[Kevin Bong] came up with the idea to use a Wifi router as a bridge to test a wired network’s security remotely. He grabbed a TP-Link TL-WR703N router, a low-profile thumb drive, and a cellphone backup battery; all cheaply available products.
Sandia Labs Offers DNSSEC Tool – darkreading.com
A Sandia National Laboratories computer scientist has developed a free visualization tool to help the federal government and other organizations with their Domain Name System Security (DNSSEC) implementations.
- Old Meets New: Microsoft Windows SafeSEH Incompatibility – accuvant.com
In recent years, Microsoft has made great strides to improve product security. This momentum can be seen clearly in their investments in security-focused processes, development, and research. The release of anti-exploitation features such as DEP, ASLR, Stack Cookies and SafeSEH are products of their commitment to security.
- Show Me Your SSID’s, I’ll Tell Who You Are – blog.rootshell.be
The idea of this article came from a colleague of mine. He wrote a first version of the script described below. I found it very useful and asked his permission to re-use it and to write this blog article. Thanks to him! In the mean time, during my researches, I also found that a friend, Didier Stevens, published on his blog the same kind of script but for an AirCap adapter. Mine uses any adapter capable to be switched to “monitor” mode.
- Introducing Shazzer: A Shared online fuzzer – thespanner.co.uk
I lost inspiration for coding a while ago and had this idea I was sitting on for a while, I’m often stuck at the design stage before I write a line of code and I will refuse to continue without a clear picture in my head on how an app is going to work. After the Christmas break I got my inspiration back and started to formulate pretty quickly how Shazzer might work.
- Hacking MS Access For Fun and Profit – tdsne.blogspot.com
I spent a great many years of my early career making amazing things with MS Access databases and VBA. I’ve lost most of these skills nowadays, but I remember a lot about how things are constructed internally and how I used to go about securing things.
- How To Run Penetration Tests From The Amazon Cloud – Without Getting Into Trouble – community.rapid7.com
This is especially useful since several team members can use the same instance of Metasploit Pro in the cloud at the same time through Metasploit Pro’s web-based user interface, even if team members are working on different projects at the same time.
- Sanitize Input – carnal0wnage.attackresearch.com/2011/12/sanitize-input.html
When application security was still in it’s infancy, there were discussions on how to protect applications from newly discovered injection vulnerabilities. “Sanitize Input” was a popular solution that rolled off the tongue nicely and was not overly complicated to explain. It was also, a very generic solution that would (hopefully) be part of a more complete approach.
- Microsoft Security Bulletin January 2012
As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible.
- Wireshark 1.6.5 and 188.8.131.52 Released – wireshark.org
Wireshark 1.6.5 and 1.4.11 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.
- Typosquatting social web gains top Alexa ranking – community.websense.com
These are amazing results for fraudulent Web sites, as some of them rank even better than genuine big name portals. In this campaign, the fraudulent sites pretend to be from YouTube, and they try to lure you in by saying you have been selected to complete a survey for a chance to win a gift such as an iPhone 4S. Survey scams were very common in the past year, and were usually spread within social networks like Facebook or Twitter.
- Researchers Find Way To Sniff Corporate Email Via Blackberry Playbook – threatpost.com
Researchers and attackers have had no shortage of mobile platforms and devices to sink their teeth into in recent years, thanks to the explosion of iOS and Android phones and tablets in the consumer and enterprise markets. Now, the spotlight is slowly beginning to turn in the direction of RIM, and specifically its BlackBerry PlayBook tablet.
- Banks Coming Together To Fight Hackers, Prevent Attacks – threatpost.com
Major banks like Morgan Stanley, Goldman Sachs Group and Bank of America are putting together plans to help identify new security threats before they happen, according to a report from the Wall Street Journal this week.
- DiskCrypt Turns Any Laptop Storage Into A Self-Encrypted Drive – arstechnica.com
DiskCrypt takes a similar approach, providing firmware within the enclosure that performs pass-through encryption and decryption. It uses AES encryption, and has a NIST FIPS 140-2 level 1 certified cryptographic module—meaning that it has been certified by the feds for basic information security, but not for classified information, as it’s specifically single-user.
- Researchers Find Sykipot Trojan Variant For Hijacking DoD Smartcards – threatpost.com
The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against defense industrial base (DIB). The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in “dozens of attacks” and contain features that would allow remote attackers to steal smart card credentials and access sensitive information.