Week 24 in Review – 2009

Tools:

• CANVAS 6.47
  • Includes the VMware 6.5.0/6.5.1 workstation/player breakout “cloudburst” vulnerability
  • Not free, but certainly should be in a penetration testers bag of goodies
• DVWA – Damn Vulnerable Web App
  • A PHP/MySQL web application that is vulnerable to be used for learning the art of web application security.
  • Author’s blog is ethicalhack3r.co.uk
• KeyKeriki
  • Open source wireless keyboard sniffer
  • Video of KeyKeriki in use – vimeo

Vulnerabilities:

• Microsoft Patch Tuesday – June
  • 10 patches, and many of them addressing remote code execution vulnerabilities!
• phpMyAdmin remote code execution – gnucitizen.org

Other News:

• Malware found on ATMs running Windows XP
  • Cybercriminals refine data-sniffing software for ATM fraud – networkworld.com
  • Cybercriminals Refine ATM Data-Sniffing Software – slashdot.org
• EFF’s terms-of-service tracker – TOSBack
• Jeff Moss joins DHS Advisory Council
  • Hacker ‘Dark Tangent’ Joins DHS Advisory Council – wired.com
  • Obama Administration Adds Renowned Hacker to Homeland Security Advisory Council – gizmodo.com.au