Week 13 In Review – 2011

/, Security Vulnerabilities/Week 13 In Review – 2011


  • Weaponizing doz.me: Improved HTML5 DDOS – spareclockcycles.org
    Beyond making the backend code a little bit less of a disaster than it was originally, I have also made the attack itself significantly more effective.
  • Location of Forensice Evidence in the Registry – travisaltman.com
    I got tired of always searching online for the location of something in the windows registry, especially when it came to forensic analysis.
  • Building A Better CA Infrastructure – freedom-to-tinker.com
    As several Tor project authors, Ben Adida and many others have written, our certificate authority infrastructure has the flaw that any one CA, anywhere on the planet, can issue a certificate for any web site, anywhere else on the planet.
  • HAKING Magazine Issue 4/2011 – professionalsecuritytesters.org
    In order to download the magazine you need to sign up to our newsletter. After clicking the “Download” button, you will be asked to provide your email address.
  • New NIST Cloud Computing Reference Architecture – rationalsurvivability.com
    In case you weren’t aware, NIST has a WIKI for collaboration on Cloud Computing.
  • Enabling Browser Security In Web Applications – michael-coates.blogspot.com
    These security properties enable the browser to impose additional security controls on items such as cookie handling, framing, and even the processing of JavaScript.
  • How To Learn The IT Skills Of A Security Professional – resources.infosecinstitute.com
    There are two general routes to gaining this knowledge. For some, it works better if they just take some classes to get started. Others just Google what they want to learn and teach themselves.
  • IBM X-Force 2010 Trend Report Launched – blogs.iss.net
    On Thursday we released our latest IBM X-Force 2010 Trend and Risk Report. As a part of this release we wanted to share a bit more insight into several areas that we think are fascinating.



  • Hatkit Proxy
    The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed.

  • Malware Analysis for Idiots – zonbi.org
    People that know me know I have a rather strange fetish for malware.
  • CRC-32 forging – blog.stalkr.net
    You may already know that the CRC-32 of any text can be forged if you can add 4 bytes anywhere in the text. See anarchriz’s paper on the subject.
  • NBNS Spoofing on your way to World Domination – packetstan.com
    We discussed our paths of least resistance for internal tests, and I mentioned that my favorite are the attacks based on spoofing NetBIOS Name Service (NBNS) Responses.
  • Improving SSL Certificate Security – googleonlinesecurity.blogspot.com
    Given the current interest it seems like a good time to talk about two projects in which Google is engaged.


Other News

  • Hacking A Freemium iOS App – reverse.put.as
    The iPad is a great product but it’s full of spyware and that sucks big time. One might argue that it’s not spyware, it’s just sending bits of information.
  • Microsoft Hunting Rustock Controllers – krebsonsecurity.com
    Earlier this month, Microsoft crippled Rustock by convincing a court to let it seize dozens of Rustock control servers that were scattered among several U.S.-based hosting providers.
  • Joanna Ruskowska Reveals Her Process For Security Research – resources.infosecinstitute.com
    In our ongoing series of interviews, Joanna Rutkowska answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work she does.
  • Android Malware Against Software Piracy – nakedsecurity.sophos.com
    The success of the Android platform is obvious from the number of applications, now over 300000, now available from the Android Market.

2017-03-12T17:39:58-07:00 April 4th, 2011|Security Tools, Security Vulnerabilities|0 Comments

Leave A Comment