Events Related:
- Notacon 2009 video files now online! – notacon.org
Available in bittorrent and direct download flavors - Highlights of Xcon 2009 – trustedsource.org
A rundown of what happened in the recent Chinese security event.
Resources:
- Security Acts Magazine Issue 1 Released – security-database.com
An ad-supported, free online magazine targeting IT security professionals - SHODAN makes searching weak servers and sites easier, also available as a Firefox extension
Ethical considerations aside, this free service makes for an easy testing tool for finding vulnerable targets.- SHODAN search engine – shodan.surtri.com
- You’ve been SHODAN’d – praetorianprefect.com
- (Updated) SHODAN – Computer Search Engine Released – security-database.com
Tools:
- Metaspoit 3.3 Released! Exploitation Framework – darknet.org.uk
A new version of Metaspoit brings more modules, fewer bugs and more. - Nmap 5.10 beta 1 Released – security-database.com
Nmap is a free open source utility for network exploration or security auditing. - Why You Need Echo Mirage – pauldotcom.com
A look at obfuscation and Echo Mirage - Graudit v1.4 Released – security-database.com
Graudit is a simple script and signature set that allows you to find potential security flaws in source code using the GNU utility grep. - Websecurify v0.4 Released – security-database.com
An update to this security testing framework includes a better UI, rewritten task engine, among others - IGhashGPU – Cracking Oracle Passwords with 790 Million Passwords/second – red-database-security.com
Ivan Golubev’s super fast password cracker gets an update, includes Oracle 11g hases. - Racket 1.0.6 Released – spoofed.org
Racket is a Ruby Gem used for reading, writing and handling raw packets in an intuitive manner.
Techniques:
- Man-in-the-Middle Attacks against the chipTAM comfort Online Banking System – blogs.23.nu/RedTeam
- English Paper about Man-in-the-Middle Attacks against chipTAN Online – blogs.23.nu/RedTeam
Information about the attacks developed against chipTAN comfort. - Analysis of 10k Hotmail Passwords Part 5: Markov Model Showdown – reusablesec.blogspot.com
Incremental and markov modes applied on a password data set - Attacking MSSQL with Metasploit – darkoperator.com
Some analysis on how to extract info from a Microsoft SQL Server using the popular tool. - Injection attacks, it’s not just SQL! – securityninja.co.uk
A look into XPath injection and how it is used with XML files. - RSS09:Web Application Firewall Bypasses and PHP Exploits – suspekt.org
- Shocking News in PHP Exploitation – suspekt.org
A quick summary on unserializing Zend Framework input can lead to remote PHP code execution - [V13P] Target analyser – portswigger.net
A guide to using Burp’s web application analysis function.- Creating Ghost Services with Single Packet Authorization – cipherdyne.org
An illustration regarding using spaclient to access sshd.Vulnerabilities:
- Climategate hack used open proxies – erratasec.blogspot.com
The hacker used an open proxy to hide his origin but might give clue to his/her identity. - IE vulnerability revealed
A hacker posted an attack code to the Bugtraq mailing list last Friday that could break into a PC running older versions of Microsoft’s Internet Explorer browser.- Microsoft Security Advisory 977981 Released – technet.com
- Attack Code Posted for Internet Explorer – absolute.com
- Sexy girl pics used in Facebook clickjacking scam
Facebook worm uses a cross-site request forgery attack to spread via the victim’s wall posting.- New Facebook worm uses sexy model to get guys to click da’ button – techtarget.com
- Facebookers hit with steamy clickjacking exploit. – theregister.co.uk
- Metasploit releases IE attack, but it’s unreliable – networkworld.com
The code exploits an Internet Explorer bug that was disclosed last Friday as a proof-of-concept attack.
Other News:
- Symantec Online Store Hacked – softpedia.com
A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. - Man Pleads Guilty to Selling Fake Chips to US Navy – itworld.com
Felahy, who owns a microchip brokerage company, pleaded guilty to conspiracy and conterfeit-goods traficking. - US Air Force Buying Another 2,200 PS3s – slashdot.org
The purchase will go to a network cluster for radar processing, video processing and neuromorphic computing. - 24 of Top 100 HTTPS Sites Now Safe From TLS Renegotiation Attacks – djtechnocrat.blogspot.com
Several banks and commerce companies are still vulnerable to man-in-the-middle attacks though. - Microsoft Releases Password Attack Data, Captured from FTP Honeypot – djtechnocrat.blogspot.com
The data is part of a project to monitor attacks that everyday users might encounter on a regular basis.
- Creating Ghost Services with Single Packet Authorization – cipherdyne.org
Leave A Comment