachliu.com
  • SharePoint – GoogleDiggity dictionary file – stachliu.com
• Pentesting Web Services with WS-Attacker v1.0 - sourceforge.net
  WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
• I found a hotmail “exploit” that allows me to change a large percentage of people’s passwords – reddit.com
  As the title says, I found an exploit on Hotmail that allows me to change hotmail/msn/live passwords for people using their service.
• InformIT: comparing static analysis tools – mail-archive.com
  There are cases where dynamic and static each have clear strengths. Pragmatic combination of the two has promise in solving a broad spectrum of test-cases.
• UPDATE: NetworkMiner 1.0 - sourceforge.net
  Fresh off the compiler again! A newer version of NetworkMiner has just been released a few hours ago! The updated NetworkMiner version 1.0 is out!
• QuickRecon: A Simple Information gathering Python Script! - pypi.python.org
  The first submission for the year 2011! We are proud to present to all of you QuickRecon. It is a simple information gathering tool.
• GWT-Penetration-Testing-Toolset – github.com
  A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP.

Technique

• Java Cisco Group Password Decrypter - neohapsis.com
  For whatever reason I have found myself needing to “decrypt” Cisco VPN client group passwords throughout the years.
• Darkshell: A DDos bot targeting vendors of industrial food processing equipment - asert.arbornetworks.com
  This week, we continue our efforts to document the crowded space of Chinese DDoS bots by analyzing Darkshell.
• Padocon 2011 CTF Karma 400 exploit: the data re-use way – vnsecurity.net
  Karma 400 at Padocon 2011 Online CTF is a fun challenge. The binary was provided without source code, you can reach its decompiled source at disekt’s team writeup.
• Exploiting SEH Overwrites Using ROP - blog.metasploit.com
  In the final days of 2010, an exploit for the Windows CreateSizedDIBSECTION vulnerability was added to the Metasploit trunk.
• TaskManager.xls – blog.didierstevens.com
  TaskManager.xls is a simple taskmanager implemented in Excel/VBA. It can list the running processes; and terminate, suspend or resume selected processes.
• Exploiting Networks with Loki on Backtrack 4 R2 - packetstan.com
  Loki is the impressive layer 2/3 network manipulation tool by Daniel Mende, Rene Graf and Enno Rey of ERNW.
• Unchecked redirection + URL shortener = Spam – research.zscaler.com
  Recently, I found several legitimate sites, with bad coding practices,  used to redirect users to spam sites with the help of URL shorteners.
• Adobe Reader X stops malicious PDF spam campaign dead in its tracks – nakedsecurity.sophos.com
  A new malicious spam campaign underlines the security benefits of upgrading to the latest version of Adobe Reader – Adobe Reader X.
• Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac memory reader – computer-forensics.sans.org
  In Part 1 of this post, I showed you how to acquire the contents of physical RAM of a Mac OS X computer using ATC-NY’sMac Memory Reader, and did some simple analysis using strings and grep searches.
• ShmooCon Ghost in the Shellcode 2011 – ppp.cylab.cmu.edu
  Just got back from ShmooCon and it seems that some people want a writeup for the taped challenge. I highly encourage you to try it yourself first, because once you see the bug, it takes away some of the fun.

Vendor/Software Patches

• Critical Adobe Reader X Patches On Deck - threatpost.com
  Adobe will join Microsoft on the security patch treadmill next Tuesday (February 8, 2011) with “critical” updates for code execution holes in its flagship Adobe Reader and Adobe Acrobat products.
• Patch Tuesday heads -up: Critical flaws in Windows, Internet Explorer - zdnet.com
  As part of this month’s Patch Tuesday schedule, Microsoft plans to ship a dozen bulletins with fixes for 22 vulnerabilities, some serious enough to allow hackers complete access to a vulnerable Windows machine.

Vulnerability

• Veracode Free JAVA Cross-Site Script Scanning Service - veracode.com
  As we know – cross-site scripting(XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.
• Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints - cisco.com
  Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings.

