Events Related:
- CERIAS Symposium Posts
- Opening Keynote: Mike McConnell (Symposium Summary) – cerias.purdue.edu
- Morning Keynote Address: DHS Undersecretary Rand Beers (Symposium Summary) – cerias.purdue.edu
- CERIAS Seminar Presentation: David Bell (Symposium Summary) – cerias.purdue.edu
- Panel #1: Visualization of Security (Symposium Summary) – cerias.purdue.edu
- Panel #2: Infosec Ethics (Symposium Summary) – cerias.purdue.edu
- Panel #3: The Evolution of Research Funding and Projects (Symposium Summary) – cerias.purdue.edu
- Fireside Chat (Symposium Summary) – cerias.purdue.edu
- Registration Opens for Annual High Tech Crimes Training Conference – forensicfocus.com
Investigators of high-tech crimes are invited to register for the HTCIA’s annual conference being held in Atlanta (GA) from September 20-22, 2010. - SANS Security 508 – cutawaysecurity.com
A recent review on a SANS training session.
Resources:
- The First Steps to a Career in Information Security – erratasec.blogspot.com
Things you should be doing now to prepare for an exciting career in information security. - WhatApp? – whatapp.org
Online and mobile apps reviewed for privacy, openness, and security. - ITB 0x1 is out! – windowsir.blogspot.com
This issue has an article on plist files, and a write-up on Don’s review of the Super Drivelock. - (IN)SECURE Magazine Issue 25 Released – net-security.org
(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. - CWE/SANS Top 25 List updated to V1.0.3 – mitre.org
The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. - Help Your Laptop to Survive a Security Conference – rootshell.be
It’s never too late to review and apply some basic rules. - Building the Foundation for Successful Password Self-Service: Part 1 – securitycatalyst.com
Password self-service is identity management functionality that enables end-users to reset their own password should they forget it. - Ejection Seats, Cooking Dinner, and Vuln Disclosure – attrition.org
A rant about life as an infosec professional.
Tools:
- MoonSols Windows Memory Toolkit – moonsols.com
MoonSols Windows Memory Toolkit is the most advanced toolkit for Windows physical memory snapshot management. - Netsparker Community Edition – mavitunasecurity.com
Netsparker Community Edition is False Positive Free and can detect both SQL Injection and Cross-site Scripting issues better than many other scanners. - SFX-SQLi V1.1.3.2 – kachakil.com
SFX-SQLi (Select For XML SQL injection) allows you to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way. - TCPDump v4.1.1 – tcpdump.org
Tcpdump is a common computer network debugging tool that runs under the command line. - Libpcap v1.1.1 – tcpdump.org
Changes include a fix build on RHEL5 and shared library fix build on AIX, among others. - Malware Check Tool v1.0 – mertsarica.com
It calculates the md5 hash of a specified file and searches it in its current hash set (offline) or on virustotal site (online) and show the result. - FreeSentral IP PBX LiveCD v1.0 – freesentral.com
FreeSentral is a full IP PBX consisting of a Linux Distribution, an IP PBX and a Web Graphical User Interface for easy configuration. - PyLoris v3.0 – sourceforge.net/projects/pyloris
PyLoris is a tool for testing a web server’s vulnerability to a particular class of Denial of Service (DoS) attacks. - Introducing mitmproxy: an interactive man-in-the-middle proxy – corte.si
It’s aimed at software developers and penetration testers, who need to intensively tamper with and monitor HTTP traffic. - Scapy – freshmeat.net
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. - StreamArmor – Discover & Remove Alternate Data Streams (ADS) – darknet.org.uk
StreamArmor is a tool for discovering hidden alternate data streams (ADS) and can also clean them completely from the system. - Peach Fuzzer Framework v2.3.4 – peachfuzzer.com
Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing. - PVEFindAddr v1.30 – corelan.be
PVEFindAddr is a PyCommand (plugin) for Immunity Debugger.
