Resources:
- ENISA clears the fog on cloud computing security – enisa.europa.eu
The European security agency identifies security issues and benefits of moving to the cloud as well as 35 key security risks. - Review of Professional Penetration Testing Posted – taosecurity.blogspot.com
The vast majority of this book is about non-technical aspects of pen testing. - Announcing vSphere 4.0 Hardening Guide Public Draft Release – vmware.com
VMware releases a guide on how to increase security in their virtual machine products. - Episode #79: A Sort of List – commandlinekungfu.com
A blog dedicated to command line kung fu.
Tools:
- OWASP Code Crawler – codecrawler.codeplex.com
The aim of the tool is to accompany the OWASP Code review Guide and to implement a code review solution for “everyone”. - Wireshark 1.2.6 and 1.0.11 Released – wireshark.org
The update includes ‘matches’ filtering, GeoIP location, and others. - Release of Groundspeed 1.1 – groundspeed.wobot.org
Groundspeed allows you to modify the forms and form elements loaded in the page. - XSS, SQL Injection and Fuzzing Barcode Cheat Sheet – irongeek.com
A set of barcodes used for system attacks. - SecuBat Vulnerability Scanner – secubat.codeplex.com
SecuBat is a generic and modular web vulnerability scanner that aims to find exploitable SQL injection and XSS vulnerabilities. - Large List of RFIs (1000+) – ha.ckers.org
A ‘mess load’ of remote file include attacks
Techniques:
- Micro PHP LFI Backdoor – ha.ckers.org
LFI attacks use PHP to pull a file locally and run it to execute and exploit. - Two methodologies for physical penetration testing using social engineering – eemcs.utwente.nl
These methodologies aim to reduce the impact of the penetration test on a company’s employees. - Weathering the Storm Part 2: A Day of Weblogs at the Internet Storm Center – sans.org
A quick look at remote file inclusion (RFI) - Metasploit getsystem command – carnal0wnage.attackresearch.com
Some code using this command gets posted. - Pauldotcom 1-28 Technical Segment – Here’s what you missed! – pauldotcom.com
Carlos Perez demonstrated a new Metasploit java signed applet exploit. - Privilege escalation on Windows hotness – bernardodamele.blogspot.com
Several techniques to elevate Windows privileges are discussed. - A checklist approach to security code reviews, part 5 – securityninja.co.uk
The final installment in this series will be about Session Management and Secure Resource Access vulnerabilities. - Quickpost: Shellcode to Load a DLL From Memory – didierstevens.com
The author developed shellcode to load a DLL, not with LoadLibrary, but directly from memory. - More Analysis of the Rockyou Password List – Strong Passwords – reuseablesec.blogspot.com
A few more thoughts on the RockYou debacle and the revealed passwords
Other News:
- More Aurora new bytes
- “Aurora” exploit code: from Targeted Attacks to Mass Infection – eset.com
Antivirus company ESET detected more than 650 different versions of this exploit code. - ‘Aurora’ code circulated for years on English sites – theregister.co.uk
Google’s claim that the attack on them originated from China is called into question.
- “Aurora” exploit code: from Targeted Attacks to Mass Infection – eset.com
- Pick Locks Like a Pro – onlineeducation.net
How to break a combination lock code in 5 minutes. For informational purposes only! - Book examines how U.S. mobsters, Russian gangsters have rampaged across the Internet – networkworld.com
Author Joseph Menn writes about how US and Russian criminals exploited the Internet over the past decade. - Help EFF Research Web Browser Tracking – eff.org
The Electronic Frontier Foundation releases a new tool to check your browser uniqueness on the Internet. - How the PS3 hypervisor was hacked – root.org
An analysis of George Hotz’s technique in ‘unlocking’ the PS3 - How Cyber War is Heating Up – hplusmagazine.com
A look into the efforts of the US military to counter the looming threats on national cyber security. - 3D Secure online payment system not secure, researchers say – pcworld.idg.com.au
A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems. - Benevolent hackers poke holes in e-banking – newscientist.com
A group from the Ruhr University developed a quick and straightforward method to alter the credit stored on some types of debit cards. - Parallel Algorithm Leads to Crypto Breakthrough – ddj.com
Massively parallel algorithm iteratively decrypts fixed-size blocks of data - FBI arrests alleged cable modem hacker – computerworld.com
If convicted, he could face up to 20 years in prison for each charge, and a $250,000 fine.
Leave A Comment