• Hakin9 Magazine Cloud Security Issue – mytalkoot.com
  Comprehensive cloud-centric resources and articles now available for download.
• Club Hack Magazine May Issue On browser Security – professionalsecuritytesters.org
  Here we are again with the latest issue of ClubHack Magazine. This time also the issue is dedicated to Browser security.
• Hacking Illustrated – irongeek.com
  In this section I’ll be posting AVIs and Flash files that show step by step how to execute various pen-testing tools. Since most of these videos are 640×480 it would be best if you use a screen resolution that is 1024×768 or better. If you have any requests or comments please let me know.
• Pentesting Vulnerable Study Frameworks Complete List – felipemartins.info
  It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.
• 25 Questions To Ask During An Information Security Interview – danielmiessler.com
  What follows is a list of questions for use in vetting candidates for positions in Information Security. Many of the questions are designed to get the candidate to think, and to articulate that thought process in a scenario where preparation was not possible. Observing these types of responses is often as important as the actual answers.
• Secuirty Through Amnesia: A Software-Based Solution to the Cold Boot Attack On Disk Encryption – arvix.org
  Disk encryption has become an important security measure for a multitude of clients, including governments, corporations, activists, security-conscious professionals, and privacy-conscious individuals. Unfortunately, recent research has discovered an effective side channel attack against any disk mounted by a running machine\cite{princetonattack}.
• Encrypted Google Docs Done Well – rdist.root.org
  There’s a nice new paper out called “Private Editing Using Untrusted Cloud Services” by Yan Huang and David Evans. They also provide a Firefox extension that implements their scheme. I like their approach for a few reasons.
• Haroon Meer Reveals His Process For Security Research – resources.infosecinstitute.com
  In our ongoing series of interviews, this week Haroon Meer answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.
• Microsoft Virtual Server Security: 10 Tips And Settings – resources.infosecinstitute.com
  Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware resources while introducing an increased flexibility in how organizations design and implement new solutions. However, it also introduces new security concerns.
• Cisco 1Q11 Global Threat Report – cisco.com/en/US/
  The Cisco 1Q11 Global Threat Report has been released. The report covers the period from 1 January 2011 through 31 March 2011 and features data from Cisco Security Intelligence Operations. This quarter’s contributors includes Cisco Intrusion Prevention System (IPS), IronPort, Remote Management Services (RMS), Security Research and Operations (SR&O), and ScanSafe.
• Assembly Language for Penetration Tester – r00tsec.blogspot.com
  Below are the useful resources to learn Assembley Language for pentesters to start learning Exploit writing.
• Quickdraw IDS in Action – scada-hacker.com/igss-video.html
  Joel Langill of SCADAhacker.com has an excellent 18-minute video showing an example of an exploit of the IGSS SCADA HMI and then the Quickdraw IDS signatures. Most of the recently disclosed Luigi vulnerabilities resulted in denial of service, but the IGSS vulnerability he exploits in the video is a directory traversal file execution vulnerability.
• Exploit Development Framework Design – gnucitizen.org
  Metasploit is great but there are three things that makes the framework sometimes inconvenient: it’s size, it’s dependency of the ruby platform and of course it’s speed. It will be great if for example we can take a single exploit (or a set of exploits) out of the framework and compile it into a standalone executable.
• Beating Up On Android: Practical Android Attacks – immunityinc.com/presentations/Android_Attacks.odt.pdf

Tools

• Backtrack 5
  The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution”. Today, we are proud to release our work to the public, and then rest for a couple of weeks.This new revision has been built from scratch, and boasts several major improvements over all our previous releases.
  • Backtrack 5 Is Released Today! – backtrack-linux.org
  • Backtrack 5 full disk encryption how-to published – infosecramblings.com

• ZeuS source code anyone? – attackvector.com/viles/ZeuS.tar.bz2
  If you’d like to take a look at the ZeuS/SpyEye botnet source code and see how it ticks, you can download it below. I’m not sure how long this will be up (for obvious reasons), so get it while it’s hot.
• Release of SWFRet Tools 1.1.0 – the-interweb.com
  Two weeks ago I gave a presentation at SOURCE Boston where I released a new collection of open-source tools for Adobe Flash SWF file reverse engineering. I am developing these tools, called SWFRETools, to help reverse engineers like vulnerability researchers and malware analysts that have to deal with SWF files regularly.
• Virtualizing Junos On VMWare – darkoperator.com
  Many times when working with a client network or working on our own we have the need to test, document and validate certain networks configurations in a test environment. Sadly not many have the money to have one so as to test different scenarios so as to gage the impact that this changes might have on the production network.
• UPDATE: Skipfish-1.87b! – code.google.com/p/skipfish/downloads/list
  Skipfish is a fully automated, active web application security reconnaissance tool. Its key features: High speed, Ease of use, Cutting-edge security logic.
• Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10 – irongeek.com
  As I figure most people reading this know, I make infosec video tutorials for my site Irongeek.com. I wanted to start covering more web application pen-testing tools and concepts in some of these videos. Of course, I needed a vulnerable web app or two to use for these demos.

Techniques

• The Buby Script Crash Course
  For those of you who are new to Buby, it is a platform to write Ruby based extensions for the Burp Suite API and I’m going to attempt to cover some of the basics.
  • Buby Script Basics Part 1 – cktricky.blogspot.com
  • Buby Script Basics Part 2 – cktricky.blogspot.com
  • Buby Script Basics Part 3 – cktricky.blogspot.com
  • Buby Script Basics Part 4 – cktricky.blogspot.com
  • Buby Script Basics Part 5 – cktricky.blogspot.com
• dRuby For Penetration Testers – blog.recurity-labs.com
  I like Ruby somehow, a nice and shiny programming language. At some point last year, I decided to have a closer look at ‘Distributed Ruby’ (also called dRuby). dRuby is all about easily usable objects and method invocations over the network.
• Journey Into Exploitation: Awbo2.exe – securityaegis.com
  In this series of blog posts, I will be documenting my journey into the art of exploitation.  My goal for this series is to experiment with some of the challenges that are out there and hopefully provide some guidance for others in my shoes.  I am targeting those of you with moderate amount experience in exploitation.  Hopefully, I will further my own knowledge and yours (the reader).
• Hijacking NFC Intents On Android – intrepidusgroup.com
  Google IO had a “How to NFC” session today where they demoed and described using NFC on Android. One of the items they pointed out was the desire to use NFC for instant gratification and zero-click interactions. The only default application on the Nexus S that I’ve seen this in before today was Google Maps, but the desire is that other applications will incorporate this feature as well.
• Keychain Dumper – github.com/Neohapsis/Keychain-Dumper
  In order to build keychain_dumper you must first create two symbolic links to the appropriate iOS SDK directories. At the time the tool was developed the iOS 4.2 SDK was current and you may need to update the target directories based on the current SDK that is installed.
• Bittwiste: pcap Capture File Editor – lovemytool.com
  In this article I will show you how to replace portnumbers, IP and MAC addresses.
• Bit-Twist – bittwist.sourceforge.net
  Bit-Twist is a simple yet powerful libpcap-based Ethernet packet generator. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic.
• Sorting Packet Captures With Scapy – packetstan.com
  Today I spent a little time looking into a packet capture supplied by Vivek Ramachandran at SecurityTube. This packet capture is part of a series of WiFi hacking challenges he is putting together, and immediately after opening it I got freaked out.

Vendor/Software Patches

• Adobe Flash Update
  Today, Adobe has released Flash Player 10.3, which includes several important new privacy and security features for our customers.
  • Advancing Flash Player Privacy and Security – blogs.adobe.com
  • Critical Flash Player Update Plugs 11 Holes – kresonsecurity.com

• May 2011 Microsoft Black Tuesday Overview – isc.sans.edu
  Chart breakdown of upcoming MS patch.

Vulnerabilities

• The Skype Crisis
  Skype has been acquired by Microsoft few days ago and suddenly it inherited Microsoft’s weakness… I ‘m just kidding, of course. As many of you already know, a pretty big problem has been identified on all Skype versions running on Mac OS X pltaforms.
  • Skype Vulnerability – marcoramilli.blogspot.com
  • Skype Bug Lets Hackers Take Over Macs – tgdaily.com

• Silently Pwning Protected-Mode IE9 And Innocent Windows Applications – blog.acrosssecurity.com
  Those familiar with Windows COM servers know that they come in two types, in-process and out-of-process. For this post, the former type is of interest: an in-process COM server is a dynamic link library (DLL) that a COM client instantiates when needed, usually by calling the CoCreateInstance function with the class identifier (CLSID) of the said COM server.

Other News

• The SCADA Problem
  The U.S.’s Computer Emergency Response Team (CERT) issued a warning to critical infrastructure firms on Wednesday about a serious security hole in products from Massachusetts firm Iconics that could leave critical systems vulnerable to remote attacks.
  • Serious SCADA Security Flaw Affects Critical Infrastructure Firms – threatpost.com
  • Buffer Overflows In SCADA ActiveX Controls Put Critical Infrastructure At Risk – veracode.com

• AusCERT: Cisco IP phones prone to hackers – scmagazine.com.au
  Contact centres and businesses using a popular make of internet phone were at risk of having their communications intercepted and confidential information leaked, a hacking group demonstrated.
• FBI vehicle Tracking Device: the Teardown – wired.com
  The FBI’s use of GPS vehicle tracking devices is becoming a contentious privacy issue in the courts, with the Obama administration seeking Supreme Court approval for its use of the devices without a warrant, and a federal civil rights lawsuit targeting the Justice Department for tracking the movements of an Arab-American student.
• Frameworks and how I hack currently (and how I don’t) - carnal0wnage.attackresearch.com
  I got involved with HDM, skape, spoonm, et all and the metasploit project quite a long time ago, probably around msf 1ish time frame. It was an exciting time and metasploit was one of the best open source infosec (if not the best) projects out there.
• Security Group Claims To Have Subverted Google Chrome’s Sandbox – krebsonsecuirty.com
  A French security research firm boasted today that it has discovered a two-step process for defeating Google Chrome‘s sandbox, the security technology designed to protect the browser from being compromised by previously unknown security flaws.
• Catch A Clue From An EDU: Universities That Get Security Right – computerworld.com
  Professor Corey Schou was working in his school’s library when he realized his computer was picking up a particularly strong Wi-Fi signal. Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss.
• “Binary Planting” vs. “DLL Hijacking” vs. “Insecure Library Loading” – blog.acrosssecurity.com
  When a new thing occurs or is invented, or when a previously obscure thing becomes popular, a need emerges to give it a name so we can talk and write about it. It was no different with binary planting, DLL hijacking, DLL preloading, insecure library loading, DLL load hijacking and DLL spoofing.
• Whitehouse Proposes Cybersecurity Bill – darkreading.com
  The White House today proposed new cybersecurity legislation that would improve the protection of critical infrastructure, expand the sharing of security data, and impose national requirements for disclosing breaches.