Techniques:
- Penetration Testing: Learn Assembly? – metasploit.com
Should a good penetration tester know assembly? - Update: Escape From PDF – didierstevens.com
The interesting thing about this fix is that it breaks my Foxit PoC, but that the Adobe PoC works for Foxit now! - Environment variable editor – hexblog.com
We are going to write an IDAPython script that allows us to add, edit or delete environment variables in a running process directly. - Bitlocker/Truecrypt Decryption Tool – mcafee.com
This is, to my knowledge, the first commercial implementation (or should that be exploitation?) of the Firewire memory attack. - PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit – offensive-security.com
This code should exploit a buffer overflow in the str_transliterate() function to call WinExec and execute CALC. - More on SANS’ Top 25 Series
- Matt’s Primer for PDF Analysis – vrt-sourcefire.blogspot.com
I thought it might be useful to share some of what we’re seeing come in our data feeds, and what you should look for when reviewing PDF files. - Network Time Protocol (NTP) Fun – carnal0wnage.attackresearch.com
HD Moore released a new auxiliary module a few days ago that went along with his NTP research he has been doing. - OWASP AIR + Flash Security Projects – owasp.blogspot.com
To help reduce vulnerabilities, the AIR runtime restricts sensitive APIs and implements secure defaults. - Some presentations you might be interested in – dragos.com/csw10/
A server chock-full of nice presentations from various events. - PDFs Exploitable?!? I’m shocked… – eset.com
What happens when flawed functionality of Acrobat PDF file format leaves the door wide open…? - MalaRIA Malicious RIA Proxy – ha.ckers.org
The tool uses weak crossdomain.xml and clientaccesspolicy.xml (so both Flash and Silverlight) to allow a piece of code that resides on his server to use the client’s machine as a proxy. - Researcher Details New Class Of Cross-Site Scripting Attack – darkreading.com
‘Meta-Information XSS’ exploits commonly used network administration utilities - Cryptanalysis of the DECT – schneier.com
The DECT Standard Cipher (DSC) is a proprietary 64-bit stream cipher based on irregularly clocked LFSRs and a non-linear output combiner. - Determine Windows version from offline image – skullsecurity.org
I am not a forensics expert, nor do I play one on TV. - Plugin Spotlight: SMB Insecurely Configured Service – tenablesecurity.com
A significant amount of testing is often required to ensure that you have the correct configuration settings, not just in terms of security, but also for system stability. - Jasager with BackTrack 4 Mind Map – mindcert.com
If you are new to Jasager be sure to read the original project pages to see what it can do. - Understanding *NIX File Linking (ln) – sans.org
The “ln” command is an important tool in any Unix admin’s arsenal and attackers use it too. - Capturing SSH V1 & V2 Credentials with a MitM ssh honeypot – pauldotcom.com
John Strand has put together an excellent video demonstrating how attackers can capture your SSH V1 and V2 passwords.
Vulnerabilities:
- CVE-2010-0806 Exploit in the Wild – zscaler.com
The vulnerability impacts Internet Explorer 6, 6 SP1, and 7 – a patch was made available by Microsoft in the MS10-018 security update last week. - Java security hole runs amuck on all Windows systems to date
A huge vulnerability has been found that affects all Windows versions with Java installed- Serious New Java Flaw Affects All Current Versions of Windows – threatpost.com
- Java exploit launches local Windows applications – h-online.com
- New bug/exploit for javaws – sans.org
- Typo3 allows remote command execution via PHP – h-online.com
Attackers can inject PHP code from an external server and execute it within the Typo3 context.
