June 2011
1 post
Wireshark updates close security holes
The Wireshark development team hasannounced the release of versions 1.2.17 and1.4.7 of its open source, cross-platform network protocol analyser.
According to the developers, these maintenance and security updates address multiple vulnerabilities that could, for example, cause the application to crash “by injecting a series of malformed packets onto the wire or by convincing...
December 2009
27 posts
Security threats Toolkit
How security will look in 10 years
1. Ubiquitous cloud computing.
2. ID and access management.
3. Public sector moves online.
4. The internet of things.
5. Mesh networks.
6. Mobile botnets.
7. Super-fast broadband.
8. DNSSEC.
9. IPv6.
10. Cyber warfare and industrial espionage.
Read this full article.
Untangle 7.1
Protect your Network
Untangle protects you from malicious incoming Internet threats such as viruses, spyware, hackers, identity thieves and more.
Monitor Apps & Network
Monitor online behavior at the user, client and incident level. You can see what web sites are being visited, by whom, on what system.
Control your Network
Restrict access to inappropriate sites, manage when certain...
Lynis 1.2.9
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits. What is Lynis NOT: - Not a...
Wireshark 1.2.5
Wireshark 1.2.5 (stable) has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code is now available. This release fixes several security-related vulnerabilities. See the advisory for details.
Read more about this tool.
Multiple Cisco WebEx WRF Player Vulnerabilities
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user.
The Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line ...
US drones hacked by Iraqi insurgents
• $26 (£16) software let militants view potential targets • American official says flaw was identified and fixed
nsurgents in Iraq used software such as Skygrabber to hack into American drones. Photograph: Ethan Miller/Getty
One of America’s most sophisticated weapons in the conflicts in Iraq, Afghanistan and Pakistan, the unmanned drone, has been successfully penetrated by insurgents...
Android Forensics
The Android mobile platform has generated wide support in the cell phone and mobile device market and is growing each day. However, there is very little research and even fewer experts in this emerging technology. viaForensics has performed extensive research and development and will soon release a book on Android Forensics. Download our Android Forensics Presentation presented at Mobile...
Jobs for hackers
A couple of months ago, the US Dept of Homeland Security announced they wanted to recruit 1,000 cyber security professionals over the next three years. The process has started.
DHS is specifically seeking expertise in: * Cyber Incident Response * Vulnerability Detection and Assessment * Networks and Systems Engineering * Cyber Risk and Strategic Analysis * Intelligence and...
Israeli Security Opens Fire on a MacBook
The Israeli border security didn’t take too kindly to Apple’s latest notebook, firing three rounds into the unibody MacBook.
Here are some other pictures of the damage to the Unibody MacBook.
Read this full article.
Hackers Brew Self-Destruct Code to Counter Police...
Detect and Eliminate Computer Assisted Forensics
DECAF is a counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world.
DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications. Upon finding the presence of COFEE, DECAF performs numerous user-defined processes;...
Prevent web application hacking
ModSecurity is a module running on Apache and based on a Linux server that will help users overcome the security threats prevalent in the online world. It is a web application firewall that can work either as an embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
...
Nook Torn Open, Hacked, Rooted
Barnes & Noble’s Android-based Nook e-reader has been hacked and ‘rooted’ (root, or full system access, has been obtained). A loose team of hackers reported the work on their wiki, Nook Devs.
If you tear open a Nook (which the team has done) you’ll find that the Android operating system is contained on a microSD card (separate from the microSD expansion slot). From here, it’s a simple matter...
Active support for MySQL 5.0 is running out
My SQL 5.0 was originally introduced more than four years ago and active support will end on the 31st of December this year. After that day, version 5 of Sun Microsystem’s open source relational database management system (RDBMS) will no longer be under active development and updated binary packages will not be provided.
From the 1st of January, 2010, MySQL 5.0 will fall under Sun’s...
AFICK (Another File Integrity Checker)
Afick is a security tool, very close from the well known tripwire. It allows to monitor the changes on your files systems, and so can detect intrusions. It’s designed to be quick and portable. For now, it has been tested on
Windows XP, 2000 with ActiveState’s ActivePerl
Linux RedHat (7.1, 7.3)
Linux Fedora core (1, 6, 7)
Linux mandrake (8.2, 9.1, 9.2, 2005, 2006, 2007,...
Hyenae v0.30-1 (Win32)
Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
Read more about this tool.
Nipper v1.1 released
Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper currently supports Cisco IOS, PIX, ASA, FWSM, NMP, CatOS and Juniper NetScreen devices.