• OWASP threat modeling project – myappsecurity.blogspot.com
  We are starting an OWASP threat modeling project to standardize a threat modeling approach which can be used by various companies.

Resources:

• Neil Daswani Reveals His Process for Security Research – resources.infosecinstitute.com
  In our ongoing series of interviews, this week Neil Daswani answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.
• Ethical Hacking Degrees – the good, the bad, the ugly – ethicalhack3r.co.uk
  Ethical Hacking or Information Security or Computer Security or Network Security… are all included within titles of university level undergraduate degrees within the UK. No matter what they title their courses or whether or not you agree with the use of certain terms within their titles is irrelevant as they are all attempting to teach the same things.
• Security Researchers Exploit Logic Flaws to Shop for Free Online – networkworld.com
  Security researchers from Indiana University Bloomington and Microsoft Research published a very interesting paper called How to Shop for Free Online.
• creating an as-secure-as-possible laptop — ideas? – reddit.com
  I’m interested in creating a laptop (though a desktop would be fine, too) with a big emphasis on security. what types of treatments would reddit recommend?
• We have started a security group at my University and we are trying to build up a database of tests, competitions, papers, etc – reddit.com
  Any relevant links and content are welcome! We have a dozen of tests taken from previous competitions we attended this year, but we would like to get more if possible.
• NIST publishes 50kish vulnerable code samples in Java/C/C++, is officially krad – cgisecurity.com
  NIST has published a fantastic project (its been out since late December, but I only just became aware of it) where they’ve created vulnerable code test cases for much of MITRE’s CWE project in Java and c/c++.
• ClubHack Issue 15 – terminal23.net
  New issue available.
• FISMApedia – fismapedia.org
  FISMApedia is a collection of documents and discussions focused on Federal IT security. This site is a database of current guidance, laws and directives on how the Federal government secures its IT assets.
• Burp Hacking Slides – Bsides Chicago – securityaegis.com
  Download the padding oracle vuln plugin for forms authentication (thats a mouthful) from Joel’s site: beersec.org.
• Hackito Ergo Sum 2011 Presentation Dump – slideshare.net
  A collection of everything from this security event

Tools:

• RawCap sniffer for Windows released – netresec.com
  We are today proude to announce the release of RawCap, which is a free raw sockets sniffer for Windows.
• Spooftooph: The Bluetooth Spoofer – sourceforge.net/projects/spooftooph/
  Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Make a Bluetooth device hide in plain site.
• sqlmap 0.9 – sourceforge.net/projects/sqlmap/
  sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
• hackxor – hackxor.sourceforge.net
  Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc.
• SVN Digger – Better Wordlists for Forced Browsing – mavitunasecurity.com
  DirBuster ships with several wordlists, these wordlists generated via one big crawler which visited tons of websites, collected links and created most common directory / file names on the Internet.
• Patriot NG – security-projects.com
  Patriot is a ‘Host IDS’ tool which allows real time monitoring of changes in Windows systems or Network attacks.
• CVE Checker 3.1 – cvechecker.sourceforge.net
  cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database.
• OllyDbg 2.01 Alpha 3 – ollydbg.de
  OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
• Microsoft Pushes Out Two New Security Tools – threatpost.com
  In parallel with its release of 17 bulletins on Patch Tuesday this month, Microsoft also unveiled two new tools that are meant to help make a couple of common exploitation scenarios more difficult for attackers.
• smooth-sec – bailey.st
  Smooth-Sec is a ready to-go  IDS/IPS (Intrusion Detection/Prevention System) linux distribution based on the multi threaded Suricata IDS/IPS engine and Snorby, the top notch web application for network security monitoring.
• BodgeIt Store – code.google.com/p/bodgeit/
  The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.
• Qubes OS – qubes-os.org
  Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.
• McAfee ShareScan – mcafee.com
  ShareScan is a free utility that enables IT security personnel to identify open Windows file shares available on the internal network. This tool can help administrators identify systems that have wide open permissions or no permissions — potential vulnerabilities that should be remediated.
• md5deep version 3.8 – jessekornblum.livejournal.com
  This version adds two new features. First, you can now use a file to indicate the input files to process. For example, you can make a file, foo.txt.
• Common Vulnerability Scoring System Version 2 Calculator – dueyesterday.net
  Allows for the creations of enums. Thanks to norvig.com/python-iaq.html
• MS10-070: Padding Oracle applied to .NET framework – bernardodamele.blogspot.com
  I followed the research closely and way before vulnerability scanners like Nessus could detect the security vulnerability on .NET applications anonymously and remotely, I coded a small script to test for the flaw based on Juliano Rizzo’s details. You might still find it useful, so I thought about publishing it on GitHub.
• IEZoneAnalyzer v3 – technet.com
  IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing of settings.

Techniques:

• Full Disclosure:Barracuda Networks Hacking via SQL Injection – hmsec.tumblr.com/
  The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection.
• Parsing CDP Packets With Scapy – darkoperator.com
  In this blog post I will cover how to use one of the new parsers  to parse CDP packets included in version 2.2 of scapy. Cisco Discovery Protocol (CDP) is a proprietary Layer 2 Data Link Layer network protocol used to share device information with devices connected on the same subnet.
• Mozilla Firefox Internals & Attack Strategies – chmag.in
  This paper aims to detail some of the techniques and methods that exist to subvert a fully patched and functioning browser Firefox.
• BackTrack 5 on a Motorola Xoom – offensive-security.com
  In the past few days we have been toying with some Motorola hardware, and have managed to get a basic build of BackTrack 5 (+ toolchain) on a Motorola Xoom.
• Things overheard on the WiFi from my Android smartphone – freedom-to-tinker.com
  Today in my undergraduate security class, we set up a sniffer so we could run Wireshark and Mallory to listen in on my Android smartphone. This blog piece summarizes what we found.
• Execute Metasploit payloads bypassing any anti-virus – bernardodamele.blogspot.com
  Most of the shellcode launchers out there, including proof of concepts part of many security books, detail how to allocate a memory page as readable/writable/executable on POSIX systems, copy over your shellcode and execute it. This works just fine. However, it is limited to POSIX, does not necessarily consider 64-bit architecture and Windows systems.
• [Video] Playing With Traffic (Squid) – g0tmi1k.blogspot.com
  The attacker installs Squid3 cache proxy via the Operating System (Backtrack 4 R2) repository. Squid is the “backbone” to this attack and after configuring it to work on the Local Area Network (LAN) and to be transparent (the proxy “works” without any configuration to the browser), the attacker chooses which script to first try out (asciiImages.pl is the first one) and adds it to the configuration file.
• Pulling and finding APKs without root on Android – intrepidusgroup.com
  Since we’re not root, we can’t list the /data/app directory to locate the name of the APK file we want to pull. There’s a few ways you can tackle finding the name of the APK file, but what I find is the quickest way for me is to pull the packages.xml file.
• Reverse connection: ICMP shell – bernardodamele.blogspot.com
  Allowing traffic only onto known machines, ports and services (ingress filtering) and setting strong egress access control lists is one of these cases. In such scenarios when you have owned a machine part of the internal network or the DMZ (e.g. in a Citrix breakout engagement or similar), it is not always trivial to get a reverse shell over TCP, not to consider a bind shell.
• KB2506014 kills TDL4 on x64 – eset.com
  Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64) we described a method used by the TDL4 bootkit to load its malicious unsigned driver on 64-bit systems, even though those systems have an enforced kernel-mode code signing policy.
• Uh Ah! I Happened To Use POP ESP – ragestorm.net
  I had to call a C++ function from my Assembly code and keep the return value untouched so the caller will get it. Usually return values are passed on EAX, in x86 that is. But that’s not the whole truth, they might be passed on EDX:EAX, if you want to return 64 bits integer, for instance.
• More certs may indicate less security – rdist.root.org
  If a website has a multiple servers with different certs, the browser may often generate spurious errors for that site. But could this be a symptom of a genuine security problem?
• Filejacking: How to make a file server from your browser (with HTML5 of course) – r00tsec.blogspot.com
  How can a website access user’s files? Traditionally, user has to upload the file. Users commonly share photos, videos upload their files for online conversion tools etc. You could (theoretically) be tricked into uploading a sensitive file into a malicious website (“please submit your private key for checking it’s strength”), but, seriously, who falls for that?
• Proxmark3/RFID Goodness – zonbi.org
  There are two “types” of RFID in common use. High frequency runs at the 13.56MHz range. The MiFare stuff is in this range, although it’s slightly different to the ISO14443 A and B standard used in the CSC stuff floating around ie. $train card.
• Padding Oracle Post-Explotation: Abusing ASP.NET Forms Authentication with Burp – beersec.org
  So you found an web site vulnerable to the ASP.NET Padding Vulnerability, used Minded Security’s web.config bruter and now you have the applications web.config file. Now what?
• Payload bypass AV. with encoding – r00tsec.blogspot.com
  This script and the relevant project files (Makefile and Visual Studio files) allow you to compile the tool once then run your shellcode across different architectures and operating systems.

