[part 3] – attackvector.org
I had come across a program that was specifically designed to upload/download/append/etc. files to a printer that supported PJL.
Man in the Middle Attack using Airbase-ng – attackvector.org
The first way is to configure Airbase to listen for SSID probes and answer, regardless of the SSID name.
Linux Vulnerability: sctp_process_unk_param & Scapy – attackvector.org
Simply put, the vulnerability stems from someone coding something that allows user input, but doesn’t do the proper sanity checks.
CDD.dll vulnerability: Difficult to exploit – technet.com
Subsequently, the same vulnerability was encountered by participants of a different third-party image viewer forum.
The wireless traffic of MIT students – ksplice.com
Traffic was gathered with tcpdump on my laptop as I sat in the middle of the classroom.
Burp Suite Tutorial – Scanner Tool – securityninja.co.uk
I’m going to be using the Damn Vulnerable Web Application again today to demonstrate the Scanner tool.
Fuzzing with Peach – nullthreat.net
What I have found in my short time using is that it might be the most useful fuzzer I have used to date.
Firewall fun with Scapy – attackvector.org
Essentially, a firewall inspects packet headers and compares it to its policies.
Testing Google Skipfish – h-online.com
A first impression of Google’s Skipfish scanner for web applications.
ENG + + (MS02-056) versus SNORT (SID: 11 264) – fnstenv.blogspot.com
Today, a day after The Sheriff You Sh0t 4.0, we finally publish this video in this humble blog SDI.
- New Tool Highlights Facebook Users’ Disregard for Privacy – readwriteweb.com
The engine parses the data Facebook users have made public and allows it to be searchable outside the social network.
- Browser fingerprinting
Some new research compiled by the EFF reveals your public browser data can be used to track your surfing habits.
- Strengthening the Security Cooperation Program – technet.com
We here at Microsoft understand that most governments are placed in unique positions when it comes to dealing with vulnerabilities within technologies.
- Modern car data systems lack security – hackaday.com
They’ve even found a way to write malicious code to the car’s computer which can be programmed to erase itself in the event of a crash.
- U.S. Air Force gets 3,000 new ‘cyberspace officer – engadget.com
That new title also comes complete with the impressive-looking badge pictured above, not to mention a full 115 days of additional training that promises to “raise the bar on technical competency.”
- Card selling marketplace hacked, forum database spread far and wide
Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked.
- Stolen web histories
A study of 243,068 users found that 76% of them were vulnerable to history detection by malicious websites.
- FTC takes out notorious porn- and botnet-spewing ISP – networkworld.com
The Federal Trade Commission today got a judge to effectively kill off the Internet Service Provider 3FN who the agency said specialized in spam, porn, botnets, phishing and all manner of malicious Web content.
- Symantec To Buy VeriSign’s Authentication Business For $1.28 Billion – darkreading.com
VeriSign will refocus business on Internet infrastructure, naming services.
- Survey Shows Most Flaws Sold For $5,000 Or Less – threatpost.com
The survey asked researchers who have sold vulnerabilities to the public buyers as well as through private sales to rate the buyers on their trustworthiness, how quickly they paid, how much they paid and several other criteria.
- Security engineering: broken promises – zdnet.com
For several decades, we have in essence completely failed to come up with even the most rudimentary, usable frameworks for understanding and assessing the security of modern software.
- AusCERT USB giveaways goes viral, and not in a good way
Malware was spread by vendors given by vendors but fortunately they were easily defeatable.
- Office Security Engineering: BlueHat v9 Presentation – technet.com
We don’t want a single bug in our parsing code to allow arbitrary code to harm a customer’s machine by doing things like installing a rootkit.
- WARNING: Facebook Clickjacking Attack Spreading Through News Feed – mashable.com
Update: the domain from which the attack originates, fbhole.com, is now offline, which means the attack is over.
- Malware on Hijacked Subdomains. New Trend? – unmaskparasites.com
The attack creates/modifies .htaccess files to redirect site visitors that come from major search engines and popular websites to scareware sites that aggressively push fake anti-virus software.