Other News

• ATM Skimmers That Never Touch The ATM – krebsonsecurity.com
  Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place.
• Facebook flaw allowed websites to steal user’s personal data without consent - nakedsecurity.sophos.com
  A couple of weeks ago two students conducting security research contacted me about a vulnerability which they believed they had found with Facebook.
• Research Reveals Huge Cache Of FTP, Email Credentials Stolen By Waledac - threatpost.com
  Researchers have discovered that the gang behind the once-and-future botnet Waledac has gathered nearly 500,000 stolen passwords for email accounts, along with close to 125,000 sets of pilfered credentials for FTP accounts.
• Red Gate: We could not make the free model work for us as a commercial company – zdnet.com
  If you’re a .NET developer, chances are you’ve heard of .NET Reflector, a decompilation, debugging, and reverse engineering tool for managed code.
• IPv6-What’s New – blogs.cisco.com
  IPv6 is becoming more widely deployed as the availability of IPv4 addresses continue to decline. In June, Cisco will be participating in World IPv6 Day, a 24-hour global “test drive” of IPv6 that is organized by the Internet Society.
• New Android Market web store could open backdoor for phone hackers - nakedsecurity.sophos.com
  If you follow the Google Android operating system scene, you will probably have heard about the new, web-based Android Market store which was launched a few days ago.
• How To: Forensically Sound Mac Acquisition in Target Mode – computer-forensics.mac.org
  It is really a matter of personal opinion, Mac’s are an engineering marvel just ask anyone that has had to remove a hard drive from a Mac for forensic imaging and then try to put it back together properly.

• Shmoocon 2011
  • ShmooCon 2011: Team Joch vs. Android: The Final Showdown – blog.c22.cc
  • Shmoocon 2011: Printers gone wild! - blog.c22.cc
  • ShmooCon 2011: Attacking 3G and 4G mobile telecommunications networks – blog.c22.cc
  • ShmooCon 2011: Defeating mTANS for profit - blog.c22.com
  • ShmooCon 2011: URL enlargement: Is it for you? - blog.c22.cc

Resources

• Train Like You Fight - carnal0wnage.attackresearch.com
  One of my favorite talks from this year’s BlackHat DC was Ryan Kazanciyan’s & Sean Coyne’s “The Getaway” talk on data exfiltration.
• CNIT 124 Advanced Ethical Hacking – samsclass.info
  Advanced techniques of defeating computer security, and countermeasures to protect Windows and Unix/Linux systems. Hands-on labs include Google hacking, automated footprinting, sophisticated ping and port scans, privilege escalation, attacks against telephone and Voice over Internet Protocol (VoIP) systems, routers, firewalls, wireless devices, Web servers, and Denial of Service attacks.
• Google safe browsing v2: Implementation notes - research.zscaler.com
  I wanted to share what I learned while I implementing Net::Google::SafeBrowsing2, a Perl library for Google Safe Browsing v2.
• Plug and Prey: Malicious USB Devices – irongeek.com
  This paper is meant as an overview of malicious USB devices. The paper will first lay out a proposed set of categories for malicious USB devices, how these categories function, how they differ, and how they can be used by an attacker.
• OWASP Appsec  Tutorial Series pt. 1 - youtube.com
  The first episode in the OWASP Appsec Tutorial Series. This episode describes what the series is going to cover, why it is vital to learn about application security, and what to expect in upcoming episodes.
• Blocking evil with the Enhanced Mitigation Experience Toolkit (EMET) – rsreese.com
  While experimenting with EMET I decided to put together a little presentation demonstrating how it can be used to prevent exploitation of a known threat to Acrobat Reader.
• DoD Cyber Crime Conference 2011
  My slides from the 2011 DoD Cyber Crime Conference are now available.
  • Applying the Science of Similarity to Computer Forensics - jessekornblum.com
  • Windows Memory Forensics and Direct Kernel Object Manipulation – jessekornblum.com
• Attacking Oracle Web Applications With Metasploit - vulnerabilitydatabase.com
  A great paper from Chris Gates (carnalOwnage) enumerating techniques, vulnerabilities and metasploit modules to scan, identify and own a vulnerable Oracle based system.