Vulnerabilities:

• Another day, another Flash 0-day attack
  Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.
  • Adobe warns of new Flash Player zero-day attack – zdnet.com
  • Adobe confirms critical Flash zero-day bug – computerworld.com
  • Time to Patch Your Flash – krebsonsecurity.com
• MSRT April ‘11: Win32/Afcore – technet.com
  Win32/Afcore comprises two components, a dropper and installed malware that runs as a backdoor. The backdoor component is injected into running processes and connects to a remote server to retrieve commands that are executed on the affected system. Commands could include instructions to steal passwords, attack other computers and so on.

Vendor/Software Patches:

• Patch Tuesday!
  Microsoft has released its April Patch Tuesday fixes, a large group of patches that includes updates for several critical holes in Internet Explorer as well as a patch that finally fixes the SMB client bug that disclosed publicly in February.
  • April Patch Tuesday Fixes Critical IE, SMB Bugs – threatpost.com
  • April 2011 MS Patch Tuesday – 17 patches, 64 vulnerabilities – nakedsecurity.sophos.com
  • Microsoft Patch Tuesday – April 2011 – symantec.com

Other News:

• ATM Skimmers: Hacking the Cash Machine – krebsonsecurity.com
  Most of the ATM skimmers I’ve profiled in this blog are comprised of parts designed to mimic and to fit on top of existing cash machine components, such as card acceptance slots or PIN pads. But sometimes, skimmer thieves find success by swapping out ATM parts with compromised look-alikes.
• SSL Issues: Solutions, Opinions and News
  What lies ahead for SSL? The recent Comodo hack taught us that what we thought was a robust security protocol is nothing but a house of cards.
  • How is SSL hopelessly broken? Let us count the ways – theregister.co.uk
  • ssl certs: just enough security? – terminal23.net
  • SSL And The Future Of Authenticity – blog.thoughtcrime.org
• Apple’s AirTunes/AirPlay private key extracted and published – h-online.com
  Developer James Laird has extracted the AirTunes/AirPlay private key from an Apple Airport Express, opening the way for third-party applications to play back iTunes streams.
• BREAKING NEWS: Sony’s War On Hackers, Tinkerers And Innovators “Settlement In George Hotz Case” – blog.makezine.com
  Sony Computer Entertainment America (“SCEA”) and George Hotz (“Hotz”) today announced the settlement of the lawsuit filed by SCEA against Hotz in federal court in San Francisco, California. The parties reached an agreement in principle on March 31, 2011. As part of the settlement, Hotz consented to a permanent injunction.
• How Phishers Will Use Epsilon Data Against You – threatpost.com
  There has been a lot of online venting and hand-wringing in the week since customers of email services provider Epsilon began informing millions of individuals in North America and Europe that their name and e-mail address had  been stolen in a massive data breach.
• USPS.gov Website Infected with Blackhole Exploit Kit – research.zscaler.com
  As we’ve discussed previously, the Blackhole Exploit kit, a commercial exploit kit developed by Russian hackers, is being seen in an increasing number of attacks.
• Milw0rm and inj3ct0r Merge Into 1337day.com – greyhat-security.com
  Less than an hour ago, a message was sent out via the Milw0rm.com Facebook group, announcing both a merger for milw0rm.com and inj3ct0r.com, and simultaneously, a move for inj3ct0r.com into a new domain, 1337day.com.
• Government Agrees With Microsoft: Google Wasn’t Certified [Update] – readwriteweb.com
  Today, the U.S. government agreed with Microsoft’s accusation that Google had provided misleading information about whether or not its Google Apps for Government is certified under the Federal Information Security Management Act (FISMA).
• DOJ gets court permission to attack botnet – itworld.com
  The U.S. Department of Justice and U.S. Federal Bureau of Investigation have obtained a temporary restraining order allowing them to disrupt a computer virus that created an international botnet controlling more than 2.3 million computers as of early 2010, the DOJ announced Wednesday.

• CanSecWest Vancouver 2011 Presentation Files – cansecwest.com
  Comprehensive list of presentations during the recently concluded CanSecWest 2011
• The Symantec Internet Secuirty Threat Report Volume 16 Is Here! - symantec.com
  We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available.
• Jeremiah Grossman Reveals His Process For Security Research – resources.infosecinstitute.com
  In our ongoing series of interviews, this week Jeremiah Grossman answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.
• Securing IPv6 – cisco.com
  In this post, we’ll talk about some of the things to consider when securing IPv6 compared to IPv4.
• My Review of SANS FOR610: Reverse Engineering Malware – chrissanders.org
  I had the opportunity to take the SANS FOR610: Reverse Engineering Malware course in Orlando a couple of weeks ago and I wanted to write about my experience with the course.
• Rick Hayes – Assessing and Pen-Testing IPv6 Networks – vimeo.com
  IPv6 attack video discussion.
• vSphere 4.1 Hardening Guide released – run-virtual.com
  The guide covers topics from VMX parameters (special VM configuration settings), ESX host settings, vCenter setup and Virtual Networking guidelines.

Tools

• Wappalyzer Web Technology Identifier – darknet.org.uk
  Wappalyzer is an add-on for Firefox that uncovers the technologies used on websites.
• USBsploit v0.6b! – secuobs.com
  USBsploit is a PoC to generate Reverse TCP backdoors, malicious PDF or LNK files.
• MOSCRACK-2.04b! – sourceforge.net/projects/moscrack/
  Moscrack is a perl application designed to facilitate cracking WPA keys on a cluster of computers.
• RETINA Community – eeye.com
  Retina Community is a completely free tool powered by eEye’s renowned Retina Network Security Scanner technology. For up to 32 IPs, the product identifies vulnerabilities (including zero day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments.
• Peach v2.3.8 – sourceforge.net/projects/peachfuzz/
  Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.
• THC-HYDRA v6.2 – thc.org
  THC-HYDRA is a very fast network logon cracker which support many different services.
• Skipfish-1.86b – code.google.com/p/skipfish/
  Skipfish is a fully automated, active web application security reconnaissance tool.
• Cain & Abel v4.9.40 released – oxid.it
  This update includes an added Proxy support for Cain’s Certificate Collector, the ability to specify custom proxy authentication credentials for Certificate Collector, and others.
• The Social-Engineer Toolkit v1.3.3 – secmaniac.com
  The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
• Kismet-2011-03-R2 – kismetwireless.net
  Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
• IDA Pro 6.1 Disassemble Android Bytecode – hex-rays.com
  The new version can disassemble Android bytecode (Dalvik). An IDA user kindly contributed the processor module and file loader.

Techniques

• Remotely execute edm.exe commands on multiple computers – gallery.technet.microsoft.com
  This script invokes whatever command you can use in cmd.exe on one or more computers you input the command you’d like to run as a screen input when you run the script.
• SMBRelay Bible 5: SMBRelay attacks on corporate users – dsecrg.blogspot.com
  Today we will talk about client-side attacks. An attack of a network is a progressive action. Usually, we escalate our rights step-by-step from nothing to a domain administrator.
• Another Big One – golubev.com
  Ivan Golubev tests out the new Radeon HD6990 and compares it to the 5970.
• Slack Attack 0Day Windows Network Interception network Vulnerability – resources.infosecinstitute.com
  This article describes a proof of concept of an interesting application of IPv6.

Vendor/Software Patches

• Apple iOS 4.3 adds additional IPv6 user security – intrepidusgroup.com
  In IPv4, there is a requirement to have an external entity handle IP address assignments.
• WordPress 3.1.1 is available (security fixes) – sucuri.net
  Some security hardening to media uploads, performance improvements, fixes for IIS6 support and fixes for taxonomy and PATHINFO (/index.php/) permalinks.

Other News

• Comodo Hack Fallout
  Some opinions on the recent Comodo hack
  • Comodo Hack May Reshape Browser Security – news.cnet.com
  • The Problem of Issuing Certs For Unqualified Names – threatpost.com
• Epsilon Spear Phishing Crisis
  Security experts are warning consumers to be especially alert for targeted email scams in the coming weeks and months.
  • Epsilon breach Raises Specter of Spear Phishing – krebsonsecurity.com
  • List of Companies Hit By Epsilon Breach – threatpost.com
  • Epsilon Data Breach Expands To Inlcude Capital One, Disney, Others - threatpost.com
  • The Epsilon Phishing Model – garwarner.blogspot.com
  • Playcom customers receiving malicious emails, Silverpop blamed – net-security.org
  • After Epsilon: Avoiding Phishing Scams & Malware – krebsonsecurity.com
  • Your Email Address Was Stolen. Now What? – readwriteweb.com
  • How to protect yourself from future Epsilon breach – erratasec.blogspot.com
• EMC (RSA) Buys NetWitness
  It is no surprise that EMC has acquired Netwitness. Looks like they are serious about this security stuff.
  • EMC (RSA) Acquires NetWitness – spiresecurity.com
  • Fool us once… EMC/RSA Buys NetWitness – securosis.com
• Symantec Logged 286 Million New Threats In 2010 – darkreading.com
  Unique malware and variants galore, and more than 40 percent more mobile vulnerabilities than a year ago.
• Conde Nast Got Hooked On $8 Million Spear Phishing Campaign – wired.com
  The alleged swindler failed to withdraw any funds before federal authorities intervened and froze the money, but the case highlights how little effort a scammer needs to invest in order to get a big payday.
• Fixing the SSL cert nightmare – root.org
  In response to this compromise, many people are recommending drastic changes.
• More Spearphishing: RSA breach news
  Security firm RSA announced in March that it had been the victim of a hack that it described as “extremely sophisticated.”
  • Biggest Lesson From Rsa: Security Really Is Hard – terminal23.net
  • Spearphishing + 0day: RSA hack not “extremely sophisticated” – arstechnica.com
• Unqualified Names in the SSL Observatory – eff.org
  Using data in EFF’s SSL Observatory, we have been able to quantify the extent to which CAs engage in the insecure practice of signing certificates for unqualified names.
• Pandora Mobile App Transmits Gobs Of Personal Data – threatpost.com
  The analysis was conducted by application security firm Veracode and found that Pandora’s free mobile application for Android phones tracked and submitted a range of data, including the user’s gender, geographic location and the unique ID of their phone, according to an entry on Veracode’s blog.