Read more about this tool.
sambascan2 v0.4.2 released - scanning por SMB...
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds.
}
Download SambaScan here.
Matriux
The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It...
Writing secure code
Whether you are writing a PHP snippet or an entire module, it is important to keep your code secure.
Use check functions on output to prevent cross site scripting attacks
No piece of user-submitted content should ever be placed as-is into HTML.
Use check_plain or theme(‘placeholder’) for plain text.
Use check_markup or filter_xss for markup containing text.
Use the t() function...
inSSIDer - Wi-Fi network scanner For Windows
Use Windows Vista and Windows XP 64-bit.
Uses the Native Wi-Fi API.
Group by Mac Address, SSID, Channel, RSSI and “Time Last Seen.”
Compatible with most GPS devices (NMEA v2.3 and higher).
How can inSSIDer help me?
Inspect your WLAN and surrounding networks to troubleshoot competing access points.
Track the strength of received signal in dBm over time.
Filter access points in an easy...
“Elcomsoft’s Distributed Password Recovery (EDPR) tool that can crack WPA...”
– http://www.linuxexposed.com/content/view/202/54/
FreeBSD based firewall m0n0wall 1.3 final released
m0n0wall 1.3 is “now good enough for production” after three years in beta. m0n0wall 1.3 is now based on a “bare-bones version” of FreeBSD 6.4 and incorporates a web server and PHP to provide web access to the firewall functionality, keeping it’s entire system configuration in a single XML text file for transparency. m0n0wall 1.3 includes support for IPv6, IPsec...
Free database firewall protects PostgreSQL and...
Version 1.2 of GreenSQL is now able to protect PostgreSQL as well as MySQL. GreenSQL is designed to protect databases against SQL injection attacks and other unauthorised changes, in a similar fashion to a firewall protecting a network against TCP/IP outside attacks. The new version also provides a graphical user interface for monitoring the database firewall.
10 reasons to use GreenSQL
1....
Turbodiff v1.01
What is turbodiff?
Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
Requirements
“Turbodiff 1.01 beta release 1” works with IDA starting from v5.0.
You can download Turbodiff here:
IDA PRO v4.9 Sources and plugin (Free version) IDA starting with version v5 Sources and plugin
Or...
Katana - Portable Multi-Boot Security Suite
Katana v1.0 (Kyuzo)
Is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana includes the following distributions:
-...
November 2009
10 posts
World's fastest supercomputer
Cray has finally clawed IBM back from the lead position on the Top500 Supercomputer chip-measuring contest. After just missing out on the title to IBM’s Roadrunner last year, Cray’s XT5 supercomputer (aka, Jaguar) at Oak Ridge National Lab in Tennessee received an update from quad- to six-core Opteron processors to boast a 2.3 petaflop per second performance peak (theoretical) and...
Inside the Security Operations Center
Every day, the experts at Symantec’s Security Operations Center discover 200 dangerous attacks on the networks of the center’s large corporate customers and notify the affected customers within ten minutes. However, this doesn’t mean these networks become immune.
Working in daylight: The new European SOC is located in a normal office building - previously, the experts had to...
Vulnerability in the GIMP image editing tool
According to security services provide Secunia, a vulnerability in the free image editing tool GIMP (GNU Image Manipulation Program) can potentially be exploited to compromise a users system. The vulnerability, rated by Secunia as moderately critical, occurs when processing specially crafted BMP images within the ReadImage() function in plug-ins/file-bmp/bmp-read.c causing an integer overflow that...
Data Theft and Loss - It's Inevitable So Just Be...
We amuse ourselves with stories of laptops, backup tapes and flash drives containing sensitive information being lost or stolen. We ask ourselves how people can be so careless and negligent with such sensitive information. However, the truth is that stories like this will continue to happen, even when top secret information is at stake (see this recent story about a US army data leak, and this...
SSLv3 / TLS Man in the Middle vulnerability -...
After some in-house tests, we can confirm that the vulnerability presented at http://www.extendedsubset.com/ indeed real and should pose a significant threat to most. The vulnerability has been discovered by “Marsh Ray”. Details: Protocol and attack flow graph
White paper about the attack
Cumulated data and proof of concept code
Source.
New Honeypot Mimics The Web Vulnerabilities...
New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they’re looking for
A next-generation Web server honeypot project is under way that poses as Web servers with thousands of vulnerabilities in order to gather firsthand data from real attacks targeting Websites.
Unlike other Web honeypots, the new open-source Glastopf tool...
