, a prioritized backlog  and a structured development process we follow to deliver new features and fixing bugs.
SSLTest: A SSL Security Testing Tool! – pentestit.com
SSLTest is an open source Perl script that is based off another similar tool – Cryptonark.
ZigBee ACL – digitalbond.com
One bug with the fixed MAC address utility that occurs after approximately 20 association packets are sent is a ‘Semantical Error’.
toolsmith: Confessor & Mole for IR & security analysis – holisticinfosec.blogspot.com
We find these tools incredibly useful and are very pleased to be able to release them for public consumption as freely available and open source.
NessusDB v1.0 Release – hammackj.com
The report templates are very extendable and generate as PDF’s.
The Social-Engineer Toolkit v1.0 “Devolution” Release – secmaniac.com
This version adds several key components including new attack vectors, a web GUI interface, a way to automate SET behavior, and a slew of bug fixes.
- Adobe XML Injection Metasploit Module – carnal0wnage.attackresearch.com/
So against a patched host or someone that has disabled the service in ColdFusion you’ll see one of two things; either 404’s for the checks or 200 for /flex2gateway/ and 500 for the http or https check.
- Attacking Cisco Router over TCL – sectechno.com
When you first log to Cisco router you are in user EXEC mode (level 1) from this mode you can have just some information such as interfaces status, view routes in the routing table.
- Statistics Don’t Lie… Or Do They? – tllod.com
What particularly stands out about the EFTPS exploit toolkit is their admin interface.
- Heads up… 0-day in an exploit kit – avg.com
It’s fairly well known (well, well-known if you’re a security geek) that CVE-2010-3962 is in the Wild, but over the last couple of days, we’ve begun detecting it in the Eleonore Exploit Kit.
- Flash Update Plugs 18 Security Holes – krebsonsecurity.com
The new version is available from this link, but be aware that if you accept all of the default settings, the update may include additional software, such as a toolbar or anti-virus scanner.
- Read ‘Em All: Pentagon’s 193 Mind-Numbing Cybersecurity Regs – wired.com
Developed by the DASD CIIA (that’s the Deputy Assistant Secretary of Defense for Cyber, Identity & Information Assurance), the goal of the chart is to “capture the tremendous breadth of applicable policies, some of which many IA practitioners may not even be aware, in a helpful organizational scheme.”
- Online services security report card – digitalsociety.org
Even though the vulnerability and easy exploitation online services have been well known since 2007, the lack of mainstream tech media coverage has allowed the online industry to sweep the problem under the rug for the past 3 years.
- More Firesheep news
Some discussions on the ethics, underlying exploits and legality of the recent Firefox add-on
- Metasploit and SCADA exploits: dawn of a new era? – zdnet.com
Often, there is no security point-of-contact at the vendor. Even worse, the technical support who are contacted by the security researcher often do not understand the technical and security implications of the issue reported.
- Gaping holes in Bank Apps found, plugged
The central problem is that the apps, which run on Apple Inc.’s iPhone and Android-based devices from Google Inc., are storing a user’s information in the memory of a cellphone, a basic lapse that the security researcher who found the flaws said could allow a cybercriminal to access a person’s financial accounts.