• ShmooCon CTF 2011 Ghost In the Shellcode – ghostintheshellcode.com
  Congratulations to ppp for winning the second GitS CTF! The game board as it was when the contest ended is now live, though answers are not accepted, nor are any of the exploitable services running.
• Just like the real thing - blog.uncommonsensesecurity.com
  The goal is to build a truly “enterprise class” network, and they pull it off every year.
• RSA 2011
  Last year we produced a pretty detailed Guide to the Conference and it was well received, so – gluttons for punishment that we are – we’re doing it again
  • RSA Guide 2011: Key Themes – securosis.com
  • Researchers To Hit Major Website In Drive-By At RSA – darkreading.com

Resources

• USB Attacks On Linux
  Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years.
  • USB Autorun Attacks Against Linux – linux.slashdot.org
  • ShmooCon 2011 Presentation - blog.iss.net
  • Microsoft says RIP Windows XP AutoRun for USB – itnews.com.au
• Some common infosec job roles and related certifications – resources.infosecinstitute.com
  Most people hear the term Infosec, and they automatically associate that with network and telecom security, but in reality it’s much broader than that.
• Project Ubertooth: Building A Better Bluetooth Adapter – ossman.blogspot.com
  Video of my presentation,Project Ubertooth: Building a Better Bluetooth Adapter, at ShmooCon 2011 is now online.
• Apple iOS Push Notifications: Security Implications, Abuse Scenarios, and Countermeasures – blogs.sans.org
  In this article, I will briefly introduce details of how APN works and present scenarios of how insecure implementations can be abused by malicious parties.
• Cisco 4Q10 Global Threat Report - blogs.cisco.com
  The Cisco 4Q10 Global Threat Report is now available for download. The report showcases data from the 4th calendar quarter (October 1, 2010 – December 31, 2010).
• ShmooCon 2011 Debriefing - blog.fortinet.com
  First, just like in BlackHat DC 2011, this year’s conference had several talks on smart phones. Good news! I was however slightly surprised they all concerned Android.
• Five Key Design Decisions That Affect Security In Web Applications - blogs.sans.org
  Senior developers and architects often make decisions related to application performance or other areas that have significant ramifications on the security of the application for years to come.
• What netsec-like podcasts do you listen to? - risky.biz
  I’m having a hard time getting my fill of security related news and discussion. I’m down to two podcasts that I listen to weekly.
• Exploit Kits – A Different View – securelist.com
  Exploit kits are packs containing malicious programs that are mainly used to carry out automated ‘drive-by’ attacks in order to spread malware.
• Password/Word Lists – room362.com
  Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords.
• Multi-State Information Sharing & Analysis Center CyberSecurity Digital Dashboard – msisac.org
  I stumbled upon this and was kind of impressed.

Tools

• PDF Exploit Disguised As A Xerox Scanned Document - labs.m86security.com
  Most office network printers and scanners have a feature that sends scanned documents over email. Cyber crooks however, have imitated email templates used by these devices for malicious purposes
• The Honeynet Project Releases New Tool: PhoneyC - chuvakin.blogspot.com
  As promised, I will be reposting some of the cool new announcements from The Honeynet Project here on my blogsince I now serve as Project’s Chief PR Officer.
• MetaSploit Framework 3.5.2 Released – blog.metasploit.com
  On February 1st, Eduardo Prado of Secumania notified us of a privilege escalation vulnerability on multi-user Windows installations of the Metasploit Framework.
• Open SCAP v0.6.8 released – open-scap.org
  The OpenSCAP Project was created to provide an open-source frameworkto the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.
• SSL Diagnosis v0.8.1a released – sourceforge.net
  SSL Diagnos is used to get information about SSL usage (protocols ssl2, ssl3, tls, dtls, and ciphers). It can also be used for testing and rating ciphers on SSL clients.
• Passwords shared between rootkit.com and gawker – terminal23.net
  This is a classic journo case of an editor-sensationalized title for an article that doesn’t really get reasonable until the last two paragraphs where it kinda puts the brakes on calling password reuse “endemic.”
• UPDATE: Nmap 5.51! – nmap.org
  Wow! In about two weeks time, another Nmap release! We now have Nmap version 5.51! The last release was Nmap 5.50, which we wrote about here.
• eEye to Release Free Vulnerability Scanner with Zero -Day Identification and Configuration Auditing – eeye.com
  eEye Digital Security, a provider of IT security and unified vulnerability management solutions, today announced the pre-release of Retina Community.
• UPDATE: Fiddler v2.3.2.3! - fiddler2.com
  Our first post regarding Fiddler, the web debugger can be found here. On the 13th of February, an update was released.
  

Techniques

• A Python Domains Extractor From IPs – blog.kaffenews.com
  I developed it in 5 mins just because I had to do a PT on a list of IP Addresses and it was needed to get the Domains from IPs.
• TrueCrypt
  After I read the documentation and some reviews I realize that it is a very secure piece of software that implements many high level features so I knew I will not be easy, at least in theory.
  • Cracking a TrueCrypt Container - shortinfosec.net
  • TrueCrypt Self-Bruteforce - q-protex.com
• What is Mausezahn? – peripheral.at
  Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet.
• Proxocket
  • Proxocket - sethioz.co.uk
  • Proxocket – DLL Proxy For Winsock – darknet.org.uk
  • Proxocket – A Winsock Proxy Sniffer - netresec.com

• Move over tsgrinder/tscrack hello ncrack – carnalOwnage.attackresearch.com
  So thanks to mubix for telling me that ncrack now supports RDP. very cool stuff.
• Left or right handed passwords - justanotherhacker.com
  Are you left or right handed? How about your password? English based passwords seem to be predominantly left handed.
• Hidden bandit Inside NeoSploit - symantec.com
  Over the last few years, Symantec has observed a substantial rise in the use of exploit kits.
• Breaking web security – it’s all about RCS – net-ninja.net
  I will be discusing ways in which we can include error handling, anonymimity and how we can build the exploit so that the auditor has a reliable and flexible weapon.
• Decoding HTML Style tag based malicious frames - research.zscaler.com
  Injecting clear text or obfuscated malicious Iframes has become a common attack vector.
• Universe’s best and legal Mac OS X reversing tutorial for newbies – reverse.put.as
  I have decided to re-release my beginners tutorial, this time based on a crackme, so it deserves the upgrade to Universe instead of World.
• Android Gmail App: Stealing Emails via XSS - spareclockcycles.org
  This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior.
• Android Reverse Engineering – thomascannon.net
  This project all started when I was asked tot ake a look at a software product that was under evaluation.
• Forensic Examination of Pointsec Encrypted Drives - dfsforensics.blogspot.com
  Many organizations use Pointsec (Check Point) full disk encryption in order to keep their data secure, especially in the case of laptops.
• Blackhole exploits kit attack growing - research.zscaler.com
  Recently, we have seen an increase in Blackhole exploit kit attacks. Blackhole is yet another web exploit kit developed by Russian hackers.
• Better Passwords In Under 200 Characters - blog.wearpants.org
  Good password security is a pain in the neck. Done properly, it requires a different password for every site.

Vendor/Software Patches

• February 2011 Microsoft Black Tuesday Summary – isc.sans.edu
  Here are the February 2011 Black Tuesday patches.  Enjoy!
• Adobepatch
  Adobe released updates for Reader for 9.4.2 and 10.0.1.  While this page on Adobe’s site doesn’t actually list them correctly, if you drill down into the actual product and OS, you’ll see the updates listed for 2/8/2011.
  • Adobe Reader 9.4.2 and 10.0.1 Updates are out - isc.sans.edu
  • Adobe patches for Shockwave, Flash, Reader, and Cold Fusion – isc.sans.edu
• Adobe, Microscoft, WordPress Issue Security Fixes – krebsonsecurity.com
  Talk about Patch Tuesday on steroids! Adobe, Microsoft and WordPress all issued security updates for their products yesterday. In addition, security vendorTipping Point released advisories detailing 21 unpatched vulnerabilities in products made by CA, EMC, HP, Novell and SCO.
• VMWare Security Advisory - vmware.com
  Updated versions of the Cisco Nexus 1000V virtual switch address a denial of service in VMware ESX/ESXi.

Vulnerabilities

• Last August, TippingPoint said they will enforce a six-month disclosure on bought bugs that haven’t been patched. Today, TippingPoint rolled out 22 - dvlabs.tippingpoint.com
  These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010.
• Comcast DOCSIS 3.0 Business gateways Multiple Vulnerabilities – exploit-db.com
  With these default credentials, internal attackers can modify deviceconfigurations to leverage more significant attacks, including redirection of DNS requests.

