Last month the Black Hat folks had their annual Japan conference. There were a few overlapping talks from the Black Hat USA 2008 conference, but also new presentations from the locals. The presentations are now online at the Black Hat Japan 2008 archives, and direct links are below. Enjoy! Black Ops of DNS 2008: Its [...]
A critical update to Adobe Reader 8.1.2 and Acrobat 8.1.2 has been released to address a remote exploit vulnerability. Version 9 of these products are not vulnerable. The advisory from Core Security notes that there is a stack buffer overflow when parsing PDF files, and the flaw could be exploited if a user is tricked [...]
The presentations from Hack in the Box Malaysia are now online and available to download on the HITBSecConf2008 Malaysia Conference page. All the presentations are in one directory, so it is easy download them all with something like wget or httrack. But for those that like direct links from this site, here they are: Keynotes [...]
The number of information security events in North America is finally slowing down. This month there are only two events going on: Information Security Decisions Conference: November 5-6 CSI 2008: November 15-21 But there are a ton of other information security events around the world going on: OWASP EU Summit 2008: November 4-7 in Portugal [...]
The presentations from ToorCon X are now available to download on the ToorCon X Conference page. Below are direct links to the presentations. Hour Presentations Black Ops of DNS 2008: Its The End Of The Cache As We Know It by Dan Kaminsky How To Impress Girls With Browser Memory Protection Bypasses by Alexander Sotirov [...]
Starting this month, Microsoft will be providing exploitability information about their patches to everyone. The Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. This index provides customers with guidance on the likelihood of functioning exploit code being developed for vulnerabilities addressed by Microsoft [...]
There have been lots of buzz recently on new Elcomsoft software that utilizes Nvidia GPUs to crack WPA and WPA2 keys. The use of Nvidia GPUs result in cracking the keys 100 times faster! Lots of media picked up on this story, from Slashdot to Gizmodo to The Register. Unfortunately, none of the reporters did [...]
NIST continues to release good guidelines on security. Within the last month, they released three new special publications, and updated three special publications. New Releases SP 800-115 – Technical Guide to Information Security Testing and Assessment SP 800-121 – Guide to Bluetooth Security SP 800-124 – Guidelines on Cell Phone and PDA Security Updated SP [...]
For those that weren’t able to attend the OWASP NYC Appsec 2008 Conference, the video from all the presentations are now online! Intro OWASP 3.0 – Who We Are And How We Got Here by The OWASP Foundation Track 1 Analysis Of The Web Hacking Incident Database by Ofer Shezaf HTTP Bot Research by Steven [...]
This year we weren’t able to attend the annual OWASP AppSec conference. But Josh from the Web Admin Blog attended and did an amazing job at live blogging the event. Here are links to his various posts from the conference: Day 1 Keynote – OWASP AppSec NYC 2008 Web Application Security Roadmap OWASP Google Hacking [...]