Vendor/Software Patches:
- Adobe doles out PDF hack workaround
The vendor is advising users to deactivate the “Allow opening of non-PDF file attachments with external applications” option.- Adobe suggests workaround for PDF embedded executable hack – zdnet.com
- Adobe issues official workaround for PDF vulnerability – h-online.com
- dbms_jvm_exp_perms 0day fixed on Windows 11gR2 – slaviks-blog.com
The 0day found by David Litchfield is now fixed in the newest Oracle 11.2.0.1 release for Windows. - Windows getting new patches
Another batch of fixes are coming around this Patch Tuesday, fixing 25 holes- MS Patch Tuesday Heads-up: 11 Bulletins, 25 Vulnerabilities – threatpost.com
- Microsoft finally to close the VBScript hole in Internet Explorer – h-online.com
- Pre-Notification – Quarterly Security Update for Adobe Reader and Acrobat – adobe.com
The updates will address critical security issues in the products. - Sun’s Solaris now getting quarterly security patches – computerworld.com
The update will include 16 security fixes for Sun products, including Solaris, Sun Cluster, Sun Convergence and the Sun Ray server software.
Other News:
- Security programs: Less compliance, more protection
Enterprises are spending huge amounts on compliance programs related to PCI-DSS, HIPAA and other regulations, but those funds may be misdirected.
- Security Programs Focusing Too Much on Compliance, Study Finds – threatpost.com
- Security driven by compliance, rather than protection – cnet.com
- Fighting back against toxic Facebook and iPhone app – itworld.com
The brains at Stanford Law School have come up a with a wiki that lets you speak your mind about iPhone, Facebook, and other apps. - Errata Security releases the results of the survey on secure coding practices – erratasec.blogspot.com
The survey found that Microsoft SDL was the most common security development lifecycle chosen. - Uncle Sam Wants You (To Fight Hackers) – businessweek.com
A cyberdefense competition at California State Polytechnic University in Pomona, Calif. drew about 65 students from Western colleges. - GhostNet is a cloud-based spy botnet
A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world- Vast Spy System Loots Computers in 103 Countries – nytimes.com
- GhostNet 2.0 espionage network uses cloud services – h-online.com
- Shadows In The Cloud – forbes.com
- Researchers expose complex cyber espionage network – zdnet.com
- The Battle Against Cyber Espionage 2.0 – paloaltonetworks.com
- Missing Firefox root authority found, confusion abounds
A root certificate in Firefox comes up having an unknown owner, but Mozilla is on a fix already.- Removing the RSA Security 1024 V3 Root – mozilla.com
- Orphan root certificate creates confusion – h-online.com
- Updated: Owner of Firefox’s mystery root authority is confirmed – zdnet.com
- Big phish catch: 70 cyber criminals caught.
DIICOT says that the raids were conducted in collaboration with the FBI and US Secret Service officers from the US Embassy in Bucharest.- Romanian police arrest 70 phishers and fraudsters – sophos.com
- 70 Romanian Phishers & Fraudsters Arrested – garwarner.blogspot.com
- Opinion: Conroy is right to question Google’s privacy record – itnews.com.au
Google gives the US Government access to Gmail, says iTnews’ editor. - From Cyber War: The Next Threat to National Security and What to Do About It – networkworld.com
Cyber war is not some victimless, clean, new kind of war that we should embrace. - Security Guru Richard Clarke Talks Cyberwar – forbes.com
The antiterrorism czar who foresaw 9/11 discusses Obama’s cybersecurity plans and North Korea. - Bank of America Employee Charged With Planting Malware on ATMs – wired.com
Rodney Reed Caverly, 37, was a member of the bank’s IT staff when he installed the malware. - A Chinese ISP momentarily hijacks the Internet (again) – computerworld.com
For the second time in two weeks, bad networking information spreading from China has disrupted the Internet. - Network Solution WordPress blogs infected with site-redirect hack
According to multiple postings on the WordPress user forum and other blogs, the attack doesn’t modify or create files, but rather appears to inject a Web address.- Hundreds of WordPress Blogs Hit by ‘Networkads.net’ Hack – krebsonsecurity.com
- Mass infection of WordPress blogs at Network Solutions – sucuri.net
- Adobe introduces automatic update for Reader – h-online.com
Adobe hopes that the new update function will mean fewer users running vulnerable versions of Reader. - Senate Bill 773: What it means for Cyber Security and Cybercrime – eset.com
The cybercriminals are faster and have shelter from litigation and arrest.
Leave A Comment