Other News

• Anonymous vs. Aaron Barr/HBGary
  A security researcher claims to have infiltrated the higher echelons of the Anonymous organisation and identified key leaders’ names and addresses.
  • Anonymous infiltrates the HBGary security company, which was tasked with infiltrating Anonymous by the FBI –  reddit.com
  • Researcher claims to have infiltrated Anonymous high command - v3.co.uk
  • HBGary Federal Hacked by Anonymous – krebsonsecurity.com
  • Anonymous hacks security company HBGary, Dumps 50,000 emails online - readwriteweb.com
  • Measuring password re-use empirically - lightbluetouchpaper.org
  • Anonymous Attacks US Security Company – guardian.co.uk
  • rootkit.com cleartext passwords – dazzlepod.com
  • How One Man Tracked Down Anonymous – And Paid A Heavy Price – wired.com
  • HBGary’s conversations with Feds – uiu.me
  • HBGary’s conversations with the Feds pt. 2 - uiu.me
  • blow by blow of how Anonymous gained root access on rootkit.com – dazzlepod.com
  • The Report on Anonymous by Aaron Barr - cryptome.org
• Rootkit.com’s MySQL database leaked – stfu.cc
  Come on, I know it’s /r/netsec, so we should be familiar with checking URLs before clicking, but I’d expect at least a warning before clicking a direct download of a company’s database.
• Hatfields and McCoys 2011 Style – 1raindrop.typepad.com
  By itself its an derisive, throw away comment that security people make about developers all the time, and of course developers are not averse to throwing haymakers back at security people.
• Sony Marketing Man Tweets PS3 Master Key - twitpic.com
  My life is complete. Sue yourself, Sony.
• iPhone Password Hack
  Researchers in Germany say they’ve been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone’s passcode.
  • iPhone Attack Reveals Password In 6 Minutes - techworld.com.au
  • iPhone Hacked and Passwords Stolen In Just 6 Minutes - cyberarms.wordpress.com
  • How to steal passwords from a locked iPhone - nakedsecurity.sophos.com
  • Researches steal iPhone password in 6 minutes – engadget.com
• Secret Plan To Kill WikiLeaks With FUD Leaked – wikileaks.ch
  Three information security consultancies with links to US spy agencies cooked up a dirty tricks campaign late last year to destroy Wikileaks by exploiting its perceived weaknesses.
• Hackers hit ‘at least five oil and gas firms’ – bbc.co.uk
  Hackers have run rampant through the networks of at least five oil and gas firms for years, reveals a report.
• Night Dragon attacks: myth or reality – nakedsecurity.sophos.com
  Many readers will have seen the press around a series of hacking attacks that have been labelled the ‘Operation Night Dragon’ attacks by McAfee.

• A Shmoocon Preview – blogs.macafee.com
  At about a third of the size of a larger conference like Black Hat, it’s much easier to talk to the speakers without fighting with a crowd. Past years have had good presentations on mobile phone security and this year is no exception.
• Black Hat DC 2011
  We are currently at the awesome BlackHat DC event, with hundreds of attendees coming from many different countries worldwide.
  • Black Hat itinerary - blackhat.com
  • Black Hat DC 2011: Inglourious Hackerds - blog.tehtri-security.com
  • Mobile Attacks reign At Black Hat DC – threatpost.com
  • Fake GSM base station trick targets iPhone – networkworld.com
  • Quirky moments at Black Hat DC 2011 -networkworld.com

Resources:

• Cisco 2010 Annual Security Report - reddit.com
  The Tipping Point: Cybercriminals Targeting Mobile Platforms
• Dress For Success In the Corporate Setting
  If your organization truly judges you based on what you wear, and not what you know and what you do, then you are working for the wrong organization.
  • Common traits of future Infosec leaders – terminal23.net
  • The Appearance Myth – securosis.com
  • Fashion Advice from Infosec Leaders – infosecleaders.com
• The Legality of the Certificate Authority  Trust Model – schneier.com
  We looked at the standard legal documents issued by the certificate authorities or “CAs,” including exemplar Subscriber Agreements (agreements between CAs and website operators).
• Getting Started With Corporate iPad and iPhone Mobile Security – redspin.com
  Mobile devices like the iPhone and iPad are a top security concern for 2011. The first step to addressing this risk is to put a security policy in place that addresses mobile devices.
• Cisco Explains the 7 Deadly Weaknesses of Social network Users and More in Security Report - readwriteweb.com
  Cisco released its 2010 Annual Security Report yesterday. The report covers criminals’ slow shift from targeting Windows PCs to targeting other operating systems and devices, the importance of exploiting users’ trust in their social network friends and the rise of Java exploits, and more.
• Top 10 Web Hacking Techniques of 2010 – jeremiahgrossman.blogspot.com
  Now in its fifth year the Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work.

Tools:

• w3af: Better, Stronger, Faster – blog.rapid7.com
  By downloading this release you’ll be able to enjoy new vulnerability checks, more stable code and a about 15% performance boost in the overall speed of your scan.
• R-U-Dead-Yet version 2.2 – chaptersinwebsecurity.blogspot.com
  I forgot the fact that people develop hunger for features and bug fixes even when software is open-source and free. Oh well, I guess that’s a responsibility that comes with the will to satisfy your end users.
• AutoDiff Online – marcoramilli.blogspot.com
  AutoDiff is a project which performs automated binary differential analysis between two executable files.
• MS Attack Surface Analyzer Release
  Microsoft unveiled a new tool this week in conjunction with the Blackhat DC conference — the Attack Surface Analyzer.

• • MS Attack Surface Analyzer – digitalbond.com
  • New Tool: Announcing Attack Surface Analyzer – blogs.msdn.com

Techniques:

• Who’s who of bad password practices – troyhunt.com
  But what happens when the website won’t allow you to create a secure password? Or at least when they severely constrain your ability to create long, random, unique passwords?
• Share your nmap parameters! – reddit.com
  What parameters do you usually use in your nmap scans? Any interesting combinations? I usually go with: nmap -v -A -p1-65535 -O2 -T4 ipaddress
• Quickpost: Checking ASLR – blog.didierstevens.com
  Some people asked me for a simple way to check shell extensions for their ASLR support. You can do this with Process Explorer.
• Finding AES keys - jessekornblum.livejournal.com
  Today I’m publishing a little utility to search for AES keys. It was originally intended for searching memory images, but you can use it to search anything really.
• How To Crack Just About Any Mac App – lifehacker.com
  By walking through how I can hack your app with only one Terminal shell, I hope to shed some light on how this is most commonly done, and hopefully convince you to protect yourself against me.
• Episode 266 – pauldotcom.com
  PaulDotCom Security Weekly – Episode 226 – for Thursday January 13th, 2011.
• Return of the Sprayer - h-online.com
  If they jumped to code injected onto the stack or heap, “just like in the good old days”, data execution prevention (DEP) would trigger an interrupt and the system would terminate the carefully pwned process before it could cause any damage.
• Exploit in the wild for MS06-014 – research.zscaler.com
  Although 0day vulnerabilities receive all the attention, it’s not unusual to see attackers still taking advantage of old vulnerabilities to attack end users
• Unrestricted File Download V1.0 – soroush.secproject.com
  I do not want to talk about Insecure Direct Object References without any protection as they are obviously exploitable; Instead, I want to talk about bypassing the protected ones!
• Exploiting Smartphone-USB connectivity for fun and profit - docs.google.com
  Unfortunately, these new capabilities  coupled with the inherent trust users place on the USB physical connectivity and the lack of any protection mechanisms render the USb an insecure link, prone to exploitation.
• Mobile Device Security and Android File Disclosure – blog.metasploit.com
  Specifically, he found that it was possible to obtain the contents of files on an Android device by simply persuading its owner to visit a web site under attacker control. The issue only garners a 3.5 CVSS score, but yet it’s still fairly serious.

Vulnerabilities:

• IBM WebSphere MQ Invalid Message Remote Buffer Overflow Vulnerability – securityfocus.com
  IBM WebSphere MQ is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
• Malware update: .co.cc malicious entries – blog.sucuri.net
  For the last weeks (actually months), we’ve been tracking a large number of malware from .co.cc domains. It seems that every .co.cc domain we find is being used to host either malware or spam.

Vendor/Software Patches:

• Oracle Black Tuesday Patch
  If you are an Oracle user, get ready for your very own Patch Tuesday, which comes tomorrow.
  • Patch Tuesday – now for 28 products in the Oracle stable – nakedsecurity.sophos.com
  • Oracle patches 66 vulnerabilities - h-online.com
  • Perspective on the latest Oracle patches – blog.imperva.com

Other News:

• Keyless cars vulnerable to hack, theft - cnet.com
  Keyless car entry and start systems make it easy to get on the road, but they could also make it easier for criminals to take off with your car. And strong encryption won’t solve the problem.
• Stuxnet vs. Iran nuclear enrichment
  Rather than being proud of its stealth and targeting, the authors should be embarrassed at their amateur approach to hiding the payload.
  • Stuxnet is embarrassing not amazing – rdist.root.org
  • New info on Stuxnet – f-secure.com
  • Did a U.S. Government Lab Help Israel Develop Stuxnet? – wired.com
• ATM Skimmers, Up Close – krebsonsecurity.com
  Recently, I found a guy on an exclusive online scammer forum who has been hawking a variety of paraphernalia used in ATM skimmers.
• Coming soon: a new way to hack into your smartphone - itworld.com
  More than three years after the iPhone was first hacked, computer security experts think they’ve found a whole new way to break into mobile phones — one that could become a big headache for Apple, or for smartphone makers using Google’s Android software.
• Two Charged in AT&T hack of iPad Customer Data - wired.com
  Two suspects have been charged with federal crimes for allegedly hacking AT&T’s website last year to obtain the personal data of more than 100,000 iPad owners.
• Why you should always encrypt your smartphone – arstechnica.com
  Last week, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant.
• Hacking with USBs
  Two researchers have figured out a way to attack laptops and smartphones through an innocent-looking USB cable.
  • Researchers turn USB cable into attack tool - cnet.com
  • Hacking with USB keyboard emulators – h-online.com
• Online banking trojan developing fast – h-online.com
  Trojan construction kit Carberp, which first emerged in the autumn, appears to be undergoing rapid development, according to reports from sources that include security services provider Seculert.
• Android Trojan captures credit card details – thinq.co.uk
  The team, comprised of Roman Schlegel from the City University of Hong Kong and Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, and Xiao Feng Wang from the Indiana University Bloomington, call their creation ‘Soundminer’ – and its implications are far-reaching.

• Shmoocon CTF Warm up Contest – JavaScrimpd – blog.stalkr.net
  Last week-end was ShmooCon CTF Warmup Contest. Three challenges, the last one being an ELF binary + hostname of a server.

