Week 49 in Review – 2012

Event Related

  • SANS
  • Clubhack 2012: Hacking and Securing iOS applications – securitylearn.net
    The presentation illustrates several types of iOS app attacks like runtime manipulation, custom code injection, SSL session hijacking and forensic data leakage.
  • Speaker Presentations – hackerhalted.com
    Check out the links for the Speaker Presentation.
  • SAP Slapping (DeepSec) – mwrinfosecurity.com
    Dave Hartley recently presented “SAP Slapping” at the DeepSec security conferences. The talk provides a high level overview of common SAP system vulnerabilities and misconfigurations. Dave also demoed a number of the Metasploit auxiliary and exploit modules that were developed whilst researching SAP insecurities.
  • A CouNtry’s Honerable n3twork deviCes – slideshare.net
    A discussion on the weaknesses of SNMP and the password cipher used in Huawei and HP/H3C devices. Presented at BayThreat 3 (2012) on December 7, 2012.


  • Tectia SSH USERAUTH Change Request Password Reset Vulnerability – exploit-db.com
    This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use.
  • SE-2012-01 – Details – security-explorations.com
    This page presents details of security vulnerabilities and attack techniques discovered as a result of our Java SE security research project.


  • SecurityStreet: Unsupported Browser – community.rapid7.com
    You can now get a better handle on your organization’s exposure to phishing attacks: Metasploit Pro now gives you quick insight on risks and advice on how to reduce them. With today’s new release version 4.5, Metasploit Pro’s social engineering features are no longer just for penetration testers but add a lot of value for more generalist security professionals.


  • Proxmark 3, now with more Android – blog.spiderlabs.com
    It’s no secret; I’m a fan of the Proxmark 3 RFID testing board. It’s a device straight out of the movies; copy someone’s badge, change modes, replay their badge ID, Bam. Door opens, in we go. You may have seen the blog I wrote in September, “Getting in with the Proxmark 3 and ProxBrute”. If not, check it out. Proxmark 3’s “stand alone” mode is particularly awesome, allowing completely autonomous operation of the Proxmark 3 without the need for a computer. This mode allows the Proxmark to copy and replay up to two RFID tag IDs without the added bulk…
  • Soldier of Fortran Sniffing IBM Mainframe Passwords using MitM – mainframed767.tumblr.com
    Sniffing IBM Mainframe Passwords using MitM Not too long ago I was on an engagement looking at mainframes and it got me thinking about how difficult it would be sniff logon credentials.

Vendor/Software Patches


  • What would Trinity do with Kingcope’s SSH 0day? – community.rapid7.com
    Today, I’d like to inform you that there is a Tectia SSH 0day vulnerability discovered by security researcher “Kingcope”… or really, we suspect his real name is Mr. Thomas Anderson.

Other News

  • DARPA Seeks Revolution, Not Evolution, in Cyberspace Capabilities – threatpost.com
    Defense Advanced Research Projects Agency (DARPA), the avant-garde research and development arm of the Department of Defense – perhaps best known for its central role in the development of the Internet – is soliciting for research proposals that would help the military improve its cyber battlespace capabilities such that they match the DoD’s existing superiority in the other domains of war.
  • Blogger Jailed After Password-Hacking Ecuador’s President – wired.com
    An Ecuadorian blogger who documented a security hole that allowed him to register in Ecuador’s national online identity database system as the nation’s president was arrested on Friday, before being released today following an intervention by President Rafael Correa himself.
  • On Sophistication – carnal0wnage.attackresearch.com
    Having played both the attacker and defender role for many years something I have often seen and even done myself is make statements and assumptions about the “sophistication” of my adversary.
  • Update: New 25 GPU Monster Devours Passwords In Seconds – securityledger.com
    Editor’s note: I’ve updated the article with some new (and in some cases) clarifying detail from Jeremi. I’ve left changes in where they were made. The biggest changes: 1) an updated link to slides 2) clarifying that VCL refers to Virtual OpenCL and 3) that the quote regarding 14char passwords falling in 6 minutes was for LM encrypted – not NTLM encrypted passwords. Long (8 char) NTLM passwords would take much longer…around 5.5 hours. – Paul
  • No warrant, no problem: How the government can still get your digital data – arstechnica.com
    The US government isn’t allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI, to snoop on the digital trails you create every day.

Leave A Comment