Tools

• THC-Hydra v6
  One of the most famous network logon cracker – THC-HYDRA, has been updated! We now have THC-HYDRA version 6!
  • THC-Hydra v6.0 Released (Celebrating 10 yrs) – vulnerabilitydatabase.com
  • Update: THC-Hydra v6 - pentestit.com
• Update : OWasp WebScarab NG v.0.2.1 is out – pentestit.com
  WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
• Cain & Abel 4.9.37 released – net-security.org
  It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
• ms-patch-tools – codes.google.com
  This project consists of several tools for extracting useful information from Microsoft bulletins. Currently there are two tools.
• Marvin: Man In The Middle for 802.1x Links! – pentestit.com
  Marvin sure is a man-in-the-middle tool, but it not your usual run of the mill MITM tool. It is not for the times when you would like to arp poisoning.
• Malware Attribute Enumeration & Characterization v1.1 released - vulnerabilitydatabase.com
  MAEC™ International in scope and free for public use, MAEC is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns.
• The Social-Engineer Toolkit v1.2 “Shakawkaw” Released – secmaniac.com
  This version of SET does not include any new attack vectors however does incorporate two new exploits from Metasploit, has some bug fixes, but most importantly introduces a significant step in allowing individuals build and automate additions onto the toolkit.

Techniques

• Alexa Illustrates Web Security Risks (part 2) - research.zscaler.com
  I wanted to circle back and close the loop from my original post on this. First- not surprisingly I’m not the only one to have taken note at malicious sites landing in Alexa.
• PDF security under the microscope: A review of OMG-WTF-PDF - nakedsecurity.sophos.com
  At the end of last year, while preparing for the presentation I gave at the Virus Bulletin conference, I intentionally avoided reading other papers about PDF security by other researchers because I felt that it would confuse my talk.
• 8 gdb tricks you should know – blog.ksplice.com
  Despite its age, gdb remains an amazingly versatile and flexible tool, and mastering it can save you huge amounts of time when trying to debug problems in your code. In this post, I’ll share 10 tips and tricks for using GDB to debug most efficiently.
• Nmap 5.50: Now with Gopher protocol support – seclists.org
  Hi folks!  It has been a year since the last Nmap stable release (5.21) and six months since development version 5.35DC1, so I’m pleased to release Nmap 5.50!  I’m sure you’ll find that it was worth the wait!
• Basic .Net Reversing Part-2 - blog.kaffenews.com
  As promised in the first part, in 2nd part of the series we will crack the crack me used in first tutorial using .NET Reflector.
• Praeda Release – foofus.net
  PercX has been furiously hacking multi-function printers, and the result is a new tool called Praeda. Praeda is used to interrogate printers from a variety of manufacturers in an effort to gain information about a target network, or compromise credentials.

Vulnerability

• Microsoft MHTML Script Injection Vulnerability
  Microsoft warned today that hackers have published instructions for attacking a previously unknown security hole in all versions of Windows that could be exploited to siphon user data or trick users into installing malicious code.
  • Microsoft: Exploit Published for Windows Flaw – krebsonsecurity.com
  • More information about the MHTML Script Injection vulnerability - blogs.technet.com
  • Microsoft Security Advisor for MHTML via Internet Explorer - isc.sans.edu

Other News

• Is the answer more InfoSec Conferences - blog.thinkst.com
  I’m not saying that InfoSec Conferences are bad (although many a battered liver would disagree), but what i am saying is that we don’t seem to be improving our security posture at the same rate as we seem to be growing our conferences. Something is not right here.
• Erasing drives should be quick and easy – computer-forensics.sans.org
  In the past years, I have seen many many false and misleading statements about what is needed to securely erase or wipe a hard drive.
• Egypt Unplugged from the Internet - krebsonsecurity.com
  As many readers no doubt know, the Egyptian government on Thursday severed the nation’s ties with the rest of the Internet, in an apparent effort to disrupt political protests calling for an end to the 30-year rule of Egyptian leader Hosni Mubarak.
• Amazon.com Security Flaw Accepts passwords That Are Close, But Not Exact - wired.com
  An Amazon.com security flaw allows some customers to log in with variations of their actual password that are close to, but not exactly, their real password.
• Data-Leak Flaw Found In newest version of Google Android – darkreading.com
  Google’s new Android version 2.3, a.k.a. Gingerbread, was supposed to close a previous data-leak hole in the smartphone operating system, but a researcher has discovered a new, similar hole in the OS.
• Ethics of password cracking/dissemination – skullsecurity.org
  Anyway, this post is going to cover some of the pros and cons of what I do, and why I think that I’m doing the right thing, helping the world, etc.