Tools

• OWASP Zed Attack Proxy 1.2.0 Released - vulnerabilitydatabase.com/toolswatch/2011
  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Techniques

• Beginning Mac Hacking – mrspeaker.net
  He was a very mystical fellow, and spoke about reverse engineering with a sense of grand importance and just a pinch of spiritually – all very enticing to a nerdy youngster like myself.
• Waking up the Sleeping Dragon - thesauceofutterpwnage.blogspot.com
  On September 28, 2010 I notified Beijing based WellinControl Technology Development Co.,Ltd and CN-CERT that one of Wellintech’s products had a very serious security vulnerability, and that if properly leveraged would allow an attacker to exploit the bug and execute arbitrary code.
• Alexa Illustrates Web Securities Risks (part 1) – research.zscaler.com
  I recently needed to look at some Alexa data related to their tracking of the top web domains visited for a side project that I was working on.
• Sudo -g privilege escalation (CVE-2011-0010) – blog.c22.cc
  I noticed this bug come across the wire earlier today and thought I’d take a few minutes to take a look.
• Dumping the RMI Registry with NMAP – www.swende.se
  A while ago, I wrote a NSE script to a Java RMI Registry and dump out information about the objects in the registry. This is a blog-post to shed some light on NSE-development in general and that script in particular.
• Continuous Web Application Security Scanning With Netsparker and TeamCity – troyhunt.com
  One of the problems with software security is that it’s easy for it to appear a bit like black magic, or at least like an entirely foreign industry to software development.
• HeapLocker: NOP Sled Detector – blog.didierstevens.com
  When you enable NOP sled monitoring, HeapLocker will create a new thread to periodically check (every second) newly committed virtual pages that are readable and writable.

Vendor/Software Patches

• Microsoft Black Tuesday
  • Microsoft Security Bulletin Overview – ghacks.net
    The second Tuesday of a month is Microsoft’s patch day where the software company releases security patches and fixes for its products.
  • January 2011 Microsoft Black Tuesday Summary – isc.sans.edu
    Happy New Year Everyone!   Here is the 2011 Black Tuesday kick off with only two patches.  Enjoy!

Other News

• 10 Devious New Ways That Computer Hackers Can Take Control of Your Machines or Fix Them – i09.com
  Straight from CCC, here are ten ways hackers will subvert your computer, phone, bank card, and life in 2011.
• Security researcher, Cybercrime Foe Goes Missing – wired.com
  A well-known security researcher and cybercrime foe appears to have gone missing in Bulgaria and is feared harmed, according to a news organization that hosts a blog the researcher co-writes.

• Exploit Packs Run On Java Juice – krebsonsecurity.com
  Today, I’ll highlight a few more recent examples of this with brand new exploit kits on the market, and explain why even fully-patched Java installations are fast becoming major enablers of browser-based malware attacks.
• The Application Security Spending Conundrum – jeremiahgrossman.blogspot.com
  To obtain a quote, the online insurer asked my age, where I lived, how much I drive and where, the year, make, and model of my cars, about my driving record, and how much coverage I wanted.

• Derbycon
  I will admit there is limited spacing, we rented the entire second floor of the Hyatt and tickets will go fast.
  • new hacker con, hell of speaker list: DerbyCon – reddit.com
  • Derbycon Teaser Video and website launch date announced – secmaniac.com
• ShmooCon CTF Warmup 2011 – cylab.cmu.edu
  A couple of PPP members (awesie, tylerni7) participated in the ShmooCon CTF Warmup. It was lots of fun and awesie got the prize! We also figured we should post a write-up for #3.

Resources:

• Ubertooth video and news – ossman.blogspot.com
  This will be a longer presentation telling the complete story of the development of Project Ubertooth and demonstrating new capabilities of the platform (hopefully with working Ubertooth One prototypes).
• How To Deploy IPv6 Securely – readwriteweb.com
  The number of available IPv4 addresses is expected to run out in less than a year, as we’ve reported before.
• MobileSubstrate wiki - iphonedevwiki.net
  MobileSubstrate consists of 3 major components: MobileHooker, MobileLoader and safe mode.

Tools:

• SSL Diagnos is used to get information about SSL usage – sourceforge.net/projects/ssldiagnos/
  It can also be used for testing and rating ciphers on SSL clients. It has also specific support for pop3s, sip, smtp and explicit ftps.
• Nessus Viewer v1.0.0 released – vulnerabilitydatabase.com
  Nessus Viewer enables IT Security auditors and penetration testers to quickly navigate inside Nessus reports by sorting and filtering each entry.
• R-U-Dead-Yet Version 2.1 - chaptersinwebsucirity.blogspot.com
  The forms and their post action url’s are now parsed correctly. So here comes v2.1 with the bug fix.

Techniques:

• Windows UAC Bypass now in Metasploit! – secmaniac.com
  The Windows UAC bypass was committed to the Metasploit Framework today.
• Flash Player Sandbox bypass
  Unfortunately, these restrictions are not the same as, “cannot communicate with the network in any way” which is what is stated in the documentation.
  • Bypassing Flash’s local-with-filesystem Sandbox – xs-sniper.com
  • Flash Player sandbox can be bypassed – h-online.com
• Metasploit SAP Management Console AUX Modules – blog.c22.cc
  I see no ethical issue in releasing the information gathering modules that take advantage of this bug, as quite honestly, anybody with an SAP system and tcpdump could find this in a few minutes.

Vendor/Software Patches:

• Apple releases Mac OS X 10.6.6 update – h-online.com
  Apple has now posted its detailed About the Mac OS X v10.6.6 Update knowledge base article.

Other News:

• Dell Acquisition of Secureworks
  Dell announced they are acquiring SecureWorks, the MSSP, for an undisclosed sum.
  • HP(en!s) Envy: Dell Buys SecureWorks – securosis.com
  • Dell to acquire SecureWorks – h-online.com
• Car Theft thru hacking
  Car thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key.
  • Car Theft by Antenna – technologyreview.com
  • Hacking your car for fun and profit – snosoft.blogspot.com
• US revamps science, technology standard-setting efforts – networkworld.com
  The NIST has been given new marching orders: expand work with the private sector to develop standards for a range of key technologies such as cloud computing, emergency communications and tracking, green manufacturing and high performance green building construction.
• Researchers Hack Internet Enabled TVs, Discover Multiple Security Vulnerabilities – securityweek.com
  Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it’s likely that similar security flaws exist in other Internet TVs.
• Researcher Develops Password Hacking Software for Wi-Fi Networks Using Amazon Web Services – readwriteweb.com
  A researcher has developed software for breaking password protections used for wireless networks.

• RSnake, Web Security and a few beers – andlabs.org
  Reminiscing Black Hat Abu Dhabi.
• DojoCon Follow-Up – novainfosecportal.com
  Although there was a formal CFP, everything else followed a traditional unconference format.
• SANS SEC660: Post Mortem – c22.cc
  The class is designed to cover the ground between the SEC560 Network Penetration Testing class and the SEC709/710 that Stephen Sims has been running for a while now (Exploit development).

Resources:

• Will it Blend? – xs-sniper.com
  I’m always humbled when I learn of what others are doing in the security community and even more humbled when asked to present.
• DOJOCON 2010 Videos – irongeek.com
  Below are the videos from the conference, at least the ones I can show , enjoy.
• IOS Crash Analysis and Rootkit Wiki – recurity.com
  Almost everything you need to know about Cisco IOS Forensics

Tools:

• Zozzle: Low-overhead Mostly Static JavaScript Malware Detection – microsoft.com
  In this paper, we propose ZOZZLE, a low-overhead solution for detecting and preventing JavaScript malware that can be deployed in the browser.
• Websecurify 0.8Alpha4 – code.google.com/p/websecurify/
  Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
• All about Heaplocker
  HeapLocker allows you to set a maximum to the amount of private virtual memory a process is using. If the maximum is exceeded, HeapLocker will suspend the process and inform the user.
  • HeapLocker: Private Memory Usage Monitoring – didierstevens.com
  • HeapLocker Tool Protects Against Heap-Spray Attacks – threatpost.com
• Netglub – netglub.org
  Really Open Source Information Gathering
• Gruyere – google-gruyere.appspot.com
  This codelab is built around Gruyere – a small, cheesy web application that allows its users to publish snippets of text and store assorted files.
• Metasploit Framework 3.5.1 Released! – metasploit.com
  This minor version release adds 47 new modules, including exploit covereage for recent bugs in the news: Exim4, Internet Explorer, and ProFTPd.
• Mantra Security Toolkit – getmantra.com
  The Mantra is a powerful set of tools to make the attacker’s task easier. The alpha version of Mantra contains following tools built into it.
• Squid-Imposter – github.com/koto/squid-imposter/
  Squid-imposter makes it easy to create Squid based proxy injecting your own content to chosen website URLs.
• pwnshell – a better jsp shell – i8jesus.com
  The world needs a JSP shell that really helps a blackbox attacker pivot to important assets, so I took a stab at it. It’s called quite lamely called pwnshell.

Techniques:

• Port Scanning with HTML5 and JS-Recon – andlabs.org
  Since even closed ports can be identified we can extend this technique to perform network scanning as well as internal IP detection.
• Capturing Windows Logons with Smartlocker – metasploit.com
  One of the most effective ways to capture the clear-text user password from a compromised Windows machine is through the “keylogrecorder” Meterpreter script.
• Attacking Windows Operating System over PowerShell – sectechno.com
  Now if you are on a penetration testing mission you start by running nmap searching for the live windows hosts on the network basically with 1433 active port (Mssql).
• Watch out for exim! – skullsecurity.org
  My strategy was to keep running ‘make’ and fixing what it complained about until it shut up and compiled.
• Conducting a Phishing Campaign in Metasploit Pro – carnal0wnage.attackresearch.com
  Only gripe is the lack of configuration ability in the exploit payload section. I’ve been told this will be addressed shortly even though a lot of work has been put into smart defaults the ability to change it when necessary would be nice.
• Mallory and Me: Setting up a Mobile Mallory Gateway – intrepidusgroup.com
  Improving the user experience from the initial code checkout to helping users “Mallorize” traffic is a key goal for the project.
• Metasploit and VNC Password Bruteforcing – carnal0wnage.attackresearch.com
  You probably missed it but jduck recently snuck in a VNC mixin and vnc_login module to the trunk.

