hacking

Good afternoon everybody! I hope your day is going well. Sorry for the missing Bits posts on Friday and yesterday. I took Friday off and just didn't get it done yesterday. Therefore, we have quite a crop today.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is an interesting article on how Mozilla finds bugs that crash their products.
    How Mozilla finds crash bugs at Mozilla Security Blog
    Tags: ( mozilla )
  2. Here is a handy list of on-line malware scanners.
    List of Online Malware Scanners | PenTestIT
    Tags: ( tools malware scanners )
  3. The last of the three Panda challenges is up. I understand some answers have already been submitted, but you never know, they could be wrong.
    Panda Challenge: Hard Level - PandaLabs
    Tags: ( challenge )
  4. Wow. Just wow.
    I Can Has UR .htaccess File
    Tags: ( twitter )
  5. Raf's next interview. This time he talks to Mike "mckt" Bailey.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: "mckt"
    Tags: ( interviews )
  6. RSnake finds some interesting things you can do with/to wget.
    wget DNS-rebinding and Weak Intranet Port Scanning ha.ckers.org web application security lab
    Tags: ( wget )
  7. Here some information for you if you are interested in hacking your Defcon 17 badge.
    DC17 Badge Pre-Release Information - Defcon Forums
    Tags: ( defcon17 )
  8. Answers to the 2nd Panda Challenge.
    2nd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  9. Raf interviewed Mubix for the first of a series of interviews of security folk.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Mubix
    Tags: ( interview )
  10. An interesting article which brings up some good points. I would add password age to this type of consideration also, provided compensating controls are in place like lockouts as presented in the paper.
    Do Strong Web Passwords Accomplish Anything? (PDF)
    Tags: ( passwords )
  11. Inferno put together a couple things and came up with a fairly scaring attack on CRSF tokens.
    Hacking CSRF Tokens using CSS History Hack | SecureThoughts.com
    Tags: ( hacking crsf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The 5 year clock is about to start on Windows XP and Office 2003. They both are going into extended support status.
    Windows XP and Office 2003 Enter a New Phase of Support
    Tags: ( patches winxp office-2003 )
  2. If you want to continue to get updated DCERPC related detection capabilities with snort you are going to have to upgrade soon. Details inside.
    VRT: Snort 2.8.4 is nigh
    Tags: ( ids snort )
  3. Alex has put up his first blog post for Verizon Business. In it, he argues that PCI is not broken. I agree. I have never viewed PCI and a panacea for "securing" card data. Saying that PCI makes card data safe, is like saying that a seat belt makes a car safe. It helps, but doesn't guarantee anything.
    He also points us to another resource that looks interesting, the "Information Security Management Maturity Model "
    Verizon Business Security Blog >> Blog Archive >> There's nothing wrong with the PCI DSS
    Tags: ( pci )
  4. First: This post has a really nice graphical representation of the operational Internet DNS framework (attack surfaces). Second: The final report was released from the The Global DNS Security, Stability and Resiliency Symposium. It is now on my reading pile.
    >> DNS Attack Surface * Security to the Core | Arbor Networks Security
    Tags: ( dns )
  5. You have a couple patches to install if you manage a VMWare ESX installation.
    VMWare Announces New, Critical Security Updates
    Tags: ( vulnerability vmware patches )
  6. A nice list of targets you can use to test your hacking skills. There are more in the comments.
    Hacking Without All the Jailtime ha.ckers.org web application security lab
    Tags: ( hacking targets )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a description of day two of the pwn2own contest.
    TippingPoint | DVLabs | Pwn2Own Day 2
    Tags: ( pwn2own )
  2. An interesting look at an exploit generating toolkit.
    Finjan MCRC Blog 2009 - A strike for lucky - LuckySploit Toolkit Exposed
    Tags: ( exploits )
  3. Microsoft released IE8 yesterday. This article talks about some of the security features present.
    Internet Explorer 8 includes a bevy of security features
    Tags: ( ie8 )
  4. Lots of fun peaking at the inside of the Linksys router.
    Dissecting the WRT54G version 8
    Tags: ( hardware hacking )
  5. A nice rebuttal by Chris.
    Stuart King - Information Security Annoyances - Response 1 << Risktical Ramblings
    Tags: ( awareness )
  6. Ryan has a great interview of Charlie Miller, one of the winners of the pwn2own contest at CanSecWest.
    Questions for Pwn2Own hacker Charlie Miller | Zero Day | ZDNet.com
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Larry walks us through how he built his shmoocannon for 2009.
    Building of the 2009 Shmooball Cannon
    Tags: ( hacking shmoocon )
  2. Synjunkie as being mean to his Citrix server in this series.
    Syn: Abusing Citrix - Part 1
    Tags: ( citrix )
  3. An interesting article about where Richard thinks the majority of security jobs will be in the future.
    TaoSecurity: Thoughts on Technology Careers for the Next Generation
    Tags: ( career )
  4. There's a little more help available now for getting compliant with PCI requirements.
    Befuddled companies get checklist for complying with PCI security standard
    Tags: ( pci )
  5. There may be some new guidance coming for disclosure in California.
    California bill spells out what companies have to say about data breaches
    Tags: ( privacy disclosure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. If you were thinking about changing patch management software vendors, BigFix might be able to save you some cashola. Disclaimer: I do not work for or have any interest in BigFix.
    BigFix hits rivals with 50% price chop - Network World
    Tags: ( patching )
  2. Another list of top whatevers. Worth a glance.
    Defense agencies list top 20 security controls | Security - CNET News
    Tags: ( general )
  3. Surprise, surprise. Another piece of malicious software on Facebook. This is why I A) Don't user very many Facebook apps and B) don't accept requests from folks for things like "Flair" and "Drinks."
    Facebook users targeted by rogue application | Security - CNET News
    Tags: ( malware facebook )
  4. Christofer or The Hoff, as he is frequently called, has a post up that has a very good point we should all take to heart.
    Rational Survivability: Trust But Verify? That's An Oxymoron...
    Tags: ( general )
  5. Jeremiah's Top Ten Web Hacking techniques for 2008 is out.
    Jeremiah Grossman: Top Ten Web Hacking Techniques of 2008 (Official)
    Tags: ( hacking top-ten )
  6. The first of a couple of articles that will explore how the Heartland issue might have occurred. This one is a primer of empty disk space. Good stuff.
    Ascension Blog >> Don't let what Happened to Heartland Happen to You - Part One
    Tags: ( forensics )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

How to become a hacker…

by kriggins on May 16, 2008

in Tips

You may have all seen this already, but I just came across it. It's been around for a while, but I thought it was interesting. How to Become a Hacker by Eric Steven Raymond.

{ 0 comments }