DebConf 10 New York dates confirmed
The next Debian Conference (DebConf) will take place from the 1st to the 7th of August, 2010 in New York City. The tenth annual DebConf event will be held in Columbia University’s Morningside Heights campus and include coding parties, workshops and various discussions. Featured speakers for the event, however, have yet to be confirmed.
Debian Camp (DebCamp) is a smaller, less formal event...
The return of the worm
Microsoft’s Security Intelligence Report 2009, phishing and worm infections both rose in the first half of 2009. In particular, the company reports a significant increase in the number of phishing attacks on web-based social networks. Between January and June of this year, phishers are reported to have widened their attacks to capture access data for gaming websites, portals and the websites...
Mossad Hacked Syrian Official’s Computer Before...
Agents of Israel’s Mossad intelligence service hacked into the computer of a senior Syrian government official a year before Israel bombed a facility in Syria in 2007, according to Der Spiegel.
The intelligence agents planted a Trojan horse on the official’s computer in late 2006 while he was staying at a hotel in the Kensington district of London, the German newspaper reported Monday in an...
October 2009
77 posts
KDE multiple security vulnerabilities
Description: Crossaplication scripting in Ark, protocol URI handlers, KMail.
Affected:
KDE 4.3
Original document:
[oCERT-2009-015] KDE multiple issues
VMWare multiple security vulnerabilities
Description: Privilege escalation in guest system. Directory traversal on access from guest to host system.
Affected:
VMware Server 1.0
VMware ESXi 3.5
VMware ESX 3.5
VMware Workstation 6.5
VMware Player 2.5
VMware ACE 2.5
VMware Server 2.0
VMware Fusion 2.0
VMware ESXi 4.0
VMware ESX 4.0
Original document:
Invalid #PF Exception Code in VMware can result in Guest Privilege...
BlackBerry spyware alert
BlackBerry users are advised to think twice about lending their devices to others for the time being. The US-CERT has issued an official warning about a recently released, freely available spyware program that turns BlackBerry phones into listening devices. Once the program, called PhoneSnoop, has been installed on the phone to be bugged, a simple call from a predefined trigger phone number is...
US Department of Defense memo opens door to open...
A new memorandum currently being circulated within the US Department of Defense has clarified the US military’s position on the use of open source; it’s for it. The memorandum was created to resolve issues with a 2003 memorandum which had given some the impression that open source could be locked out of DoD use.
The new policy, written by David M. Weggeren, DoD Deputy Chief...
More On Metasploit Meterpreter & Timestomp
timestomp has a few other options worth discussing, notably setting MACE times from a file or individually setting attributes or setting all four attributes at once to a MACE time of your choosing.
meterpreter > timestomp
Usage: timestomp file_path OPTIONS
OPTIONS: -a Set the “last accessed” time of the file -b Set the MACE timestamps so that...
Ubuntu 9.10 (Karmic Koala)
Download Ubuntu 9.10 NOW!!!!!
http://noncdn.releases.ubuntu.com//releases/9.10/
enjoy :P
Yokoso! – Web Infrastructure Fingerprinting &...
Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question.
We will creating JavaScript and Flash objects that are able to...
Mid-Missouri nuclear plant still using dial-up...
FULTON, Mo. | Many homes and businesses have long since upgraded to broadband Internet, and the Nuclear Regulatory Commission wants nuclear plants in Missouri and elsewhere to do the same.
KMOX Radio in St. Louis on Monday cited an NRC memo to AmerenUE and other nuclear plants urging the upgrade. The move would be voluntary, but regulators called dial-up obsolete.
Ameren spokesman Tim Fox said...
I Can Haz Virus
I forget who, but some wiseguy stuck a link to site (www.vivilan.cn - not linkified so Google doesn’t mark me as evil) on his Facebook wall, which reminded me of one reason I love Firefox (and Linux): security! See, the site is actually a redirect to another site, which is a redirect to another site which tries to show you a fake Windows interface telling you your computer has several...
Web Application Security Statistics
Purpose
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent...
Metasploit JSP Shells
Stephen Fewer has pushed up a jsp reverse and jsp bind shell.
http://dev.metasploit.com/redmine/projects/framework/repository/show/modules/payloads/singles/java
I’m not sure of all the ways to use them but the easiest way is to just output the shell to raw and just upload it to a web server or for an example with an exploit check out the adobe robohelp exploit. ...
Exclusive: U.S. Spies Buy Stake in Firm That...
America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon.
In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at...