The past couple of weeks have been a whirlwind of news about the events happening around Google, Microsoft and Operation Aurora. Story upon story had been published on news sites, analysis upon analysis pored over in blog posts and opinions upon opinions voiced out by security professionals around the globe. It's a bit heady to [...]
Resources: SecurityPodcasts Boxee App - ethicalhack3r.co.uk How to add this podcast series to your Boxee media center. Tools: Flash Cookie Remover 0.9 Beta Released - misec.net Just like what the title says, it removes Flash cookies as well as all info related to them. Nmap 5.20 Released - layeredsec.com The new version includes new scripting [...]
Resources: HITB eZine 'Reloaded' - Issue #001 - security-database.com Hack in the Box releases free ezine pdf. Threat Classification References Mapping Proposal - webappsec.pbworks.com A table for classifying security threats An excellent improvement to Adobe Reader security - msmvps.com You can disable Javascript and enable Enhanced Security in the latest Adobe Reader. Mapping between OWASP [...]
Resources: WASC Threat Classification to OWASP Top Ten RC1 Mapping - jeremiahgrossman.blogspot.com A table of the OWASP Top 10 in relation to the WASC list. Wireshark Network Analyzer Mind Map - mindcert.com A mind map for Wireshark OWASP O2 Platform - owasp.org O2 is a collection of open source modules to help webapp security professionals. [...]
A few quick updates to North America calendar of events: 17th Annual Network and Distributed System Security (NDSS) Symposium - February 28 - March 3 in San Diego SANS AppSec Summit - February 4-5 in San Francisco Conference feature keynotes from Michael Howard and Gary McGraw. You can use the discount code "AppSecSummit10" to get [...]
Events Related: It's the 26the Chaos Communication Congress! A roundup of recent related news to this event. The CCCs retrospect for 2009 - events.ccc.de A look back at some of the happenings in this conference 26c3 Backstage - events.ccc.de A few observations on what happens behind the curtain in this congress. The Official 26C3 Twitter [...]
The 26th Chaos Communication Congress in Berlin wrapped up recently and they've now posted the first batch of videos on their site. Links to the audio and video can be found on their wiki site and on many mirrors. Here are some of the picks we have from this event. Here Be Electric Dragons From the [...]
Here are the information security events in North America this month: Cyber Crime Conference 2010 - January 22-29 in Missouri BlackHat DC 2010 - January 31-February 3 in Virginia And here are the information security events in the other parts of the world: Financial Cryptography and Data Security 2010 - January 25-28 in Spain 1st [...]
Indian conference ClubHack has just posted the presentations for their 2009 conference. Indian IT Act 2000 vs 2009 by Rohas Nagpal Incident Handling and Log Analysis for Web Based Incidents by Manindra Kishore Revealing the Secrets: Source Code Disclosure, Techniques and Impacts by Anant Kochar Risk Based Penetration Testing by Nikhil Wagholikar (in absentia of [...]
Tools: fimap v0.7A Released - security-database.com Tool for determining local and remote file inclusion bugs in webapps updated with show-my-ip, experimental HTTP proxy support and experimental blindmode, among others. Mr-T smbenum and Firefox userprefs - ha.ckers.org An update to the Master Recon Tool was released to include both the default Firefox preferences and the smbenum of Internet [...]