Vulnerabilities:

• Ouch! HP Storage Device Admin Credentials Hardcoded, Security Experts Facepalm
  Hewlett Packard said in a statement that it has identified a “potential security issue” with one of its storage area networking (SAN) products and is readying a fix for the issue.
  • HP StorageWorks P2000 G3 MSA hardcoded user – sans.edu
  • HP Storage Hardware Harbors Secret Back Door – threatpost.com
• MS Bulletins
  • Microsoft Security Bulletin MS10-090 – Critical – microsoft.com
  • Microsoft Security Bulletin MS10-091 – Critical – microsoft.com

Vendor/Software Patches:

• Patch Tuesday cometh
  As part of our usual cycle of monthly security updates, today Microsoft is releasing 17 bulletins addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint Server and Exchange.
  • December 2010 Security Bulletin Release – technet.com
  • Microsoft Patch Tuesday – December 2010 – symantec.com
  • Microsoft Patches 40 Security Holes – krebsonsecurity.com
  • Microsoft Closes Door on Stuxnet with December Patch – threatpost.com
• Over 500 patches for SAP – h-online.com
  On Tuesday, SAP – one of the largest manufacturers of business applications and enterprise software – released a huge number of so-called Security Notes.

Other News:

• Gawker hacked linked to Acai berry spam in Twitter
  Over the weekend, up to 1.3 million passwords were stolen off of Gawker’s servers by a hacker group called Gnosis and then publicly shared on torrent site The Pirate Bay, for anyone and everyone to download.
  • Acai Berry spam attack connected with Gawker password hack, says Twitter – sophos.com
  • Gawker websites, Twitter hacked and spammed by ‘Gnosis’ – latimes.com
  • Gawker Media Websites Hacked, Staff and User Passwords Leaked – wired.com
  • Twitter Spam Attack Tied to Gawker Security Breach – readwriteweb.com
  • FAQ: Compromised Commenting Accounts on Gawker Media – lifehacker.com
  • Gawker hacked, 1.3m passwords stolen, 540k w/email addresses, check this table for yours: http://bit.ly/gYMsr – @hdmoore, twitter.com
  • The Top 50 Gawker Media Passwords – wsj.com
  • Semipublic Password Dumps – metasploit.com
  • Gawker: DES crypt fun using John the Ripper with MPI – intrepidusgroup.com
  • How can I encrypt my own passwords so they look like the gawker full_db.txt dump, so I know what password the internet has of mine? – reddit.com
• Major Ad Networks Found Serving Malicious Ads – threatpost.com
  Two major online ad networks–DoubleClick and MSN–were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider.
• Jailbreaks, iPhone, iPad, and MDM – intrepidusgroup.com
  This article will start with device security and gradually focus outward to a discussion on MDM. Today we will also make some comments on the thorny issue of jailbroken iOS devices.
• The Internet Goes to War – arbornetworks.com
  In general, getting accurate data about Internet attacks can be a challenge. Namely, a) companies avoid publicly discussing most attacks and b) the attacks can be difficult to measure or at least consistently compare.
• NSA considers its networks compromised – net-security.org
  The problem with cyber defense – especially when it comes to attacks backed by governments and intelligence organizations – is that attackers are usually highly motivated and often very well funded.
• UN mulls internet regulation options – itnews.com.au
  The United Nations is considering whether to set up an inter-governmental working group to harmonise global efforts by policy makers to regulate the internet.
• Why the US Government Attacking Wikileaks is a Bad Idea – zeropaid.com
  Whatever your take on this hot button topic is, few would argue that this story hasn’t caught a huge amount of international attention and draws a seemingly unprecedented amount of attention to the internet.
• Why Speed & Frequency of Software Security Testing Matter, A LOT – jeremiahgrossman.blogspot.com
  Therefore the speed and frequency of the testing process whether going with dynamic scanning, binary analysis, pen-testing, static analysis, line-by-line source code review, etc. matters a great deal.

• OWASP BeNeLux Day 2010 Wrap Up – rootshell.be
  Yesterday, the three OWASP Benelux chapters organized together their annual OWASP BeNeLux day.
• Ok folks, secwest11@cansecwest.com is live and the countdown timer goes to December 29th for entries to CanSecWest 2011 Call For Papers – twitter.com, @dragosr
• BayThreat was awesome, do it again! – mckeay.net
  Which is why smaller, local events like BayThreat, DojoCon and BSides are becoming so important to security professionals around the globe; the ability to go to a small, local event far outstrips the cost to value ratio of any of the big cons and it’s so much easier to actually see the speakers you want to see.

Resources:

• Course Review: Cracking the Perimeter by Offensive Security – ethicalhacker.net
  Building on material in the earlier course, Pentesting with Backtrack (PWB – Read Review), this offering provides intermediate students with a learning platform that can be used to become advanced practitioners of certain exploit methodologies.
• EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis – iseclab.org
  Our paper on detecting malicious domains by passively analyzing DNS is now online.
• DNS Tampering and Root Servers – renesys.com
  Enable DNSSEC. Don’t pass your queries across the GFW (if you can help it). If your government requires DNS-based technical controls, install them at the resolver.
• Neurosurgery with Meterpreter – securityaegis.com
  Really thought provoking talk by Colin Ames from Attack Research on meterpreter manipulation of memory and processes (SOURCE Boston 2010).
• Escaping from Microsoft’s Protected Mode Internet Explorer – verizonbusiness.com
  The level of protection offered by Protected Mode Internet Explorer ® is not well understood and there are common misconceptions about its status as a security feature.
• SQLi filter evasion cheat sheet (MySQL) – websec.wordpress.com
  This week I presented my experiences in SQLi filter evasion techniques that I have gained during 3 years of PHPIDS filter evasion at the CONFidence 2.0 conference.

Tools:

• Runasil – didierstevens.com
  Because I didn’t find a program to start an application with a given integrity level from “Image File Execution Options”, I wrote runasil.
• JavaSnoop 1.0 FINAL released! – i8jesus.com
  After 6 release candidates, roughly a thousand bugs fixed, dozens of improvements and features added, I finally think the tool is ready for general availability.
• j0llydmper – code.google.com/p/j0llydmper/
  j0llydmper is a windows service that allows you to dump furtively and automaticaly some content of USB disks just plugged in your computer.
• OWASP Zed Attack Proxy Project – owasp.org
  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
• Armitage 12.06.10 – fastandeasyhacking.com
  Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework.
• skipfish-1.82b – code.google.com/p/skipfish
  A fully automated, active web application security reconnaissance tool.
• Zozzle (Microsoft’s Javascript-Malware Analysis Tool) – kaffenews.com
  In a sentence Zozzle is a static web-page analyzer for detecting ‘Heap-Spray Exploits’.
• Bluelog v0.9.8 – digifail.com
  Bluelog is a Linux Bluetooth scanner written to do a single task, log devices that are in discoverable mode. It is intended to be used as a site survey tool, determining how many discoverable Bluetooth devices there are in a given environment.
• Hyenae v0.35-3 – sourceforge.net/projects/hyenae
  Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
• OVF Tool Documentation – vmware.com
  VMware OVF Tool is a command-line utility that allows you to import and export OVF packages to and from a wide variety of VMware platform products.
• VIDigger v1.0 – layeredsec.com
  VIDigger is designed to help administrators check the configuration of ESX server and the virtual machines hosted on ESX server against the VMware Infrastructure Hardening guide and other best practices.”
• Browser Exploitation Framework v.0.4.2 – code.google.com/p/beef/
  It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target.
• owasp-dos-http-post – code.google.com/p/owasp-dos-http-post/
  This tool was created and released GPLv3 Open Source for performance testing of systems and controls.

Techniques:

• The USB Stick O’ Death – spareclockcycles.org
  I’ve recently been researching and experimenting with USB malware, and I wanted to take a shot at developing my own malicious USB stick.
• Avoiding AV Detection – spareclockcycles.org
  My main goal in this research was to see how much effort it would take to become undetectable again, and the answer was ‘virtually none’.
• DOM based Cross-site Scripting vulnerabilities – acunetix.com
  Like server-side scripts, client-side scripts can also accept user input which can contain malicious code.
• Internet Explorer 9 ad blocking via “Tracing Protection” — no means yes. – jeremiahgrossman.blogspot.com
  User configurations will also be persistent across sessions, even when the browser is restarted, which is opposite to how InPrivate mode behaves. This is huge!
• Quick and Easy Oracle Default Password Enumeration – digitalbond.com
  For the purpose of this post, the SID enumeration and default account/password auditing are the most important features of oscanner.
• BlackBerry password cracking: multi-threaded, with hardware-accelerated AES – crackpassword.com
  The reason is pretty simple: we are not able to generate passwords that fast, especially when we perform all those nice mutations of wordlists passwords (changing the letter case, adding or replacing symbols etc).
• Firefox 3.6.13: damn you, corner cases – lcamtuf.blogspot.com
  As you may recall, one of the more significant shortcomings of the same-origin policy is that it does not give any guidance on handling documents with no inherent origin associated – that is, it fails to account for all the content coming from about:, data:, file:, and similar pseudo-URLs.
• On the effectiveness of DEP and ASLR – technet.com
  DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today.
• More updates (including RAR) – golubev.com
  Obviously it isn’t possible to reach with 83.5% utilization, so I’ve made some tests with 5xMD5 again and this time speed-up is here.

Vulnerabilities:

• Canon Original Data Security System Vulnerability – elcomsoft.com
  The credibility of photographic evidence becomes vital in numerous situations for insurance companies and courts, as they may accept digital image as indisputable evidence if it can be proven genuine.

