Here are the information security events in North America this month: ToorCamp 2009 - July 2–5 in Washington Symposium On Usable Privacy and Security 2009 – July 15-17 in California Black Hat USA 2009 – July 29-30 in Nevada DEFCON 17 – July 31-Aug 2 in Nevada And here are the information security events in [...]
Events Related: Shakacon 2008 presentations are now online ATM presentation scheduled at Black Hat USA canceled Wired – ATM Vendor Halts Research’s Talk on Vulnerability SearchSecurity – Juniper pulls ATM hacking presentation from Black Hat
Tools: BackTrack 4 pre-final released Official announcement from Offensive-Security BackTrack 4 Pre Final download link Vulns: HTTP Server DoS A technique to consume all the open HTTP sockets available and keep them open, to create a DoS like environment. But with less packets! Slowloris HTTP DoS – ha.ckers.org Apache HTTP DoS tool released – isc.sans.org [...]
Tools: CANVAS 6.47 Includes the VMware 6.5.0/6.5.1 workstation/player breakout “cloudburst” vulnerability Not free, but certainly should be in a penetration testers bag of goodies DVWA – Damn Vulnerable Web App A PHP/MySQL web application that is vulnerable to be used for learning the art of web application security. Author’s blog is ethicalhack3r.co.uk KeyKeriki Open source [...]
Here are the information security events in North America this month: Techno Security Conference 2009 – May 31-June 3 in South Carolina Shakacon III – June 11-12 in Hawaii Sharkfest ‘09 – June 15-18 in California This seems like a slow month for events, but get some rest now as next month has a ton [...]
Tools: Metasploit inside a word file – ithaven.blogspot.com Vulnerabilities: FFSpy – Firefox Malware PoC Debian OpenSSH 4.7 encryption flawed Flaw in encryption armor discovered – cnet.com Chink in encryption armor discovered – zdnet.com ntpd autokey stack buffer overflow – cert.org Other News: Adobe patch Tuesday approach Adobe Adopts Microsoft’s Patch Tuesday Approach – washingtonpost.com Adobe [...]
Tools: nmap 4.85BETA9 – nmap.org Vulnerabilities: IIS 6.0 webdav authentication bypass Microsoft Security Advisory 971492 – microsoft.com Bypassing Remote WebDav Auth IIS 6.0 – g0thacked.wordpress.com Other News: Secret questions are too easily guessed Are Your "Secret Questions" Too Easily Answered? – technologyreview.com Study Shows "Secret Questions" Are Too Easily Guessed – slashdot.org Gumblar malware Gumblar [...]
Tools: PSHToolkit offset fix for use on Windows XP SP3+latest patches – hexale.blogspot.com TrueCrypt 6.2 – truecrypt.org Moth – VMware image with various vulnerable applications – bonsai-sec.com Other News: UC Berkeley computers hacked – 97,000 SSNs and other info stolen – cnet.com Explosion of BlackBerry trading in Nigeria – darknet.org.uk
Tools: Dranzer ActiveX Fuzzer Watcher – Passive web security analysis tool (fiddler plugin) Pangolin – Very nice SQL injection tool Network Monitor 3.3 – Microsoft’s wireshark equivalent CAIN 4.9.30 – Now with SSL MITM support Vulnerabilities: Oracle TNS listener 10.2.0.3 and 11.1.0 Other News: F-Secure malware course - noppa.tkk.fi Hijacking US military satellites for communication [...]
Here are the information security events in North America this month: ChicagoCon 2009 – May 8-9 in Chicago CSI CX – May 17-21 in Nevada IEEE Security and Privacy Symposium – May 17-20 in California Web 2.0 Security and Privacy 2009 – May 21 in California LayerOne 2009 – May 23-24 in California Techno Security [...]