• A Shmoocon Preview – blogs.macafee.com
  At about a third of the size of a larger conference like Black Hat, it’s much easier to talk to the speakers without fighting with a crowd. Past years have had good presentations on mobile phone security and this year is no exception.
• Black Hat DC 2011
  We are currently at the awesome BlackHat DC event, with hundreds of attendees coming from many different countries worldwide.
  • Black Hat itinerary - blackhat.com
  • Black Hat DC 2011: Inglourious Hackerds - blog.tehtri-security.com
  • Mobile Attacks reign At Black Hat DC – threatpost.com
  • Fake GSM base station trick targets iPhone – networkworld.com
  • Quirky moments at Black Hat DC 2011 -networkworld.com

Resources:

• Cisco 2010 Annual Security Report - reddit.com
  The Tipping Point: Cybercriminals Targeting Mobile Platforms
• Dress For Success In the Corporate Setting
  If your organization truly judges you based on what you wear, and not what you know and what you do, then you are working for the wrong organization.
  • Common traits of future Infosec leaders – terminal23.net
  • The Appearance Myth – securosis.com
  • Fashion Advice from Infosec Leaders – infosecleaders.com
• The Legality of the Certificate Authority  Trust Model – schneier.com
  We looked at the standard legal documents issued by the certificate authorities or “CAs,” including exemplar Subscriber Agreements (agreements between CAs and website operators).
• Getting Started With Corporate iPad and iPhone Mobile Security – redspin.com
  Mobile devices like the iPhone and iPad are a top security concern for 2011. The first step to addressing this risk is to put a security policy in place that addresses mobile devices.
• Cisco Explains the 7 Deadly Weaknesses of Social network Users and More in Security Report - readwriteweb.com
  Cisco released its 2010 Annual Security Report yesterday. The report covers criminals’ slow shift from targeting Windows PCs to targeting other operating systems and devices, the importance of exploiting users’ trust in their social network friends and the rise of Java exploits, and more.
• Top 10 Web Hacking Techniques of 2010 – jeremiahgrossman.blogspot.com
  Now in its fifth year the Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work.

Tools:

• w3af: Better, Stronger, Faster – blog.rapid7.com
  By downloading this release you’ll be able to enjoy new vulnerability checks, more stable code and a about 15% performance boost in the overall speed of your scan.
• R-U-Dead-Yet version 2.2 – chaptersinwebsecurity.blogspot.com
  I forgot the fact that people develop hunger for features and bug fixes even when software is open-source and free. Oh well, I guess that’s a responsibility that comes with the will to satisfy your end users.
• AutoDiff Online – marcoramilli.blogspot.com
  AutoDiff is a project which performs automated binary differential analysis between two executable files.
• MS Attack Surface Analyzer Release
  Microsoft unveiled a new tool this week in conjunction with the Blackhat DC conference — the Attack Surface Analyzer.

• • MS Attack Surface Analyzer – digitalbond.com
  • New Tool: Announcing Attack Surface Analyzer – blogs.msdn.com

Techniques:

• Who’s who of bad password practices – troyhunt.com
  But what happens when the website won’t allow you to create a secure password? Or at least when they severely constrain your ability to create long, random, unique passwords?
• Share your nmap parameters! – reddit.com
  What parameters do you usually use in your nmap scans? Any interesting combinations? I usually go with: nmap -v -A -p1-65535 -O2 -T4 ipaddress
• Quickpost: Checking ASLR – blog.didierstevens.com
  Some people asked me for a simple way to check shell extensions for their ASLR support. You can do this with Process Explorer.
• Finding AES keys - jessekornblum.livejournal.com
  Today I’m publishing a little utility to search for AES keys. It was originally intended for searching memory images, but you can use it to search anything really.
• How To Crack Just About Any Mac App – lifehacker.com
  By walking through how I can hack your app with only one Terminal shell, I hope to shed some light on how this is most commonly done, and hopefully convince you to protect yourself against me.
• Episode 266 – pauldotcom.com
  PaulDotCom Security Weekly – Episode 226 – for Thursday January 13th, 2011.
• Return of the Sprayer - h-online.com
  If they jumped to code injected onto the stack or heap, “just like in the good old days”, data execution prevention (DEP) would trigger an interrupt and the system would terminate the carefully pwned process before it could cause any damage.
• Exploit in the wild for MS06-014 – research.zscaler.com
  Although 0day vulnerabilities receive all the attention, it’s not unusual to see attackers still taking advantage of old vulnerabilities to attack end users
• Unrestricted File Download V1.0 – soroush.secproject.com
  I do not want to talk about Insecure Direct Object References without any protection as they are obviously exploitable; Instead, I want to talk about bypassing the protected ones!
• Exploiting Smartphone-USB connectivity for fun and profit - docs.google.com
  Unfortunately, these new capabilities  coupled with the inherent trust users place on the USB physical connectivity and the lack of any protection mechanisms render the USb an insecure link, prone to exploitation.
• Mobile Device Security and Android File Disclosure – blog.metasploit.com
  Specifically, he found that it was possible to obtain the contents of files on an Android device by simply persuading its owner to visit a web site under attacker control. The issue only garners a 3.5 CVSS score, but yet it’s still fairly serious.

Vulnerabilities:

• IBM WebSphere MQ Invalid Message Remote Buffer Overflow Vulnerability – securityfocus.com
  IBM WebSphere MQ is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
• Malware update: .co.cc malicious entries – blog.sucuri.net
  For the last weeks (actually months), we’ve been tracking a large number of malware from .co.cc domains. It seems that every .co.cc domain we find is being used to host either malware or spam.

Vendor/Software Patches:

• Oracle Black Tuesday Patch
  If you are an Oracle user, get ready for your very own Patch Tuesday, which comes tomorrow.
  • Patch Tuesday – now for 28 products in the Oracle stable – nakedsecurity.sophos.com
  • Oracle patches 66 vulnerabilities - h-online.com
  • Perspective on the latest Oracle patches – blog.imperva.com

Other News:

• Keyless cars vulnerable to hack, theft - cnet.com
  Keyless car entry and start systems make it easy to get on the road, but they could also make it easier for criminals to take off with your car. And strong encryption won’t solve the problem.
• Stuxnet vs. Iran nuclear enrichment
  Rather than being proud of its stealth and targeting, the authors should be embarrassed at their amateur approach to hiding the payload.
  • Stuxnet is embarrassing not amazing – rdist.root.org
  • New info on Stuxnet – f-secure.com
  • Did a U.S. Government Lab Help Israel Develop Stuxnet? – wired.com
• ATM Skimmers, Up Close – krebsonsecurity.com
  Recently, I found a guy on an exclusive online scammer forum who has been hawking a variety of paraphernalia used in ATM skimmers.
• Coming soon: a new way to hack into your smartphone - itworld.com
  More than three years after the iPhone was first hacked, computer security experts think they’ve found a whole new way to break into mobile phones — one that could become a big headache for Apple, or for smartphone makers using Google’s Android software.
• Two Charged in AT&T hack of iPad Customer Data - wired.com
  Two suspects have been charged with federal crimes for allegedly hacking AT&T’s website last year to obtain the personal data of more than 100,000 iPad owners.
• Why you should always encrypt your smartphone – arstechnica.com
  Last week, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant.
• Hacking with USBs
  Two researchers have figured out a way to attack laptops and smartphones through an innocent-looking USB cable.
  • Researchers turn USB cable into attack tool - cnet.com
  • Hacking with USB keyboard emulators – h-online.com
• Online banking trojan developing fast – h-online.com
  Trojan construction kit Carberp, which first emerged in the autumn, appears to be undergoing rapid development, according to reports from sources that include security services provider Seculert.
• Android Trojan captures credit card details – thinq.co.uk
  The team, comprised of Roman Schlegel from the City University of Hong Kong and Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and Xiao Feng Wang from the Indiana University Bloomington, call their creation ‘Soundminer’ – and its implications are far-reaching.