Vendor/Software Patches:

• New version of OpenSSL fixes two vulnerabilities – h-online.com
  A flaw in an older workaround for Netscape browsers and servers can be remotely exploited to make an OpenSSL server downgrade the ciphersuite to a weaker one for subsequent connections.

Other News:

• Large US hosting provider hit in web attack – sophos.com
  When innocent users browse these sites, the injected JavaScript adds an iframe element to the page in order to load further malicious content from a remote site.
• Lab Matters: The Dark Side of Jailbreaking iPhones – securelist.com
  In this Q&A with Ryan Naraine, Raiu talks about the Jailbreakme.com vulnerability and exploit and the social engineering techniques used to take advantage of the popularity of jailbreaking utilities.
• History stealing by ad networks has got everyone afluster
  Researchers have discovered that dozens of Web sites are using simple Javascript tricks to snoop into visitors’ Web browsing history.
  • History stealing for ad networks – h-online.com
  • What You Should Know About History Sniffing – krebsonsecurity.com
• How Anyone Can Fake an ATM and Steal Your Money – gizmodo.com
  But skimmers don’t exactly have an aisle at Wal-Mart. In this Gizmodo investigation, we take a look at the scary internet black market where fraudsters get their tools.
• Top Abuses of Open Web Proxies – zscaler.com
  While there is nothing new or Earth-shattering in this post, I thought I’d share what I have seen as the top abuses of open web proxies – as this is an everyday occurrence involving a large volume of web transactions and is a constant annoyance on the Internet.
• OWASP 4.0 – owasp.blogspot.com
  The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure.
• Fix to Chinese Internet traffic hijack due in January – networkworld.com
  Policymakers disagree about whether the recent Chinese hijacking of Internet traffic was malicious or accidental, but there’s no question about the underlying cause of this incident: the lack of built-in security in the Internet’s main routing protocol.
• DHS, NIST, Financial Services Group Form Security Research Partnership – threatpost.com
  As the finger-pointing and name-calling surrounding the WikiLeaks issue continue in Washington, the White House this week facilitated a cooperative agreement among several key public and private organizations designed to spur joint information security research projects.
• Gov’t crackdown spurs initiatives to route around DNS – itworld.com
  The Net interprets censorship as damage and routes around it.
• Veracode Research Team Gives 5 Predictions for 2011 – veracode.com
  As we close out an security eventful 2010, the Veracode research team though it would be a good idea to think about what we are likely to see happen in 2011.
• US Military Bans Physical Media To Curb Leaks – techcrunch.com
  Ironically, the news comes via a leaked memo obtained by Wired’s Danger Room that insists that everyone from grunts to techs “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” under pain of court-martial.
• 23-Year-Old Russian Hacker Responsible Was for One-Third of Global Spam – gawker.com
  It’s probably because of Oleg Nikolaenko, a 23-year-old who was recently arrested for flooding the world with 10 billion spam emails a day.
• Apple Ditches Jailbreak Detection API in iOS – gizmodo.com
  In a move that has been left totally unexplained, Apple has ditched its jailbreak detection API that it introduced to iOS about six months ago.
• Apple and Google Make the Department of Defense Jump Through Hoops for Mobile Device Security – networkworld.com
  Lack of cooperation forces DISA to find security workarounds in order to provide Android and iPhone support for soldiers.

• Impersonating The Domain Administrator via SQL Server – commonexploits.com
  A recent presentation I gave for 7Safe. It demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled.
• RuxCon 2010 Materials – ruxcon.org.au
  Talk PDFs now posted. Nuff said.
• New SANS Course – Advanced Penetration Testing, Exploits, and Ethical Hacking (SEC660) – layeredsec.com
  I’m excited to announce a brand new course that Stephen Sims, Joshua Wright and myself have just completed. It is running for the first time in London this week and will be on the schedule in 2011 in numerous locations.
• Tutorial: John the Ripper – Why You Are Doing It Wrong – ethicalhacker.net
  In a professional penetration test, we don’t always have the time to allow JTR to run to completion, and we must rely on some additional techniques to speed things up including the use of wordlists or dictionaries.
• Yet Another WordPress Security Post – Part One – sucuri.net
  Information security is everyone’s responsibility, which means It starts with you. If you’re doing everything in your power to mitigate risk from your end, you’re less likely to end up with a website serving Viagra ads on Google.

Tools:

• Two New HTTP POST Attack Tools Released – sectechno.com
  Currently there is two free utility that may perform this attack d “R U Dead Yet?” and OWASP HTTP POST Tool tool offers unattended execution by providing the necessary parameters within a configuration file.
• thicknet – github.com/SpiderLabs/thicknet
  thicknet is a TCP session manipulation and take-over tool. The tool is
  initially aimed at downgrading Oracle sessions and issuing SQL queries
  using an already-established session. This is an early proof-of-concept,
  version, but the basic concepts are there to write modules and do MITM
  against a variety of protocols.
• Meterpreter scripts for RunAs privilege escalation & other mischief – grep8000.blogspot.com
  send_keystrokes.rb: Meterpreter script to interactively send keystrokes to an open application window using the vbscript SendKeys method. Can be used to escalate privileges into RunAs-invoked command shells on XP.
• sqlinject-finder – code.google.com/p/sqlinject-finder/
  Simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.
• cvechecker 2.0 – cvechecker.sourceforge.net/
  Version 2.0 is now available for this vulnerability  detection tool.
• Javasnoop – code.google.com/p/javasnoop/
  JavaSnoop attempts to solve this problem by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system.
• Social-Engineering Ninja v0.4 is out! – grey0.wordpress.com
  This is the new release of ninja phishing framework.

Techniques:

• Episode #123: Bad Connections – commandlinekungfu.com
  Similar to last week, this week’s challenge comes from Tim’s friend who is mentoring a CCDC team. The mentor was interested in creating some shell fu that lets them monitor all network connections in and out of a system and get information about the executable that’s handling the local side of the connection.
• Packet Payloads, Encryption and Bacon – packetstan.com
  Over the years I’ve used a couple of techniques to evaluate the content of packet captures to determine if the traffic is encrypted or just obfuscated.
• Login notifications, pam_exec scripting – stalkr.net
  If you like monitoring, you might want to receive notifications at every (or only root) login, in addition to logs.
• All your drives are belong to us – fortinet.com
  A new Ransomware module was recently discovered by Fortiguard Labs. When a machine infected with this Ransomware is restarted, the user is greeted with the following boot screen.
• JavaScript Obfuscation of Metasploit Browser Exploits for AV bypass – grep8000.blogspot.com
  Bam. 0-day with AV bypass? Yeah, you’re on the pwnie express. :} Thanks to Will Metcalf for pointing me in the right direction!
• Windows PE Header – marcoramilli.blogspot.com
  Each executable file has a Common Object File Format COFF which is used from the OS loader to run the program. Windows Portable Executable (PE) is one of the COFF available in todays OS. For example the Executable Linking File (ELF) is the main Linux COFF.
• Shearing FireSheep with the Cloud – stratumsecurity.com
  Enjoy surfing open wireless networks or hostile wired network securely!
• Internal Port Scanning via Crystal Reports – spl0it.wordpress.com
  This is faster than using BeEF’s JavaScript internal portscanning functionality and it doesn’t require client interaction. Pwn dem v0hns!

Vulnerabilities:

• Exploit Code Out For New Windows Kernel Flaw – threatpost.com
  The new Windows kernel bug is considered a critical vulnerability, even though it can’t be exploited remotely, thanks to the fact that an attacker could use it gain powerful credentials on a compromised system and take complete control of the machine.

Vendor/Software Patches:

• New Tool Patches Offline VMs – darkreading.com
  Nuwa, named after the Chinese goddess who patched a hole in the sky, aims to fix cloud computing security hole.

Other News:

• Savannah.gnu.org hacked and currently offline – sucuri.net
  There’s been a SQL injection leading to leaking of encrypted account passwords, some of them discovered by brute-force attack, leading in turn to project membership access.
• Calling all security researchers! Submit your new 2010 Web Hacking Techniques – jeremiahgrossman.blogspot.com
  To keep track of all these discoveries and encourage information sharing, the Top Web Hacking Techniques acts as both a centralized knowledge base and a way to recognize researchers who contribute excellent work.
• FBI Identifies Russian ‘Mega-D’ Spam Kingpin – krebsonsecurity.com
  Federal investigators have identified a 23-year-old Russian man as the mastermind behind the notorious “Mega-D” botnet, a network of spam-spewing PCs that once accounted for roughly a third of all spam sent worldwide.
• Attack of the Trojan printers – infoworld.com
  Enterprising security testers dress rogue access points up as common office hardware to gain inside access to networks.
• Spyware threat invades BlackBerry App World – globalthreatcenter.com
  In summary, threats posed by mobile applications exist –even if an application is hosted by Apple’s App Store or RIM’s App World both known for vetting submitted applications to ensure that the applications meet guidelines.
• U.S. Sees 93.7% Drop in Data Breaches from 2009 to 2010 – imperva.com
  An analysis that used data from the Privacy Clearinghouse, a public database that records all breaches of U.S. citizens’ personal and sensitive information, showed 230M data records taken in 2009 and 13M taken in 2010.
• Simulation Testing and the EICAR test file – eset.com
  At the EICAR 2010 conference in Paris, an interesting student paper was presented that used the EICAR file to make some points about the ways in which AV software works (or is presumed to work).
• History Sniffing: How YouPorn Checks What Other Porn Sites You’ve Visited and Ad Networks Test The Quality of Their Data – forbes.com
  When a visitor surfs into the YouPorn homepage, a script running on the website checks to see what other porn sites that person has been to.
• BlackBerry wins U.S. government security approval – cnet.com
  RIM announced today that its BlackBerry 6 operating system is now FIPS 140-2 certified.